Re: [clamav-users] ClamAV and Mal/Phish-A

2010-12-13 Thread TAN BUI
On Sat, 11 Dec 2010, T??r??k Edwin wrote: Mal/Phish-A looks like a generic/heuristic detection. These kinds of detections will be different from AV to AV, so constructing a list of aliases is not trivial (one AV may detect it via heuristics, another one via multiple signatures with a more speci

Re: [clamav-users] ClamAV and Mal/Phish-A

2010-12-13 Thread TAN BUI
On Sat, 11 Dec 2010, Al Varnell wrote: The Sophos site gives three aliases for Mal/Phish-A: PHISH/CartasiFraud, PHISH/HSBC and Trojan:JS/Cardst. Searching the clamav database I can find one instance of cardst which is Trojan.JS.Cardst with an ASCII signature of "nction click() { if (event.butto

Re: [clamav-users] ClamAV and Mal/Phish-A

2010-12-13 Thread TAN BUI
On Sat, 11 Dec 2010, Robert Schetterer wrote: i would say this is expected, different scanners different virus-spam dbs, it will ever happen sometimes at last fowarding mail isnt a very good idea these days for serveral reasons ( spf etc ) if you have good connections to the postmasters of

Re: [clamav-users] ClamAV and Mal/Phish-A

2010-12-11 Thread Török Edwin
On Sat, 11 Dec 2010 13:21:05 -0800 Al Varnell wrote: > On 12/11/10 20:01, schrieb TAN BUI wrote: > > > We are running ClamAV 96.5 on Slamd64 machines with freshclam > > running every hour to update the virus database; Besides the > > official ClamAV database, we also download those from > > Sane

Re: [clamav-users] ClamAV and Mal/Phish-A

2010-12-11 Thread Al Varnell
On 12/11/10 20:01, schrieb TAN BUI wrote: > We are running ClamAV 96.5 on Slamd64 machines with freshclam > running every hour to update the virus database; Besides the > official ClamAV database, we also download those from > Sanesecurity, SecurityInfo, MalwarePatrol once a day.The > servers run

Re: [clamav-users] ClamAV and Mal/Phish-A

2010-12-11 Thread Robert Schetterer
Am 10.12.2010 20:01, schrieb TAN BUI: > > We are running ClamAV 96.5 on Slamd64 machines with freshclam > running every hour to update the virus database; Besides the > official ClamAV database, we also download those from > Sanesecurity, SecurityInfo, MalwarePatrol once a day.The > servers run se

[clamav-users] ClamAV and Mal/Phish-A

2010-12-11 Thread TAN BUI
We are running ClamAV 96.5 on Slamd64 machines with freshclam running every hour to update the virus database; Besides the official ClamAV database, we also download those from Sanesecurity, SecurityInfo, MalwarePatrol once a day.The servers run sendmail 8.14.3 with mimedefang 2.66 calling ClamAV