ClamAVModule::INFECTED:: Phishing.Heuristics.Email.SpoofedDomain

Jules Field MailScanner at ecs.soton.ac.uk
Fri Oct 2 08:35:14 IST 2009


As you are clearly trying to use a new feature ("Spam-Virus"es) that I 
just introduced, I think you will find all your problems are solved 
using the new "Spam-Virus" feature in 4.78.

On 01/10/2009 23:26, donald.dawson at bakerbotts.com wrote:
>
> We are running MS 4.75.11 (soon to upgrade to interesting new 4.78.17 
> version).  We installed clam via the MS tar ball.  Clam is our only AV 
> and is called by MS via /usr/lib/MailScanner/clamav-wrapper.
>
> We have been getting FPs on some newsletters due to Phishing 
> Heuristics in clam.  We also found that MS does not appear to use a 
> clamd.conf or freshclam.conf file.  To get around the FP Phishing 
> Heuristics problem, we modified the clamav-wrapper to turn off 
> heuristic url scans (line 152 added in clamav-wrapper script):
>
> ExtraScanOptions="$ExtraScanOptions --phishing-scan-urls=no"
>
> I would rather not edit the delivered MS script.  Is there a clam 
> config file used by MS?
>
> Where would I put the '--phishing-scan-urls=no' option?
>
> Lastly, is it preferable to install clamav, clamav-db and clamd RPMs 
> versus letting MS load clamscan for every email?
>
> ...from the tarball clam/SA install.sh script:
>
> echo 'There are 2 recommended ways of installing ClamAV, depending on'
> echo 'various factors.'
> echo 'If you want to use MailScanners support for Clamd (virus-scanning'
> echo 'daemon) then I recommend you cancel this script now (press Ctrl-C)'
> echo 'and install the RPMs for clamav, clamav-db and clamd from'
> echo ' _http://packages.sw.be/clamav/_'
> echo 'Then re-run this script and tell me that clamscan is installed in'
> echo '/usr/bin. This will set up your virus.scanners.conf file for you.'
> echo
> echo 'Otherwise you probably want me to install ClamAV now. So answer y.'
>
> Jules - thank you for a great product!
>
> Donald Dawson
> Security Administrator
> Baker Botts L.L.P.
> One Shell Plaza
> 910 Louisiana
> Houston, TX 77002
> W: 713-229-2183
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list