Update. This is happening with a lot of different domain names now. I'm
getting the warning email as the admin, BUT the recipient is also getting
the message. I don't even see an indication that ClamAV thought something
was wrong in the message that's delivered. That's good, since these are
false positives, but I would have thought that if ClamAV is detecting a
phishing email, that it would have been rejected.
Can't figure this one out. I should also note that I increased the amount
of virtual memory (swap file) available on this machine yesterady, but I
can't imagine that has anything to do with anything.
Thanks
On Sat, Apr 16, 2016 at 1:19 PM, K Post <[email protected]> wrote:
> We've seen several rejected emails since 16106 listing: Virus Detected:
> 'Heuristics.Phishing.Email.SpoofedDomain'
>
> These have been all legitimate emails from Citibank. I don't know why
> ClamAV is suddenly catching these erroneously. Previously, Citibank emails
> the sent using the same method have gotten through no problem. Just a
> coincidence that it's only after updating to 16106 and assp_afc.pm? I
> haven't changed any ClamAV settings - but maybe it's just working
> differently now with the new versions of assp files? Or maybe just a bad
> update to the clamav signatures? No idea.
>
> The sender domain is in WhiteSenderBaseRe.
>
> Of note:
>
> 1) Despite being rejected (erroneously, but rejected none the less), the
> messages are still stored files in NOTspam.
>
> 2) The administrative alert email has no FROM or SUBJECT in it (this has
> been an ongoing problem any time clamav triggers an alert)
>
> Suggestions?
>
> Thanks
>
>
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
