Phishing RBL?
Ugo Bellavance
ugob at CAMO-ROUTE.COM
Sat Oct 15 22:38:01 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Glenn Steen wrote:
> On 14/10/05, Denis Beauchemin <Denis.Beauchemin at usherbrooke.ca> wrote:
> (snip)
>> Just enabled ClamAV on my servers. About 5 minutes later I saw this
>> message:
>> ClamAVModule::INFECTED:: Exploit.HTML.IFrame::
>> ./j9EFjc3L008255/msg-4991-81.html
>>
>> Then I remembered why I disabled Clam... I cannot block all emails with
>> IFrames...
>>
>> There seems to be the --no-html flag. I enabled it in clamav-wrapper.
>> We'll see if it does what I hope (couldn't find much info about this).
>>
>> Had to switch from clamavmodule to clamav, though...
>
> I might be completely wrong, but.... I *don't* use that flag, and it
> only catches really bad iframes... Not like the MS thing that catch
> *all* ...So far at least.
> Did you check that the IFrame in question wasn't malicious?
I agree, I don't think it catches all IFRAMEs...
>
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
>
--
Ugo
-> Please don't send a copy of your reply by e-mail. I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the
irrelevant parts in your replies.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list