Email.Phishing.RB-3083 tripping FPs
Rose, Bobby
brose at med.wayne.edu
Fri Mar 21 15:35:49 GMT 2008
What clamav signature file is that from? I don't see it in any of mine
including the sanesecurity ones.
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
dnsadmin 1bigthink.com
Sent: Friday, March 21, 2008 11:15 AM
To: MailScanner mailing list
Subject: Email.Phishing.RB-3083 tripping FPs
Hello All,
Having problems with this one particular Phishing rule deleting off
email. I thought that this mail would be quarantined, but it is not.
I've not revisited my rules to figure why it is being deleted.. doing
that now.
However, this phishing rule is tagging way too many emails from valid
users (most of which are from and to domain users, but not all).
>The following e-mails were found to have: Virus Detected
>
> Sender: someone at mydomain.com
>IP Address: 69.250.4.68
> Recipient: someoneelse at mydomian.com
> Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We received
>your Compete-At inqu...
> MessageID: m2KN5TCt032450
>Quarantine: /var/spool/mqueue.arc
> Report: ClamAVModule: message was infected:
>Email.Phishing.RB-3083
>
>Full headers are:
Any suggestions on how to deal with this one phishing rule? None of the
others trigger FPs.
Thanks,
Glenn
--
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date:
3/20/2008 8:10 PM
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list