Dear List, I have got a complaint from one of our users that, a genuine mail has got identified as virus: Heuristics.Phishing.Email.SpoofedDomain, with internal reference code as ' 02103-11/QCZxxtAvePMy'. I don't know what exactly is the meaning of internal reference code.
We are not quarantining the mails which are detected as infected. Under this condition, I really do not know the genuinity of the actual mail which has been blocked. But, it looks like this is a false positive as the recipient has confirmed with the bank that such mails are being sent. What is the way out that in future such mail is not detected as virus. How to address this issue. Please let me know. ----- Forwarded message from sab...@isac.gov.in ----- Date: Wed, 08 Sep 2010 09:14:36 +0530 From: Sabari Sreekumar <sab...@isac.gov.in> Subject: Important mail marked as spam To: ANANT SHRIPADRAO ATHAVALE <a...@isac.gov.in> Sir, I received a mail from postmas...@isac.gov.in saying that one of the mails that was sent to my inbox was blocked because it could probably be from a fake sender. Infact that mail was from my bank regarding my credit card, probably a credit card statement. The sender is "HDFC Bank" <yourcreditc...@hdfcbank.net> . If possible please unblock this sender and allow it to send mail to me. Please see below for the mail i received and thanks in advance. VIRUS ALERT Our content checker found virus: Heuristics.Phishing.Email.SpoofedDomain in an email to you from probably faked sender: ?...@[153.69.213.163] claiming to be: <20031+10000+11146+1+0+1+0+sabari=isac.gov...@cpbnc.com> Content type: Virus Our internal reference code for your message is 02103-11/QCZxxtAvePMy First upstream SMTP client IP address: dnserns.isac.gov.in According to a 'Received:' trace, the message apparently originated at: [153.69.213.163], Return-Path: <20031+10000+11146+1+0+1+0+sabari=isac.gov...@cpbnc.com> From: "HDFC Bank" <yourcreditc...@hdfcbank.net> Message-ID: <40a3d0bcf47848e8b51f93f0f2317...@pmms08> X-Mailer: Microsoft CDO for Windows 2000 Subject: Smart Buy Shopping Festival - HDFC Bank Credit Cards Not quarantined. Please contact your system administrator for details. Regards -- Sabari ----- End forwarded message ----- Regards, Anant Athavale. ------------------------------------------------------------------------------ Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ------------------------------------------------------------------------------ _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
