Daily sigs: 4054; main 44. ClamAv 0.91.2-1 Installed on CentOS-4.5 from Dag's packages. Freshly updated via the packages from the ancient 0.90-2 (also Dag's).
Called via pyclamav (rebuilt to matching libclamav) in our own code. One sample: what looks like a proper Netflix shipping notice, which reached us from an IP that Netflix claims in their SPF record. Reported as Phishing.Heuristics.Email.SpoofedDomain I'll go through the other quarantined messages shortly, matching virus name with message. It's not quite trivial to turn our quarantined messages into plain text for submission--I'll do so as soon as I become convinced that I am seeing an actual problem. For the moment, I'm turning what should be the quite valuable option PhishingScanURLs off. 1. Have others with similar setups noticed this seeming problem? 2. Have I in fact found the right switch to turn off the scanning which produces Phishing.Heuristics.Email.SpoofedDomain Thanks --John (who was watching carefully while running some mail through the newly-upgraded server, or he wouldn't have spotted this) _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
