INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: ....
Gareth
list-mailscanner at linguaphone.com
Wed Oct 31 11:47:39 GMT 2007
Yes that looks better. It should now be looking for spoofed domains from
certain domains only and not all. I get about 2 of these hits in approx
500 spams a day so some hits are normal.
On Wed, 2007-10-31 at 11:28, Quentin Campbell wrote:
> Gareth
>
> I have upgraded to MS BETA 4.65.1-1 one of the 2 hosts that were
> generating the "INFECTED:: Phishing.Heuristics.Email.SpoofedDomain::
> ...." records.
>
> In place of the
>
> Oct 31 10:12:37 cheviot2 MailScanner[31346]: INFECTED::
> Phishing.Heuristics.Email.SpoofedDomain:: ./l9VACFW4011070/
>
> records I now get (although fewer of them so far)
>
> Oct 31 11:01:16 cheviot2 MailScanner[18379]: ClamAV Module::INFECTED::
> Phishing.Heuristics.Email.SpoofedDomain:: ./l9VB0vFK005532/
>
> records. I assume this means that I am getting far fewer false positives
> now?
>
> Quentin
>
> >-----Original Message-----
> >From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> >bounces at lists.mailscanner.info] On Behalf Of Gareth
> >Sent: 31 October 2007 10:27
> >To: MailScanner discussion
> >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: ....
> >
> >The fault is equivilent to scanning mail with the
> >--no-phishing-restrictedscan clamscan option. The update to mailscanner
> >disabled this option as the author of the clamavmodule made an error
> and
> >had this option enabled as the default option.
> >
> >I am not 100% sure whether the mailscanner fix came out in 4.62 or 4.63
> >but I believe it was the latter.
> >
> >On Wed, 2007-10-31 at 10:11, Quentin Campbell wrote:
> >> Gareth
> >>
> >> If that is the problem is does not account for why I only see it on 2
> >> out of 8 otherwise identical MX hosts, all running with the same
> >version
> >> of MS, ClamAV-Module, ndb files in /usr/local/share/clamav, etc.
> >>
> >> I will install the latest BETA version of MS on one of the 2 machines
> >> and see what happens.
> >>
> >> Thanks
> >>
> >> Quentin
> >>
> >> >-----Original Message-----
> >> >From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-
> >> >bounces at lists.mailscanner.info] On Behalf Of Gareth
> >> >Sent: 31 October 2007 09:23
> >> >To: MailScanner discussion
> >> >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain::
> >....
> >> >
> >> >Its caused by a new feature in clamav with an incorrect default
> >> setting.
> >> >You need to either update MailScanner to include the new scanning
> >> option
> >> >or switch to clamd.
> >> >
> >> >On Wed, 2007-10-31 at 08:22, Quentin Campbell wrote:
> >> >> I am running eight mail gateways with MailScanner-4.62.9-2 using
> >> >'clamavmodule' (Mail-ClamAV-0.20 & ClamAV 0.91.2).
> >> >>
> >> >> However only seeing "INFECTED::
> >> >Phishing.Heuristics.Email.SpoofedDomain::" on two of them and many
> of
> >> >these look like false positives.
> >> >>
> >> >> Cannot see why only two systems doing this as all eight gateways
> >are
> >> >equal preference MX hosts for our domains and share the same type of
> >> >mail traffic.
> >> >>
> >> >> Any pointers to where else I might look would be appreciated.
> >> >>
> >> >> Thanks
> >> >>
> >> >> Quentin
> >> >> ---
> >> >> PHONE: +44 191 222 8209 Information Systems and Services (ISS),
> >> >> Newcastle University,
> >> >> Newcastle upon Tyne,
> >> >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU.
> >> >>
> >>
> ----------------------------------------------------------------------
> >> >--
> >> >
> >> >--
> >> >MailScanner mailing list
> >> >mailscanner at lists.mailscanner.info
> >> >http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >
> >> >Before posting, read http://wiki.mailscanner.info/posting
> >> >
> >> >Support MailScanner development - buy the book off the website!
> >
> >--
> >MailScanner mailing list
> >mailscanner at lists.mailscanner.info
> >http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> >Before posting, read http://wiki.mailscanner.info/posting
> >
> >Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list