Re: [Clamav-users] Fwd: Important mail marked as spam

Thu, 09 Sep 2010 03:21:53 -0700 

----- Message from edwinto...@gmail.com ---------
    Date: Thu, 9 Sep 2010 12:46:40 +0300
    From: Török Edwin <edwinto...@gmail.com>
 Subject: Re: [Clamav-users] Fwd: Important mail marked as spam
      To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: a...@isac.gov.in, RAKESH KUMAR <rak...@isac.gov.in>, RAJIV RATAN CHETWANI <ra...@isac.gov.in> 



On Thu, 09 Sep 2010 14:35:40 +0530
ANANT S ATHAVALE <a...@isac.gov.in> wrote:


Dear List,

I have got a complaint from one of our users that, a genuine mail has
got identified as virus: Heuristics.Phishing.Email.SpoofedDomain,
with internal reference code as ' 02103-11/QCZxxtAvePMy'. 


May be this reference code is from Amavisd-new...


That reference code is not coming from ClamAV, it has no reference
codes. Its probably some reference code of some 3rdparty app that uses
ClamAV for scanning.


I don't
know what exactly is the meaning of internal reference code.

We are not quarantining the mails which are detected as infected.
Under this condition, I really do not know the genuinity of the
actual mail which has been blocked. 

But, it looks like this is a false positive as the recipient has
confirmed with the bank that such mails are being sent.

What is the way out that in future such mail is not detected as
virus.  How to address this issue.  Please let me know.


daily.pdb lists hdfcbank.com and I see hdfcbank.net below that might be
a problem.
Try adding this to local.wdb:
M:hdfcbank.com:hdfcbank.net
M:hdfcbank.net:hdfcbank.com

If that doesn't work then we'd need a copy of that email, or at least
the output of 'clamscan --debug <youremail> |grep Phishcheck'

Best regards,
--Edwin




----- End message from edwinto...@gmail.com -----



Regards,

Anant Athavale.

------------------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
------------------------------------------------------------------------------
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml





















					Reply via email to