ClamAVModule::INFECTED:: Phishing.Heuristics.Email.SpoofedDomain
donald.dawson at bakerbotts.com
donald.dawson at bakerbotts.com
Tue Oct 6 20:19:07 IST 2009
How is clamscan called by the new 4.78 version? It does not appear to
be using the /usr/lib/MailScanner/clamav-wrapper script. I am not yet
using clamd.
Donald Dawson
Security Administrator
Baker Botts L.L.P.
One Shell Plaza
910 Louisiana
Houston, TX 77002
W: 713-229-2183
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
donald.dawson at bakerbotts.com
Sent: Friday, October 02, 2009 11:44 AM
To: mailscanner at lists.mailscanner.info
Subject: RE: ClamAVModule::INFECTED::
Phishing.Heuristics.Email.SpoofedDomain
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jules
Field
Sent: Friday, October 02, 2009 2:35 AM
To: MailScanner discussion
Subject: Re: ClamAVModule::INFECTED::
Phishing.Heuristics.Email.SpoofedDomain
As you are clearly trying to use a new feature ("Spam-Virus"es) that I
just introduced, I think you will find all your problems are solved
using the new "Spam-Virus" feature in 4.78.
On 01/10/2009 23:26, donald.dawson at bakerbotts.com wrote:
>
> We are running MS 4.75.11 (soon to upgrade to interesting new 4.78.17
> version). We installed clam via the MS tar ball. Clam is our only AV
> and is called by MS via /usr/lib/MailScanner/clamav-wrapper.
>
> We have been getting FPs on some newsletters due to Phishing
> Heuristics in clam. We also found that MS does not appear to use a
> clamd.conf or freshclam.conf file. To get around the FP Phishing
> Heuristics problem, we modified the clamav-wrapper to turn off
> heuristic url scans (line 152 added in clamav-wrapper script):
>
> ExtraScanOptions="$ExtraScanOptions --phishing-scan-urls=no"
>
> I would rather not edit the delivered MS script. Is there a clam
> config file used by MS?
>
> Where would I put the '--phishing-scan-urls=no' option?
>
> Lastly, is it preferable to install clamav, clamav-db and clamd RPMs
> versus letting MS load clamscan for every email?
>
> ...from the tarball clam/SA install.sh script:
>
> echo 'There are 2 recommended ways of installing ClamAV, depending on'
> echo 'various factors.'
> echo 'If you want to use MailScanners support for Clamd
(virus-scanning'
> echo 'daemon) then I recommend you cancel this script now (press
Ctrl-C)'
> echo 'and install the RPMs for clamav, clamav-db and clamd from'
> echo ' _http://packages.sw.be/clamav/_'
> echo 'Then re-run this script and tell me that clamscan is installed
in'
> echo '/usr/bin. This will set up your virus.scanners.conf file for
you.'
> echo
> echo 'Otherwise you probably want me to install ClamAV now. So answer
y.'
>
> Jules - thank you for a great product!
>
> Donald Dawson
> Security Administrator
> Baker Botts L.L.P.
> One Shell Plaza
> 910 Louisiana
> Houston, TX 77002
> W: 713-229-2183
>
Jules
--------------
Jules, would you also recommend installing the clamd rpm versus letting
MS run clamscan?
Thanks,
Donald
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list