Block Postive Phishing Frauds
Peter Peters
P.G.M.Peters at utwente.nl
Thu Aug 24 10:39:55 IST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jim Holland wrote on 24-8-2006 8:26:
> On Thu, 24 Aug 2006, Peter Russell wrote:
>
>> Yeah i would be happy to stop those 3 entirely. I guess i need to write
>> an SA rule? But one that only catch positive phishing frauds on these
>> topics?
>
> Don't forget that ClamAV identifies well-known phishing frauds and those
> are blocked as if they were viruses. Overnight I see it has caught the
> following on our server:
>
> 4 ClamAV: HTML.Phishing.Bank-491
> 2 ClamAV: HTML.Phishing.Pay-178
> 2 ClamAV: HTML.Phishing.Bank-503
> 1 ClamAV: HTML.Phishing.Pay-94
> 1 ClamAV: HTML.Phishing.Pay-201
> 1 ClamAV: HTML.Phishing.Card-32
> 1 ClamAV: HTML.Phishing.Bank-496
> 1 ClamAV: HTML.Phishing.Bank-471
> 1 ClamAV: HTML.Phishing.Bank-213
I had to put "Phishing" in "Non-Forging Viruses" (Don't ask me why). It
turns out the phishing spam is forwarded like they should (silent
viruses are deleted) but I have ha d a few situation where I get a
message stating the "entire message" was quarantined. But it wasn't.
I am currently running MS version 4.52.2 and plan to update sometime
next week. I'll have a look whether this quarantine problem is still
present in that version.
- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE7XPrelLo80lrIdIRAuGoAKCh/c1PvcqJbDdo3tuGrQFPbfKFpgCghf0j
B1Db8v1Ql0YxyFJLBm2/+rA=
=KUBg
-----END PGP SIGNATURE-----
More information about the MailScanner
mailing list