[clamav-users] SpoofedDomain FOUND
Reindl Harald
h.reindl at thelounge.net
Wed Feb 15 23:20:44 UTC 2017
Am 15.02.2017 um 22:26 schrieb ellanios82:
> How please can i identify which is the Offending message :
>
> am getting :
>
> /home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus:
> Heuristics.Phishing.Email.SpoofedDomain FOUND
you can't because thunderbird is using
https://en.wikipedia.org/wiki/Mbox and so there are more than one
messages in a single file, clamav tells you that file and that's it
it's likely one of the thread "clamdscan mail file" on this list today
with a sample of that idiotic "Heuristics.Phishing.Email.SpoofedDomain"
which hits in fact also *origin* paypal mails for a very long time an
dhence *can not* be used in context of a milter and so only with a
spamassassin-plugin which only scores instead absolute decisions
weird that you local scan hits on the mailbox while that message don't
hit "Heuristics.Phishing.Email.SpoofedDomain" while wrap it through
clamdscan which is the whole point of the thread
More information about the clamav-users
mailing list