Suntower West wrote:
> Hi,
>
> I'm getting a positive for this in a Eudora mailbox (which is
> basically just an ASCII file.) However, when I scan the same file
> with Comodo it comes up as clean.
>
> 1. Is this a false positive?
>
> 2. If not, then, is there a way to locate the bad code withi
Suntower West wrote:
> Hi,
>
> I'm getting a positive for this in a Eudora mailbox (which is
> basically just an ASCII file.) However, when I scan the same file
> with Comodo it comes up as clean.
>
> 1. Is this a false positive?
>
> 2. If not, then, is there a way to locate the bad code withi
Suntower,
Its just a detection of a probable phishing link in an email. There
is no virus in there just a phish.
Tom
At 5:33 PM -0700 4/16/09, Suntower West wrote:
>Hi,
>
>I'm getting a positive for this in a Eudora mailbox (which is
>basically just an ASCII file.) However, when I scan the sam
Hi,
I'm getting a positive for this in a Eudora mailbox (which is
basically just an ASCII file.) However, when I scan the same file
with Comodo it comes up as clean.
1. Is this a false positive?
2. If not, then, is there a way to locate the bad code within the
text and remove it without remov
Török Edwin wrote:
> On 2009-04-13 22:25, Jay Deiman wrote:
>> Török Edvin wrote:
>>
>> [snip]
>>
>>
Well, *I* couldn't find much of any use in the ktrace output. However,
if someone else would like to take a look at the trace file, I've made
it available at:
http://jan
On Thu, 16 Apr 2009 09:14:41 -0700
Dennis Peterson wrote:
[snip]
>If you were properly scanning your own outgoing mail you would have
>seen this problem before the message left your system. That is another
>policy issue. I understand this is a contentious issue with some
>people but I'll never u
aCaB wrote:
> Kevin Clark wrote:
>> ...clamav-milter still does not log every scanning event to either
>> /var/log/maillog or its own logfile /var/log/clamav/clamav-milter.log
>>
>
> Hi Kevin,
>
> As you may guess, "LogInfected" logs infected messages.
> Your mail log should already have logs
> an extended point about policy based on your example as it was presented. I
> did say this was controversial :)
Controversial perhaps to developers, just something else to have come across by
an end user :).
Anyhow, it all worked out, thanks for everyone's help.
__
li...@grounded.net wrote:
>> If you were properly scanning your own outgoing mail you would have seen
>> this problem before the message left your system. That is another policy
>> issue. I understand this is a contentious issue with some people but I'll
>> never understand why. For me is it simpl
On 2009-04-16 14:46, Anatoly Pugachev wrote:
> Hello!
>
> 3 days ago compiled clamav-0.95.1 on solaris 10 x86 box.
>
> Connected it to out MTA system through cgpav helper application.
>
> After a few hours, clamd eats 4Gb of system RAM and keep running with
> it. Can you please help me to investiga
On 2009-04-13 22:25, Jay Deiman wrote:
> Török Edvin wrote:
>
> [snip]
>
>
>>> Well, *I* couldn't find much of any use in the ktrace output. However,
>>> if someone else would like to take a look at the trace file, I've made
>>> it available at:
>>>
>>> http://janus.splitstreams.com/clamav-ktra
> If you were properly scanning your own outgoing mail you would have seen
> this problem before the message left your system. That is another policy
>issue. I
> understand this is a contentious issue with some people but I'll never
> understand why. For me is it simply a best practice activity.
li...@grounded.net wrote:
> I'm on a linux mailing list which I've been using for a while. Today, I send
> a message and it bounces back. In the headers, I see the following reason for
> the remote host denying the email;
>
>> Remote host said: 550 ClamAV detected
>> Sanesecurity.Phishing.Bank.
Thanks very much.
On Thu, 16 Apr 2009 16:44:14 +0100 (BST), Steve Basford wrote:
>> Glad to hear I didn't find something new. Now, on the other hand, how do I
>>
>> get my output to the users of the mailing list I was trying to reply to?
>>
> Once of these should do the trick...
>
> http://pas
> Glad to hear I didn't find something new. Now, on the other hand, how do I
> get my output to the users of the mailing list I was trying to reply to?
