[clamav-users] clamav-users Digest, Vol 150, Issue 18

Outreach at epsilon.com Outreach at epsilon.com
Fri May 19 09:38:01 UTC 2017 

Thanks Al. I have submitted false positive reports for each domain.

Does anyone know if we will receive any kind of confirmation that this is being looked at / resolved?

Thanks, 

Anne-Sophie

-----Original Message-----
From: Al Varnell [mailto:alvarnell at mac.com] 
Sent: 19 May 2017 09:24
To: Outreach at epsilon.com
Subject: Re: clamav-users Digest, Vol 150, Issue 18

I'm just a fellow user, but from what I know about the way it's organized, technically yes, there should be one from every domaine. Perhaps somebody from the signatures team can give you a better response.

Sent from Janet's iPad

-Al-

On May 19, 2017, at 1:05 AM, "Outreach at epsilon.com" wrote:
> Hi Al,
> 
> Thanks for your input, I will send you a sample.
> 
> Paypal sends campaigns for all their EMEA countries via our platform, so there are several sending domains used. Do I need to send a sample for each domain? 
> 
> Many thanks,
> 
> Anne-Sophie
> ------------------------------
> 
> Message: 11
> Date: Thu, 18 May 2017 04:19:54 -0700
> From: Al Varnell <alvarnell at mac.com>
> To: ClamAV users ML <clamav-users at lists.clamav.net>
> Subject: Re: [clamav-users] Mail from Paypal wrongly identified as
>    phishing by ClamAv
> Message-ID: <C4A9264A-D00C-4A7A-8059-AF56C924BA67 at mac.com>
> Content-Type: text/plain; charset="us-ascii"
> 
> This can be whitelisted by associating whatever foreign URL is being used within these messages with paypal domains, but you need to submit a sample to <http://www.clamav.net/reports/fp> so that it can be taken care of.
> 
> -Al-
> 
> On Thu, May 18, 2017 at 03:41 AM, Outreach at epsilon.com wrote:
>> 
>> Hello,
>> 
>> Mail from our client Paypal is being wrongly flagged as phishing by ClamAv.
>> 
>> We get this type of bounce erros:
>> 554 Your email was rejected because it contains the 
>> Heuristics.Phishing.Email.SpoofedDomain virus
>> 
>> Mailing IPs: 142.54.244. [96-110]
>> Mailing domains:mail.paypal.at, mail.paypal.nl, mail.paypal.com, 
>> mail.paypal.pl Date of issue: 09 May 2017
>> 
>> Please make the necessary changes to your product ASAP.
>> 
>> These emails are legitimate, sent to optin customers of Paypal, and authenticate with SPF, DKIM and DMARC.
>> 
>> 
>> Please contact me if you need any additional information.
>> 
>> Regards,
>> 
>> Anne-Sophie Marsh, Sr Email Deliverability Manager EMEA
>> T   +44 2086143219   M +44 7469352383   Epsilon, 67 Broad Street, Teddington TW11 8QZ, UK  epsilon.com<http://epsilon.com/>
>> [http://help.epsilon.com/images/logo.png]

More information about the clamav-users mailing list