Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

On Wed, May 31, 2017 at 11:44 PM, Reindl Harald wrote: > > why i am so emotional about this topic? > > because *THAT ISSUE* i originally registered on this list and *you* > recommended at > http://lists.clamav.net/pipermail/clamav-users/2016-July/003111.html "You > must disable Heuristics usin

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

I, too, get very annoyed by companies that use more than one domain at the first level: it seems that relatively few companies do it the "way it was intended", via a subdomain. Even Google (who ought to know better) has several extra first level domains, like gstatic.com, 1e100.net (ha, ha) etc., a

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

On Thursday 01 June 2017 19:49:11 Reindl Harald wrote: > Am 02.06.2017 um 01:16 schrieb Gene Heskett: > > On Thursday 01 June 2017 12:01:17 Dennis Peterson wrote: > >> It is your problem to fix. > >> Be obvious or be blocked. There's too much at risk. > > > > I couldn't have said it any better Den

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

Am 02.06.2017 um 01:16 schrieb Gene Heskett: On Thursday 01 June 2017 12:01:17 Dennis Peterson wrote: It is your problem to fix. Be obvious or be blocked. There's too much at risk. I couldn't have said it any better Dennis, and yes, spamassassin is well trained here. Email is IMO supposed

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

On Thursday 01 June 2017 12:01:17 Dennis Peterson wrote: > It is your problem to fix. > Be obvious or be blocked. There's too much at risk. > I couldn't have said it any better Dennis, and yes, spamassassin is well trained here. Email is IMO supposed to be text, but may include links provided t

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

I do agree that these features need to be decoupled. We’ve marked that as a feature we’d like to develop. -- Joel Esler | Talos: Manager | jes...@cisco.com On Jun 1, 2017, at 2:44 AM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote: Am 01.06.2017 um 08:32 s

Re: [clamav-users] Using paypal-communication.com for link tracking purposes

>> The domain https://epl.paypal-communication.com is used by Paypal for link tracking purposes in their emails. << There is nothing wrong with PayPal using the domain (or subdomains of) paypal-communication.com as links in their emails. Their HTML emails cannot disguise that link by showing a TE

Re: [clamav-users] Apparently legitimate Paypal email disguises domain name in links - thus identified as likely phishing

>> The text shown to the user is www.paypal.com but the actual URL being used is https://epl.paypal-communication.com << Agreed - if any email displays a DIFFERENT domain name to the user than the domain name used in the link, then this IS solid reason to unconditionally block an email. It is

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

If I were to have gotten a suspicious message notice from epl.paypal-communication.com and gone through a whois, nslookup, whois (ip address), dig txt paypal-communication.com, dig mx paypal-communication.com, dig mx epl.paypal-communication.com routine I would have found a very suspicious pedi

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

outre...@epsilon.com wrote: Hi Al, Could you please confirm exactly what is the issue you see with the links? As far as I can see, they use standard link tracking. ^^ In my experience that, in and of itself, is often the problem. The c

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

Hi Reindl and Al, Thank you for your feedback. The domain https://epl.paypal-communication.com is used by Paypal for link tracking purposes in their emails. Their sending domains are for example: mail.paypal.com, mail.paypal.co.uk, mail.paypal.fr etc. To clarify, I work for Epsilon which is a