[clamav-users] Be wary of emails with attachments targeting clamav-users list members
Al Varnell
alvarnell at mac.com
Thu Mar 23 03:46:49 UTC 2023
Just a note that in my experience, e-mail phishing detection is routinely disabled, perhaps because of excessive false positives, but also because signature maintenance appears to be a low priority.
Sent from my iPad
-Al-
On Mar 22, 2023, at 10:44, newcomer01 via clamav-users <clamav-users at lists.clamav.net> wrote:
> Hi Paul,
>
> yes, submit all files. Maybe ClamAV need different Phising - Sigs for each file or something ...
> For my submitted file, ClamAV currently not warn ...
>
> kind greetings
> Marc
>
>
> Von / From: Clamav User Mailinglist <mailto:clamav-users at lists.clamav.net>
> An / To: Newcomer01 <mailto:newcomer01 at posteo.de>
> CC / CC: Paul Kosinski <mailto:clamav-users at iment.com>
> Gesendet / Sent: Mittwoch, März 22, 2023 um 18:35 (at 06:35 PM) +0100
> Betreff / Subject: Re: [clamav-users] Be wary of emails with attachments targeting clamav-users list members
>> I have just started getting these claiming to be relevant to ClamAV, but I have *also* been receiving this sort of thing claiming to be from the Firefox ESR list for months now.
>>
>> I am posting (one of) the HTMLs "about" ClamAV to https://www.clamav.net/reports/malware. Should I also post (one of) the Firefox phishes? (In fact, I have several of each, but it quickly gets tedious.)
>>
>>
>>
>>> On Wed, 22 Mar 2023 16:48:32 +0000
>>> "Micah Snyder \(micasnyd\) via clamav-users" <clamav-users at lists.clamav.net> wrote:
>>>
>>> All,
>>>
>>> Some users have reported receiving emails that appear to be a reply to a clamav-users mailing list thread but are in fact a phishing attempt have attached malware.
>>>
>>> Most recently, Marc reported receiving an email that appeared to be a reply to an older clamav-users mailing list thread but was in fact a direct email targeting him. It had this fairly generic phishing text:
>>>
>>> "Would you please look through the last agreement? I have attached some extra details about it."
>>>
>>> The attached file was some small HTML file containing malicious obfuscated javascript.
>>>
>>> This isn't the first time we've heard of this type of phishing using our mailing list archives. Please be careful when you see any sort of attachment, even if it appears to be from this community.
>>>
>>> If you receive this sort of phishing email, please report the attached HTML file to https://www.clamav.net/reports/malware
>>>
>>> Regards,
>>> Micah
>>>
>>>
>>>
>>> Micah Snyder
>>> ClamAV Development
>>> Talos
>>> Cisco Systems, Inc.
More information about the clamav-users
mailing list