ClamAVModule::INFECTED:: Phishing.Heuristics.Email.SpoofedDomain
Scott Silva
ssilva at sgvwater.com
Thu Oct 1 23:49:31 IST 2009
on 10-1-2009 3:26 PM donald.dawson at bakerbotts.com spake the following:
> We are running MS 4.75.11 (soon to upgrade to interesting new 4.78.17
> version). We installed clam via the MS tar ball. Clam is our only AV
> and is called by MS via /usr/lib/MailScanner/clamav-wrapper.
>
> We have been getting FPs on some newsletters due to Phishing Heuristics
> in clam. We also found that MS does not appear to use a clamd.conf or
> freshclam.conf file. To get around the FP Phishing Heuristics problem,
> we modified the clamav-wrapper to turn off heuristic url scans (line 152
> added in clamav-wrapper script):
>
> ExtraScanOptions="$ExtraScanOptions --phishing-scan-urls=no"
>
> I would rather not edit the delivered MS script. Is there a clam config
> file used by MS?
>
> Where would I put the '--phishing-scan-urls=no' option?
>
> Lastly, is it preferable to install clamav, clamav-db and clamd RPMs
> versus letting MS load clamscan for every email?
>
> ...from the tarball clam/SA install.sh script:
>
> echo 'There are 2 recommended ways of installing ClamAV, depending on'
> echo 'various factors.'
> echo 'If you want to use MailScanners support for Clamd (virus-scanning'
> echo 'daemon) then I recommend you cancel this script now (press Ctrl-C)'
> echo 'and install the RPMs for clamav, clamav-db and clamd from'
> echo ' _http://packages.sw.be/clamav/_'
> echo 'Then re-run this script and tell me that clamscan is installed in'
> echo '/usr/bin. This will set up your virus.scanners.conf file for you.'
> echo
> echo 'Otherwise you probably want me to install ClamAV now. So answer y.'
>
> Jules - thank you for a great product!
>
The most efficient way is to run clamd. There is a smaller memory footprint,
and you can update clam as soon as it comes out instead of waiting for the
perl module to be updated.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20091001/d3145c8e/signature.bin
More information about the MailScanner
mailing list