Phishing RBL?

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Sun Oct 16 02:44:30 IST 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ugo Bellavance wrote:
> Glenn Steen wrote:
>> On 14/10/05, Denis Beauchemin <Denis.Beauchemin at> wrote:
>> (snip)
>>> Just enabled ClamAV on my servers.  About 5 minutes later I saw this
>>> message:
>>> ClamAVModule::INFECTED:: Exploit.HTML.IFrame::
>>> ./j9EFjc3L008255/msg-4991-81.html
>>> Then I remembered why I disabled Clam...  I cannot block all emails 
>>> with
>>> IFrames...
>>> There seems to be the --no-html flag.  I enabled it in clamav-wrapper.
>>> We'll see if it does what I hope (couldn't find much info about this).
>>> Had to switch from clamavmodule to clamav, though...
>> I might be completely wrong, but.... I *don't* use that flag, and it
>> only catches really bad iframes... Not like the MS thing that catch
>> *all* ...So far at least.
>> Did you check that the IFrame in question wasn't malicious?
> I agree, I don't think it catches all IFRAMEs...
OK, then can someone point me to some documentation about that feature?


PS: I think it was malicious (it was part of an infected email)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list