Email.Phishing.RB-3083 tripping FPs

dnsadmin 1bigthink.com dnsadmin at 1bigthink.com
Fri Mar 21 18:17:00 GMT 2008


Hello Bobby,

Okay, since I've run into this problem, I decided to upgrade, but I 
can only do that to one server at a time and verify each one. I've 
upgraded one to install-Clam-0.92.1-SA-3.2.4.tar.gz. My other two 
have install-Clam-0.91.1-SA-3.2.1.tar.gz installed All MailScanner 
4.65.3 by rpm install. Using clamavmodule on all.

Now I've decided I really need to understand better what is happening.

Where are my virus definitions? I ran freshclam. It said it updated, 
but I go to look for main.cvd and daily.cvd and they aren't there; 
anywhere! What am I missing? I thought I understood this setup, but 
apparently not?

Thanks,
Glenn Parsons


Thanks,
Glenn Parsons

At 01:02 PM 3/21/2008, you wrote:

>You shouldn't need to update ClamAV, just the virus definitions.  If you
>manually run freshclam, then you'll get the latest defs at that point in
>time.
>
>-----Original Message-----
>From: mailscanner-bounces at lists.mailscanner.info
>[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
>dnsadmin 1bigthink.com
>Sent: Friday, March 21, 2008 12:35 PM
>To: MailScanner discussion
>Subject: RE: Email.Phishing.RB-3083 tripping FPs
>
>Hello All,
>
>Thanks Bobby! Yep. Must have been deprecated. I'm running version
>0.91.2 and freshclam recommends 0.92.1.
>
>Looks like I'll be installing Julian's updated RPM today.
>
>Thanks,
>Glenn
>
>At 12:03 PM 3/21/2008, you wrote:
>
> >Run freshclam because they must have pulled it because I don't have it.
> >I have Email.Phishing.RB-3082 and Email.Phishing.RB-3084 but not
> >Email.Phishing.RB-3083 and freshclam says I'm current.
> >
> >-----Original Message-----
> >From: mailscanner-bounces at lists.mailscanner.info
> >[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Rose,
> >Bobby
> >Sent: Friday, March 21, 2008 11:36 AM
> >To: MailScanner discussion
> >Subject: RE: Email.Phishing.RB-3083 tripping FPs
> >
> >What clamav signature file is that from?  I don't see it in any of mine
>
> >including the sanesecurity ones.
> >
> >-----Original Message-----
> >From: mailscanner-bounces at lists.mailscanner.info
> >[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> >dnsadmin 1bigthink.com
> >Sent: Friday, March 21, 2008 11:15 AM
> >To: MailScanner mailing list
> >Subject: Email.Phishing.RB-3083 tripping FPs
> >
> >Hello All,
> >
> >Having problems with this one particular Phishing rule deleting off
> >email. I thought that this mail would be quarantined, but it is not.
> >I've not revisited my rules to figure why it is being deleted.. doing
> >that now.
> >
> >However, this phishing rule is tagging way too many emails from valid
> >users (most of which are from and to domain users, but not all).
> >
> > >The following e-mails were found to have: Virus Detected
> > >
> > >     Sender: someone at mydomain.com
> > >IP Address: 69.250.4.68
> > >  Recipient: someoneelse at mydomian.com
> > >    Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We
> > >received your Compete-At inqu...
> > >  MessageID: m2KN5TCt032450
> > >Quarantine: /var/spool/mqueue.arc
> > >     Report: ClamAVModule:  message was infected:
> > >Email.Phishing.RB-3083
> > >
> > >Full headers are:
> >
> >Any suggestions on how to deal with this one phishing rule? None of the
>
> >others trigger FPs.
> >
> >Thanks,
> >Glenn
> >
> >
> >--
> >No virus found in this outgoing message.
> >Checked by AVG.
> >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date:
> >3/20/2008 8:10 PM
> >
> >
> >
> >--
> >This message has been scanned for viruses and dangerous content by
> >MailScanner, and is believed to be clean.
> >
> >--
> >MailScanner mailing list
> >mailscanner at lists.mailscanner.info
> >http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> >Before posting, read http://wiki.mailscanner.info/posting
> >
> >Support MailScanner development - buy the book off the website!
> >
> >--
> >MailScanner mailing list
> >mailscanner at lists.mailscanner.info
> >http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> >Before posting, read http://wiki.mailscanner.info/posting
> >
> >Support MailScanner development - buy the book off the website!
> >
> >--
> >MailScanner mailing list
> >mailscanner at lists.mailscanner.info
> >http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> >Before posting, read http://wiki.mailscanner.info/posting
> >
> >Support MailScanner development - buy the book off the website!
> >
> >--
> >This message has been scanned for viruses and dangerous content by
> >MailScanner, and is believed to be clean.
> >
> >
> >
> >--
> >No virus found in this incoming message.
> >Checked by AVG.
> >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date:
> >3/20/2008 8:10 PM
> >
> >
> >
> >
> >--
> >No virus found in this incoming message.
> >Checked by AVG.
> >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date:
> >3/20/2008 8:10 PM
>
>
>--
>No virus found in this outgoing message.
>Checked by AVG.
>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date:
>3/20/2008 8:10 PM
>
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!
>
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG.
>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 
>3/20/2008 8:10 PM
>
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG.
>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 
>3/20/2008 8:10 PM


-- 
No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list