Email.Phishing.RB-3083 tripping FPs
dnsadmin 1bigthink.com
dnsadmin at 1bigthink.com
Fri Mar 21 16:31:44 GMT 2008
Hello All,
Nothing exotic here. MailScanner 4.65.3 with default clamav module
and default clamav settings from Julian's RPM install.
Thanks,
Glenn Parsons
At 11:35 AM 3/21/2008, you wrote:
>What clamav signature file is that from? I don't see it in any of mine
>including the sanesecurity ones.
>
>-----Original Message-----
>From: mailscanner-bounces at lists.mailscanner.info
>[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
>dnsadmin 1bigthink.com
>Sent: Friday, March 21, 2008 11:15 AM
>To: MailScanner mailing list
>Subject: Email.Phishing.RB-3083 tripping FPs
>
>Hello All,
>
>Having problems with this one particular Phishing rule deleting off
>email. I thought that this mail would be quarantined, but it is not.
>I've not revisited my rules to figure why it is being deleted.. doing
>that now.
>
>However, this phishing rule is tagging way too many emails from valid
>users (most of which are from and to domain users, but not all).
>
> >The following e-mails were found to have: Virus Detected
> >
> > Sender: someone at mydomain.com
> >IP Address: 69.250.4.68
> > Recipient: someoneelse at mydomian.com
> > Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We received
> >your Compete-At inqu...
> > MessageID: m2KN5TCt032450
> >Quarantine: /var/spool/mqueue.arc
> > Report: ClamAVModule: message was infected:
> >Email.Phishing.RB-3083
> >
> >Full headers are:
>
>Any suggestions on how to deal with this one phishing rule? None of the
>others trigger FPs.
>
>Thanks,
>Glenn
>
>
>--
>No virus found in this outgoing message.
>Checked by AVG.
>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date:
>3/20/2008 8:10 PM
>
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!
>
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG.
>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date:
>3/20/2008 8:10 PM
>
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG.
>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date:
>3/20/2008 8:10 PM
--
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list