[clamav-users] Mail from Paypal wrongly identified as phishing by ClamAv
Reindl Harald
h.reindl at thelounge.net
Thu May 18 10:47:51 UTC 2017
Am 18.05.2017 um 12:41 schrieb Outreach at epsilon.com:
> Mail from our client Paypal is being wrongly flagged as phishing by ClamAv.
>
> We get this type of bounce erros:
> 554 Your email was rejected because it contains the Heuristics.Phishing.Email.SpoofedDomain virus
>
> Mailing IPs: 142.54.244. [96-110]
> Mailing domains:mail.paypal.at, mail.paypal.nl, mail.paypal.com, mail.paypal.pl
> Date of issue: 09 May 2017
>
> Please make the necessary changes to your product ASAP
i complained about that many months ago, frankly it was the reason to
register for the ML at all and that you can't whitelist
"Heuristics.Phishing.Email.SpoofedDomain" with a ign2 file and so you
have to turn off other things too like google sfafebrowsing
clamav is literally unuseable until you fire up at least two instances,
fix the spamassassin-clamav plugin so that is supports more than one
instance and score them different or don't score it high at all
> These emails are legitimate, sent to optin customers of Paypal, and authenticate with SPF, DKIM and DMARC.
clamav has no way to verify that and hence the
"Heuristics.Phishing.Email.SpoofedDomain" should not exist at all or at
least have a option to disable that *and only* that
More information about the clamav-users
mailing list