INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: ....

Gareth list-mailscanner at linguaphone.com
Wed Oct 31 10:26:38 GMT 2007 

The fault is equivilent to scanning mail with the
--no-phishing-restrictedscan clamscan option. The update to mailscanner
disabled this option as the author of the clamavmodule made an error and
had this option enabled as the default option.

I am not 100% sure whether the mailscanner fix came out in 4.62 or 4.63
but I believe it was the latter.

On Wed, 2007-10-31 at 10:11, Quentin Campbell wrote:
> Gareth
> 
> If that is the problem is does not account for why I only see it on 2
> out of 8 otherwise identical MX hosts, all running with the same version
> of MS, ClamAV-Module, ndb files in /usr/local/share/clamav, etc.
> 
> I will install the latest BETA version of MS on one of the 2 machines
> and see what happens.
> 
> Thanks
> 
> Quentin
> 
> >-----Original Message-----
> >From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> >bounces at lists.mailscanner.info] On Behalf Of Gareth
> >Sent: 31 October 2007 09:23
> >To: MailScanner discussion
> >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: ....
> >
> >Its caused by a new feature in clamav with an incorrect default
> setting.
> >You need to either update MailScanner to include the new scanning
> option
> >or switch to clamd.
> >
> >On Wed, 2007-10-31 at 08:22, Quentin Campbell wrote:
> >> I am running eight mail gateways with MailScanner-4.62.9-2 using
> >'clamavmodule' (Mail-ClamAV-0.20 & ClamAV 0.91.2).
> >>
> >> However only seeing "INFECTED::
> >Phishing.Heuristics.Email.SpoofedDomain::" on two of them and many of
> >these look like false positives.
> >>
> >> Cannot see why only two systems doing this as all eight gateways are
> >equal preference MX hosts for our domains and share the same type of
> >mail traffic.
> >>
> >> Any pointers to where else I might look would be appreciated.
> >>
> >> Thanks
> >>
> >> Quentin
> >> ---
> >> PHONE: +44 191 222 8209    Information Systems and Services (ISS),
> >>                            Newcastle University,
> >>                            Newcastle upon Tyne,
> >> FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
> >>
> ----------------------------------------------------------------------
> >--
> >
> >--
> >MailScanner mailing list
> >mailscanner at lists.mailscanner.info
> >http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> >Before posting, read http://wiki.mailscanner.info/posting
> >
> >Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list