[clamav-users] Email.Phishing.DblDom-60 -- issue

Al Varnell alvarnell at mac.com
Sun Apr 3 02:59:44 UTC 2016 

Sorry, I should have added:

sigtool --version /usr/local/clamXav/share/clamav/
ClamAV 0.99.1/21484/Fri Apr  1 13:09:25 2016

-Al-

On Sat, Apr 02, 2016 at 07:55 PM, Al Varnell wrote:
> 
> Alain,
> 
> I seem to be up-to-date with daily:21484 from yesterday and I’m still seeing it:
> 
> host -t txt current.cvd.clamav.net
> current.cvd.clamav.net descriptive text "0.99.1:57:21484:1459646940:1:63:44502:275"
> 
> sigtool --find Email.Phishing.DblDom-60
> [main.ndb] Email.Phishing.DblDom-60:4:*:2f2e70617970616c2e636f6d
> 
> -Al-
> 
> On Sat, Apr 02, 2016 at 07:34 PM, Alain Zidouemba wrote:
>> 
>> Andrew:
>> 
>> Are you up to date with your signatures? Email.Phishing.DblDom-60 was
>> removed on 4/1/2016.
>> 
>> FYI:
>> 
>> $ echo -n 'Email.Phishing.DblDom-60:4:*:2f2e70617970616c2e636f6d' | sigtool
>> --decode-sigs
>> VIRUS NAME: Email.Phishing.DblDom-60
>> TARGET TYPE: MAIL
>> OFFSET: *
>> DECODED SIGNATURE:
>> /[dot]paypal[dot]com
>> 
>> - Alain
>> 
>> On Sat, Apr 2, 2016 at 3:54 PM, Andrew McGlashan <
>> andrew.mcglashan at affinityvision.com.au> wrote:
>> 
>>> Hi,
>>> --  resend ????? again ???? no help???? ---
>>> 
>>> 550 This message was detected as possible malware
>>> (Email.Phishing.DblDom-60).
>>> 
>>> It is not malware, it is just simple logs of backup processes.
>>> 
>>> 
>>> I have server log messages coming through that are being rejected as
>>> having "Email.Phishing.DblDom-60" ....
>>> 
>>> *** How can I determine what it is that is triggering this claim? ***
>>> 
>>> Thanks
>>> AndrewM
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>>> 
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> -Al-

-Al-
-- 
Al Varnell
Mountain View, CA





-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2370 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160402/106bd614/attachment.bin>

More information about the clamav-users mailing list