[clamav-users] SpoofedDomain FOUND
ellanios82
ellanios82 at gmail.com
Wed Feb 15 21:26:02 UTC 2017
On 02/15/17 22:48, Kees Theunissen wrote:
> On Wed, 15 Feb 2017, ellanios82 wrote:
>
>> Hello List ,
>>
>>
>> scanning my Thunderbird directory , am getting :
>>
>> /home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus:
>> Heuristics.Phishing.Email.SpoofedDomain FOUND
>> /home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus: copied to
>> '/var/log/clams.infected/bus'
>>
>>
>> How please do i locate the offending message to delete, as i do not want to
>> delete the entire directory ?
>
> It's likely a message from this mailinglist:
>
> My spam/virus fileter rejected a messeage from this list:
>
> Timestamp: Feb 15 17:50:33 (UTC +1)
> Size: 1365308
> Subject: Re: [clamav-users] clamdscan mail file
> Message-ID: 43291D57DEB83042A250562D597FDBDA477C0EED at PC1WEPSIEXDAG02
> Status: Rejecting because of virus
> Heuristics.Phishing.Email.SpoofedDomain
>
> The timestamp is not the "Date:" header from the message but the
> time of the delivery attempt at my mail server.
>
> Looks like this was the message that Reindl Harald replied to
> with his last message in the thread: "clamdscan mail file".
>
>
> This should be sufficient information to locate the message.
>
>
> Regards,
>
> Kees Theunissen.
>
- many thanks Kees : No : do not have that message :
How please can i identify which is the Offending message :
am getting :
/home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus:
Heuristics.Phishing.Email.SpoofedDomain FOUND
have tried :
clamscan -i --phishing-cloak=yes
&
clamscan --phishing-sigs=yes
but they do not reveal identity of infected message ?
How to identify please?
........
thanks
ellan
...
More information about the clamav-users
mailing list