Dear List,
I am attaching a mail extract, which is getting detected as 'Phishing
Spoofed domain' mail. I had reported the same problem earlier and
based on the suggestions, I have created a file local.wdb with
following content.
M:hdfcbank.com:hdfcbank.net
M:hdfcbank.net:hdfcbank.com
Still, we have the same problem.
Please suggest what should I do to receive such genuine mails.
Regards,
ANANT.
----------------------------------------------------------------------
A virus was found: Heuristics.Phishing.Email.SpoofedDomain
Scanner detecting a virus: ClamAV-clamd
Content type: Virus
Internal reference code for the message is 28092-17/RLvAVqyXW2sI
First upstream SMTP client IP address: [172.20.2.58] dnserns.isac.gov.in
According to a 'Received:' trace, the message apparently originated at:
[153.69.213.163],
Return-Path: <20031+10000+11602+1+0+1+0+VIKASKS=isac.gov...@cpbnc.com>
From: "HDFC Bank" <specialof...@hdfcbank.net>
Message-ID: <1A2D07B4C7A74C6B81C2742280EA76B2@pmms08>
Subject: 5% OFF at Flemingo Duty Free Shops - HDFC Bank MasterCard Credit Card
Offer
Not quarantined.
Notification to sender will not be mailed.
The message WAS NOT relayed to:
<vika...@isac.gov.in>:
554 5.7.0 Reject, id=28092-17 - INFECTED:
Heuristics.Phishing.Email.SpoofedDomain
<mailbac...@isac.gov.in>:
554 5.7.0 Reject, id=28092-17 - INFECTED:
Heuristics.Phishing.Email.SpoofedDomain
Virus scanner output:
p002: Heuristics.Phishing.Email.SpoofedDomain FOUND
Return-Path: <20031+10000+11602+1+0+1+0+VIKASKS=isac.gov...@cpbnc.com>
Received: from dnserns.isac.gov.in (dnserns.isac.gov.in [172.20.2.58])
by services.isac.gov.in (Postfix) with SMTP id C82E47E8EB3;
Fri, 28 Jan 2011 21:38:57 +0530 (IST)
Received: from hdfc.cpbnc.com (hdfc.cpbnc.com [153.69.213.163])
by dnserns.isac.gov.in (Postfix) with SMTP id C944C10CD
for <vika...@isac.gov.in>; Fri, 28 Jan 2011 21:38:56 +0530 (IST)
Received: by hdfc.cpbnc.com (PowerMTA(TM) v3.5r10) id h8bl1q0i4dov for
<vika...@isac.gov.in>; Fri, 28 Jan 2011 11:08:59 -0500 (envelope-from
<20031+10000+11602+1+0+1+0+VIKASKS=isac.gov...@cpbnc.com>)
X-campaignid: C.20031-J.327498-S.11602-SS.1
Thread-Topic: 5% OFF at Flemingo Duty Free Shops - HDFC Bank
MasterCard Credit Card Offer
X-ID1: cae
charset: UTF-8
X-BPS1: 11602
X-BPS2: 1
thread-index: Acu/BavHTrsQYFi1Ty2T4s++i4UxBw==
Reply-To: "HDFC Bank" <specialof...@hdfcbank.net>
From: "HDFC Bank" <specialof...@hdfcbank.net>
To: <vika...@isac.gov.in>
Subject: 5% OFF at Flemingo Duty Free Shops - HDFC Bank MasterCard
Credit Card Offer
Date: Fri, 28 Jan 2011 11:08:58 -0500
Message-ID: <1A2D07B4C7A74C6B81C2742280EA76B2@pmms08>
MIME-Version: 1.0
Content-Type: text/html;
charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6002.18005
---------------------------------------------------------------------
Regards,
Anant Athavale.
------------------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
------------------------------------------------------------------------------
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
