Re: [clamav-users] clamdscan mail file

Wed, 15 Feb 2017 04:11:23 -0800 

On 2017-02-13 15:07, TBits.net, Mailinglists wrote:

On 2017-02-13 14:39, Reindl Harald wrote:

Am 13.02.2017 um 14:33 schrieb TBits.net, Mailinglists:

On 2017-02-13 13:19, Reindl Harald wrote:

Am 13.02.2017 um 13:05 schrieb TBits.net, Mailinglists:

Hi @all,

clamav-milter identify an email as infected by
Heuristics.Phishing.Email.SSL-Spoof.

This is correct, but when I scan this file in the quarantine with
clamdscan or clamscan the file is clean.8154
It seams that the clamscan or clamdscan do not scan this file for
Phishing.
Is it possible to scan a text file as a mail to identify with phishing? 

clamdscan is using clamd the same way as "clamav-milter" and so if
it's the same clamd configuration it behaves identically
clamav-milter identify it as Heuristics.Phishing.Email.SSL-Spoof but in 
clamdscan it is clean.
And I think the result should be the same


they are - proven by a webinterface where i upload eml files at pass
them through spamd and clamdscan using two different clamd-instances
which are used by clamav-milter and/or spamassassin

are you 100% certain that clamdscan is using the identical clamd
instance with identical configuration?


Yes only one instance of clamd is running.
I scan only the quarantined mail which was hold by clamav-milter before. 

Tested under different servers, on all servers are the same result.
any idea how I can scan a text file as email, that phishing attempts are identified?
if you send the code via telnet to the smtp server clamav-milter identify it as "infected by Heuristics.Phishing.Email.SSL-Spoof" 
If you scan a file with this code, clamdscan identify it as clean.

--- snip---
subject: test
--_000_ed9530a770f34b59940e38cc79be07c0SE011093_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<a href="http://www.example.de/";>https://www.example.de;
--_000_ed9530a770f34b59940e38cc79be07c0SE011093_-
---snip---


----------------------------------------------------------------
Diese Nachricht wurde versandt mit Webmail von www.tbits.net.
This message was sent using webmail of www.tbits.net.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to