On Jul 26, 2011, at 2:06 PM, Török Edwin <ed...@clamav.net> wrote: > On 07/26/2011 11:59 PM, Al Varnell wrote: >> Is there something going on with subject infections? I see that it's listed >> on the clamav home page as a "Current Threat". We got several users asking >> about this in the ClamXav Forum (including a Linux user?) and I can't seem >> to find it in the signature database any more. >> > > It is an engine detection (actually it is > Heuristics.Phishing.Email.SpoofedDomain). > All engine detections are prefixed with 'Heuristics.'. > > This detection is for phishing emails, you can look in daily.pdb to see a > list of 'protected' domains > (i.e. if a phishing email targets one of those domains we should detect it).
Thanks for that explanation, that helps a lot. Is there any reason why clamscan would be making such detections and clamd not? One of our users is running into this, which could just be related to database updates, but I want to be sure. Also, it would seem that the inclusion of "Facebook.com" was causing a spike in these detections and today I noticed it is no longer one of the "protected" domaines. The number of hits on my computer went from over 30 last week to just three today. I couldn't quite figure out why they needed to be protected, anyway. Just an observation. Sent from Janet's iPad -Al- -- Al Varnell _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
