Just a note that in my experience, e-mail phishing detection is routinely disabled, perhaps because of excessive false positives, but also because signature maintenance appears to be a low priority.
Sent from my iPad -Al- On Mar 22, 2023, at 10:44, newcomer01 via clamav-users <clamav-users@lists.clamav.net> wrote: > Hi Paul, > > yes, submit all files. Maybe ClamAV need different Phising - Sigs for each > file or something ... > For my submitted file, ClamAV currently not warn ... > > kind greetings > Marc > > > Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net> > An / To: Newcomer01 <mailto:newcome...@posteo.de> > CC / CC: Paul Kosinski <mailto:clamav-us...@iment.com> > Gesendet / Sent: Mittwoch, März 22, 2023 um 18:35 (at 06:35 PM) +0100 > Betreff / Subject: Re: [clamav-users] Be wary of emails with attachments > targeting clamav-users list members >> I have just started getting these claiming to be relevant to ClamAV, but I >> have *also* been receiving this sort of thing claiming to be from the >> Firefox ESR list for months now. >> >> I am posting (one of) the HTMLs "about" ClamAV to >> https://www.clamav.net/reports/malware. Should I also post (one of) the >> Firefox phishes? (In fact, I have several of each, but it quickly gets >> tedious.) >> >> >> >>> On Wed, 22 Mar 2023 16:48:32 +0000 >>> "Micah Snyder \(micasnyd\) via clamav-users" >>> <clamav-users@lists.clamav.net> wrote: >>> >>> All, >>> >>> Some users have reported receiving emails that appear to be a reply to a >>> clamav-users mailing list thread but are in fact a phishing attempt have >>> attached malware. >>> >>> Most recently, Marc reported receiving an email that appeared to be a reply >>> to an older clamav-users mailing list thread but was in fact a direct email >>> targeting him. It had this fairly generic phishing text: >>> >>> "Would you please look through the last agreement? I have attached some >>> extra details about it." >>> >>> The attached file was some small HTML file containing malicious obfuscated >>> javascript. >>> >>> This isn't the first time we've heard of this type of phishing using our >>> mailing list archives. Please be careful when you see any sort of >>> attachment, even if it appears to be from this community. >>> >>> If you receive this sort of phishing email, please report the attached HTML >>> file to https://www.clamav.net/reports/malware >>> >>> Regards, >>> Micah >>> >>> >>> >>> Micah Snyder >>> ClamAV Development >>> Talos >>> Cisco Systems, Inc. _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