Once of these should do the trick...
http://pastebin.ca/
http://jqd.org/pastebin
http://papernapkin.org/pastebin/home
... or http://www.rot13.co
Glad to hear I didn't find something new. Now, on the other hand, how do I get
my output to the users of the mailing list I was trying to reply to?
On Thu, 16 Apr 2009 16:36:40 +0100 (BST), Steve Basford wrote:
>> li...@grounded.net wrote:
>>
>> In this particular case though I think the signat
> li...@grounded.net wrote:
> In this particular case though I think the signature is too weak and
> non-specific, prone to greater failure in a developer's environment than
> at the local community center, but still weak. It needs a larger context.
Agreed... hence it's been dropped.
Cheers,
St
li...@grounded.net wrote:
> I think I know what's happened. I had cut/paste some html header response
> code into the message for another mailing list but their clamav must be
> getting a false positive thinking that the html code is phishing code.
>
> Not sure but I think that's what's happened
I think I know what's happened. I had cut/paste some html header response code
into the message for another mailing list but their clamav must be getting a
false positive thinking that the html code is phishing code.
Not sure but I think that's what's happened.
On Thu, 16 Apr 2009 07:19:51 -07
li...@grounded.net wrote:
> I'm on a linux mailing list which I've been using for a while. Today, I send
> a message and it bounces back. In the headers, I see the following reason for
> the remote host denying the email;
>
>> Remote host said: 550 ClamAV detected
>> Sanesecurity.Phishing.Bank.
>>Remote host said: 550 ClamAV detected
>> Sanesecurity.Phishing.Bank.3259.UNOFFICIAL
>
> Can someone give me some information on this or ask more questions so that
> I can help. I've searched online but can't seem to find anything?
Hi Mike,
Could you email the sample to: ste...@webtribe.net
I'v
I'm on a linux mailing list which I've been using for a while. Today, I send a
message and it bounces back. In the headers, I see the following reason for the
remote host denying the email;
>Remote host said: 550 ClamAV detected
>Sanesecurity.Phishing.Bank.3259.UNOFFICIAL
Can someone give me s
On 2009-04-16 15:02, Aditya Nag wrote:
> On Thu, Apr 16, 2009 at 5:22 PM, Jerry wrote:
>
>
>> On Thu, 16 Apr 2009 11:44:44 +0530
>> Aditya Nag wrote:
>>
>>
>>> As a follow up, I tried removing the vir- prefix, but it's still
>>> renaming files, only now it does it without the vir prefix.
On Thu, Apr 16, 2009 at 5:22 PM, Jerry wrote:
> On Thu, 16 Apr 2009 11:44:44 +0530
> Aditya Nag wrote:
>
> >As a follow up, I tried removing the vir- prefix, but it's still
> >renaming files, only now it does it without the vir prefix. So, for
> >example, Setup.exe gets renames to Vqxfz rather t
Hello!
3 days ago compiled clamav-0.95.1 on solaris 10 x86 box.
Connected it to out MTA system through cgpav helper application.
After a few hours, clamd eats 4Gb of system RAM and keep running with
it. Can you please help me to investigate?
Right now I'm running 0.95 version back, and here its
On Thu, 16 Apr 2009 11:44:44 +0530
Aditya Nag wrote:
>As a follow up, I tried removing the vir- prefix, but it's still
>renaming files, only now it does it without the vir prefix. So, for
>example, Setup.exe gets renames to Vqxfz rather than vir-Vqxfz
>
>Any help would be appreciated.
Please don
Kevin Clark wrote:
> I appreciate the quick response but I'm sorry to say that making the changes
> you suggested to clamav-milter.conf does not have the desired effect.
>
> With these values in clamav-milter.conf...
>
> LogFile /var/log/clamav/clamav-milter.log
> LogSyslog yes
> LogFacility LOG
> > I'm following up on a previous post about logging to maillog:
> >
> > http://lurker.clamav.net/message/20090408.063308.16623e5a.en.html
> >
> > I am using Sendmail 8.13 on CentOS-4 but whereas previously with
> 0.94.2 I would get a log entry in /var/log/maillog for every scanned
> message I now
28 matches
Mail list logo
