[clamav-users] Finding the spoofed domain

2015-12-15 Thread Alex
Hi, I have an email that was marked as having a spoofed domain, but I believe it's a false-positive. It's one of those smartbrief.com newsletters. How do I find out which domain specifically it thinks was spoofed? I've posted the email here: http://pastebin.com/n4WRjmzE # clamscan -v spoofed-do

Re: [clamav-users] CLAMAV installation on IBM AIX

2015-12-15 Thread kk nair
Thanks Al. -Original Message- From: "Al Varnell" Sent: ‎15-‎12-‎2015 11:26 AM To: "ClamAV users ML" Subject: Re: [clamav-users] CLAMAV installation on IBM AIX Download clamav-0.99.tar.gz from . Un-Gzip the file. Open /clamav-0.99/INSTALL in a text editor

Re: [clamav-users] Finding the spoofed domain

2015-12-15 Thread Steve Basford
On Tue, December 15, 2015 1:43 pm, Alex wrote: > Hi, > > > I have an email that was marked as having a spoofed domain, but I > believe it's a false-positive. It's one of those smartbrief.com > newsletters. > > How do I find out which domain specifically it thinks was spoofed? --debug will help...

Re: [clamav-users] Finding the spoofed domain

2015-12-15 Thread Alex
Hi, > I've posted the email here: > http://pastebin.com/n4WRjmzE > Got a match: f.email.americanexpress.com/ with /moc.sserpxenacirema > Before inserting .: .f.email.americanexpress.com > Lookup result: in regex list > Phishcheck:host:.r.smartbrief.com > Phishing: looking up in whitelist: > .r.s

Re: [clamav-users] Finding the spoofed domain

2015-12-15 Thread Kris Deugau
Alex wrote: > Steve Basford wrote: >> I've posted the email here: >> http://pastebin.com/n4WRjmzE > >> Got a match: f.email.americanexpress.com/ with /moc.sserpxenacirema >> Before inserting .: .f.email.americanexpress.com >> Lookup result: in regex list >> Phishcheck:host:.r.smartbrief.com >> Ph

Re: [clamav-users] Problem configuring clamav-0.99

2015-12-15 Thread Steven Morgan
bzip2 1.0.5 looks kind of old. Can you try a more current version? On Mon, Dec 7, 2015 at 12:25 PM, wrote: > > Hi Ali, > > > > Can you heck to see that you have installed the development versions of > > bzip2 and check rpms (bzip2-devel-*.rpm / check-devel-*rpm)? > > > > Steve > > Hi Steve, > >

Re: [clamav-users] Finding the spoofed domain

2015-12-15 Thread Alex
Hi, >> Steve Basford wrote: >>> I've posted the email here: >>> http://pastebin.com/n4WRjmzE >> >>> Got a match: f.email.americanexpress.com/ with /moc.sserpxenacirema >>> Before inserting .: .f.email.americanexpress.com >>> Lookup result: in regex list >>> Phishcheck:host:.r.smartbrief.com >>> Ph

Re: [clamav-users] Finding the spoofed domain

2015-12-15 Thread Al Varnell
On Tue, Dec 15, 2015 at 06:21 PM, Alex wrote: > >>> Steve Basford wrote: I've posted the email here: http://pastebin.com/n4WRjmzE >>> Got a match: f.email.americanexpress.com/ with /moc.sserpxenacirema Before inserting .: .f.email.americanexpress.com Lookup result: in reg