[clamav-users] Email.Phishing.DblDom-60 -- issue
Alain Zidouemba
azidouemba at sourcefire.com
Sun Apr 3 02:34:04 UTC 2016
Andrew:
Are you up to date with your signatures? Email.Phishing.DblDom-60 was
removed on 4/1/2016.
FYI:
$ echo -n 'Email.Phishing.DblDom-60:4:*:2f2e70617970616c2e636f6d' | sigtool
--decode-sigs
VIRUS NAME: Email.Phishing.DblDom-60
TARGET TYPE: MAIL
OFFSET: *
DECODED SIGNATURE:
/[dot]paypal[dot]com
- Alain
On Sat, Apr 2, 2016 at 3:54 PM, Andrew McGlashan <
andrew.mcglashan at affinityvision.com.au> wrote:
> Hi,
> -- resend ????? again ???? no help???? ---
>
> 550 This message was detected as possible malware
> (Email.Phishing.DblDom-60).
>
> It is not malware, it is just simple logs of backup processes.
>
>
> I have server log messages coming through that are being rejected as
> having "Email.Phishing.DblDom-60" ....
>
> *** How can I determine what it is that is triggering this claim? ***
>
> Thanks
> AndrewM
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list