Email.Phishing.RB-3083 tripping FPs
dnsadmin 1bigthink.com
dnsadmin at 1bigthink.com
Fri Mar 21 15:14:57 GMT 2008
Hello All,
Having problems with this one particular Phishing rule deleting off
email. I thought that this mail would be quarantined, but it is not.
I've not revisited my rules to figure why it is being deleted.. doing that now.
However, this phishing rule is tagging way too many emails from valid
users (most of which are from and to domain users, but not all).
>The following e-mails were found to have: Virus Detected
>
> Sender: someone at mydomain.com
>IP Address: 69.250.4.68
> Recipient: someoneelse at mydomian.com
> Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We
> received your Compete-At inqu...
> MessageID: m2KN5TCt032450
>Quarantine: /var/spool/mqueue.arc
> Report: ClamAVModule: message was infected: Email.Phishing.RB-3083
>
>Full headers are:
Any suggestions on how to deal with this one phishing rule? None of
the others trigger FPs.
Thanks,
Glenn
--
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list