Block Postive Phishing Frauds

Peter Peters P.G.M.Peters at
Thu Aug 24 10:39:55 IST 2006

Hash: SHA1

Jim Holland wrote on 24-8-2006 8:26:
> On Thu, 24 Aug 2006, Peter Russell wrote:
>> Yeah i would be happy to stop those 3 entirely. I guess i need to write 
>> an SA rule? But one that only catch positive phishing frauds on these 
>> topics?
> Don't forget that ClamAV identifies well-known phishing frauds and those 
> are blocked as if they were viruses. Overnight I see it has caught the 
> following on our server:
> 4   ClamAV:  HTML.Phishing.Bank-491
> 2   ClamAV:  HTML.Phishing.Pay-178
> 2   ClamAV:  HTML.Phishing.Bank-503
> 1   ClamAV:  HTML.Phishing.Pay-94
> 1   ClamAV:  HTML.Phishing.Pay-201
> 1   ClamAV:  HTML.Phishing.Card-32
> 1   ClamAV:  HTML.Phishing.Bank-496
> 1   ClamAV:  HTML.Phishing.Bank-471
> 1   ClamAV:  HTML.Phishing.Bank-213

I had to put "Phishing" in "Non-Forging Viruses" (Don't ask me why). It
turns out the phishing spam is forwarded like they should (silent
viruses are deleted) but I have ha d a few situation where I get a
message stating the "entire message" was quarantined. But it wasn't.

I am currently running MS version 4.52.2 and plan to update sometime
next week. I'll have a look whether this quarantine problem is still
present in that version.

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383,
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla -


More information about the MailScanner mailing list