[clamav-users] Email.Phishing.DblDom-60 -- issue
Alessandro Vesely
vesely at tana.it
Thu Mar 31 15:01:48 UTC 2016
This was a false positive itself. I got:
Virus-Found: Email.Phishing.DblDom-53 Sanesecurity.Phishing.Cur.744.UNOFFICIAL
(I wonder how could this message pass. This reply is doomed to be blocked...)
Ale
On Wed 30/Mar/2016 20:18:52 +0200 Alain Zidouemba wrote:
> $ sigtool -fEmail.Phishing.DblDom-60 | awk -F' ' '{print $2}' | sigtool
> --decode-sigs
> VIRUS NAME: Email.Phishing.DblDom-60
> TARGET TYPE: MAIL
> OFFSET: *
> DECODED SIGNATURE:
> /.www.my.if.com/
>
>
>
> If you think you have a false positive, please submit it here:
> http://www.clamav.net/reports/fp
>
> - Alain
>
>
>
> On Wed, Mar 30, 2016 at 12:23 PM, Andrew McGlashan <
> andrew.mcglashan at affinityvision.com.au> wrote:
>
>> Hi,
>>
>> I have server log messages coming through that are being rejected as
>> having "Email.Phishing.DblDom-60" ....
>>
>> How can I determine what it is that is triggering this claim?
>>
>> Thanks
>> AndrewM
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list