I'm using ClamAV with Amavis-new (latest versions of both). How do I get phishing messages to be quarantined like infected messages?
I noticed that emails that ClamAV identifies as phishing emails are not being quarantined. Even though I have the final_virus_destiny set to D_DISCARD, these phishing messages are being treated differently than the infected messages. Here is a section of my clamd.log file... Sun Mar 23 03:04:49 2008 -> /var/amavis/tmp/ amavis-20080323T025140-62561/parts/p001: HTML.Phishing.Pay-287 FOUND Sun Mar 23 03:31:56 2008 -> /var/amavis/tmp/ amavis-20080323T033050-63534/parts/p001: HTML.Phishing.Pay-287 FOUND Sun Mar 23 03:37:00 2008 -> /var/amavis/tmp/ amavis-20080323T032847-63470/parts/p001: HTML.Phishing.Pay-287 FOUND Sun Mar 23 03:39:58 2008 -> /var/amavis/tmp/ amavis-20080323T033828-63652/parts/p004: Trojan.Dropper-4944 FOUND Sun Mar 23 03:41:05 2008 -> /var/amavis/tmp/ amavis-20080323T033045-63526/parts/p001: HTML.Phishing.Pay-287 FOUND Sun Mar 23 03:46:02 2008 -> /var/amavis/tmp/ amavis-20080323T034501-63783/parts/p001: HTML.Phishing.Pay-287 FOUND Sun Mar 23 04:03:27 2008 -> /var/amavis/tmp/ amavis-20080323T040327-64058/parts/p001: HTML.Phishing.Pay-287 FOUND The virus quarantine directory contains only one email, the one with the trojan payload. I received a phishing message and the tests section of its X-Spam- Status line has AV:HTML.Phishing.Pay-287=<some low score>. AV:HTML.Phishing.Pay-287 doesn't appear to be a rule that SpamAssassin is adding or even aware of, so I don't think that putting this rule with an increased score in the SpamAssassin local.cf file would make any difference. Jose ....................................................... Jose Hales-Garcia UCLA Department of Statistics [EMAIL PROTECTED] ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
