Email.Phishing.RB-3083 tripping FPs

Rose, Bobby brose at
Fri Mar 21 15:35:49 GMT 2008

What clamav signature file is that from?  I don't see it in any of mine
including the sanesecurity ones. 

-----Original Message-----
From: mailscanner-bounces at
[mailto:mailscanner-bounces at] On Behalf Of
Sent: Friday, March 21, 2008 11:15 AM
To: MailScanner mailing list
Subject: Email.Phishing.RB-3083 tripping FPs

Hello All,

Having problems with this one particular Phishing rule deleting off
email. I thought that this mail would be quarantined, but it is not. 
I've not revisited my rules to figure why it is being deleted.. doing
that now.

However, this phishing rule is tagging way too many emails from valid
users (most of which are from and to domain users, but not all).

>The following e-mails were found to have: Virus Detected
>     Sender: someone at
>IP Address:
>  Recipient: someoneelse at
>    Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We  received 
>your Compete-At inqu...
>  MessageID: m2KN5TCt032450
>Quarantine: /var/spool/mqueue.arc
>     Report: ClamAVModule:  message was infected: 
>Full headers are:

Any suggestions on how to deal with this one phishing rule? None of the
others trigger FPs.


No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date:
3/20/2008 8:10 PM

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 

More information about the MailScanner mailing list