I've upgraded to 0.95.1 and have a few mails that are getting
quarantined as Phishing.Heuristics.Email.SpoofedDomain
How do I go about checking for spoofed domains in the email headers?
Its quite possible that the domain has been spoofed but I would like
to just double check?
Cheers
Greg
On 2009-04-29 11:43, Greg McCarthy wrote:
> I've upgraded to 0.95.1 and have a few mails that are getting
> quarantined as Phishing.Heuristics.Email.SpoofedDomain
>
> How do I go about checking for spoofed domains in the email headers?
> Its quite possible that the domain has been spoofed but I wou
I am having a problem with ClamAV.
It is working great in combination with MailScanner, so no problem there.
It is on RH4U5 server.
BUT
It is filling up /usr/local/share/clamav folder with subfolders like this :
drwxr-xr-x 2 clamav clamav 4096 Apr 13 20:14
clamav-ff1b8054ca4da18830a21a1d1
Hello,
We just updated our Debian server with version 0.95.1+dfsg-0volatile2.
Anyway we have been using milter_watch (used to be clmilter_watch) from:
http://www.itg.uiuc.edu/itg_software/milter_watch/
This used to work fine with the 0.94 version but now when I try running
milter_watch on the
Thanks for the info. I've run the scan on the body file and headers
file and get:
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^
*(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$
LibClamAV debug: Phishcheck module initialized
LibClamAV de
cla...@pcez.com wrote:
> clamav-milter[3037]: ClamAV: st_optionneg[-162030672]: 0x1f does not
> fulfill action requirements 0x30
>
> Anyone have an idea on how to fix this problem?
Not really but from the look of it I believe it's a protocol version
mismatch between the milter tan the watcher.
M
At clamav 0.94, it can config clamav-milter that send a "Virus Infected"
notify email to recipient when a virus scanned. But from 0.95.1, the milter
only had 'Blackhole' option that direct drop the virus email without any
user notification like 0.94. Is that had any option for milter at 0.95.1 to
martinnitram wrote:
> At clamav 0.94, it can config clamav-milter that send a "Virus Infected"
> notify email to recipient when a virus scanned. But from 0.95.1, the milter
> only had 'Blackhole' option that direct drop the virus email without any
> user notification like 0.94. Is that had any opti
I also came across the same issue. Of course I Reject the messages, but for
my own personal domain I like to have the notices of infected email go
through to the intended local recipient just to keep track of things.
James Kosin mentioned the backscatter with faked sender addresses, but we
are
> - Original Message -
> From: "martinnitram"
> To:
> Sent: Wednesday, April 29, 2009 8:39 AM
> Subject: [Clamav-users] "Virus Infected" Message for recipient
>
>
>>
>> At clamav 0.94, it can config clamav-milter that send a "Virus Infected"
>> notify email to recipient when a virus scan
Hi, you can use
for send a message to i.e postmaster etc
i.e in clamd.conf
# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
but i agree i also miss functions of
Robert Schetterer schrieb:
> Hi, you can use
> for send a message to i.e postmaster etc
>
> i.e in clamd.conf
>
> # Execute a command when virus is found. In the command string %v will
> # be replaced with the virus name.
> # Default: no
> #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALER
Robert Schetterer wrote:
>>
>
> i apologize too for top posting *g
>
>
And for failure to prune unnecessary parts of the message?
dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Dennis Peterson schrieb:
> Robert Schetterer wrote:
>
>> i apologize too for top posting *g
>>
>>
>
> And for failure to prune unnecessary parts of the message?
>
> dp
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> h
On 2009-04-29 13:54, Velda Midanovic wrote:
> I am having a problem with ClamAV.
>
> It is working great in combination with MailScanner, so no problem there.
>
> It is on RH4U5 server.
>
> BUT
>
> It is filling up /usr/local/share/clamav folder with subfolders like this :
>
> drwxr-xr-x 2 clamav
Am 2009-04-29 09:45:44, schrieb Dan Metcalf:
> I also came across the same issue. Of course I Reject the messages, but for
> my own personal domain I like to have the notices of infected email go
> through to the intended local recipient just to keep track of things.
>
> James Kosin mentioned t
>- Original Message -
>From: "Michelle Konzack"
>To:
>Sent: Wednesday, April 29, 2009 2:48 PM
>Subject: Re: [Clamav-users] "Virus Infected" Message for recipient
>> I also came across the same issue. Of course I Reject the messages, but
>> for
>> my own personal domain I like to have
I submitted what I considered to be a FP on
Phishing.Heuristics.Email.SpoofedDomain
Submission-ID: 7705854
Sender: Me
Submission notes: not a false positive
Added: No
which was not considered a FP. The code below is what triggered the
detection (I hope this passes the list and s
18 matches
Mail list logo
