A false positive?

[Alex Broens]

Not a MailScanner issue.
Report with pristine sample to ClamAV team.


On 8/14/2009 11:35 PM, Robert Lopez wrote:
> The following looks to me as if it is a report of false positive. Does
> anyone disagree?
> If it is a false positive what should I do to avoid more like it?
> 
>> The following e-mails were found to have: Virus Detected
>>
>>     Sender: daily_headlines at ms3.lga2.nytimes.com
>> IP Address: 199.239.138.82
>>  Recipient: xxxxxxxxxx4 at cnm.edu
>>    Subject: Today's Headlines: New Screening Could Lead to More Potent Cancer Drugs
>>  MessageID: 0ED79A2E.A6D89
>> Quarantine:
>>     Report: Clamd:  message was infected: Phishing.Heuristics.Email.SpoofedDomain
>>
>> Full headers are:
>>
>>  Received: from content120c.lga2.nytimes.com
>>         (content120c.lga2.nytimes.com [199.239.138.82])
>>  	by mg05.cnm.edu (Postfix) with ESMTP id 0ED79A2E
>>  	for <xxxxxxxxxx4 at cnm.edu>; Fri, 14 Aug 2009 03:05:09 -0600 (MDT)
>>
>>  Received: by content120c.lga2.nytimes.com (PowerMTA(TM) v3.5r3) id hgkkc00ho985 for
>> <xxxxxxxxxx4 at cnm.edu>; Fri, 14 Aug 2009 05:04:39 -0400 (envelope-from
>> <daily_headlines at ms3.lga2.nytimes.com>)
>>
>>  From: NYTimes.com <nytdirect at nytimes.com>
>>  Reply-To: nytdirect at nytimes.com
>>  Date: Fri, 14 Aug 2009 05:04:44 -0400
>>  To: xxxxxxxxxx4 at cnm.edu
>>  X-job: TH-20090814
>>  Subject:  Today's Headlines: New Screening Could Lead to More Potent Cancer Drugs
>>  Content-Type: text/html; charset=iso-8859-1
>>  Mime-version: 1.0
>>  Message-Id: <20090814090510.0ED79A2E at mg05.cnm.edu>
>>
>>
>> --
>> MailScanner
>> Email Virus Scanner
>> www.mailscanner.info
>>
>> --
>> This message has been scanned for viruses and dangerous content by MailScanner,
>> and is believed to be clean.
>