>From: "Christoph Cordes" <[EMAIL PROTECTED]> > > Am 29.08.2007 um 00:59 schrieb Dan Metcalf: > >> I have a client that is having some trouble when forwarding some >> spamcop >> complaints to the appropriate parties. They keep getting >> Email.Webaccount-11 rejections. >> >> Looked all over, but haven't found the right place for a definition >> of what >> this is? Anybody know? >> > > Email.Webaccount is a variant of the infamous mails that are > currently seeded, they usually contain something like "Your account > has been created, the temporary pass is..., please visit our website > to change you pass as soon as possible, etc". The mail also contains > a numeric URL, like hxxp://99.99.99.99. By visiting the website, you > have a good chance to catch additional malware, since the site > usually tries to exploit various flaws in your browser. The site will > also tell you something like "Please download this plugin/software/ > update" to display the site properly. > > It's possible that the mails that your customer wants to send belongs > to this family. I'd recommend to defuse the mails by modifying the > URL in it - it's safer for the customer anyway and clam wont trigger > an alert. > > HtH > > -- > Best regards, > Christoph
Thanks for the reply. I found out through trial and error basically what you detailed above, but it's good to know that my assumption in the end was correct. Is there a list of this information somewhere that I can reference? (Like symantec has their virus knowledgebase, is there something like that for ClamAV?) Dan Metcalf <[EMAIL PROTECTED]> _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html