Am 15.02.2017 um 13:23 schrieb outre...@epsilon.com:
Thank you for your help.
I am not familiar with ClamAv and what you are describing below.
Please let me know - is there any information I can provide that would help you
to correct the issue?
i asked simply for the email file - please understand that talking about
things and provide mangeled and cutted snippets of the files in doubt
is useless because nobody can try to reproduce a issue
since you are not the OP for the usage of clamdscan and clamd itself
please consult the documentations
-----Original Message-----
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of
Reindl Harald
Sent: 15 February 2017 12:16
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] clamdscan mail file
Am 15.02.2017 um 13:10 schrieb TBits.net, Mailinglists:
On 2017-02-13 15:07, TBits.net, Mailinglists wrote:
On 2017-02-13 14:39, Reindl Harald wrote:
Am 13.02.2017 um 14:33 schrieb TBits.net, Mailinglists:
On 2017-02-13 13:19, Reindl Harald wrote:
Am 13.02.2017 um 13:05 schrieb TBits.net, Mailinglists:
Hi @all,
clamav-milter identify an email as infected by
Heuristics.Phishing.Email.SSL-Spoof.
This is correct, but when I scan this file in the quarantine with
clamdscan or clamscan the file is clean.8154 It seams that the
clamscan or clamdscan do not scan this file for Phishing.
Is it possible to scan a text file as a mail to identify with
phishing?
clamdscan is using clamd the same way as "clamav-milter" and so if
it's the same clamd configuration it behaves identically
clamav-milter identify it as Heuristics.Phishing.Email.SSL-Spoof
but in clamdscan it is clean.
And I think the result should be the same
they are - proven by a webinterface where i upload eml files at pass
them through spamd and clamdscan using two different clamd-instances
which are used by clamav-milter and/or spamassassin
are you 100% certain that clamdscan is using the identical clamd
instance with identical configuration?
Yes only one instance of clamd is running.
I scan only the quarantined mail which was hold by clamav-milter before.
Tested under different servers, on all servers are the same result.
any idea how I can scan a text file as email, that phishing attempts
are identified?
if you send the code via telnet to the smtp server clamav-milter
identify it as "infected by Heuristics.Phishing.Email.SSL-Spoof"
If you scan a file with this code, clamdscan identify it as clean.
--- snip---
subject: test
--_000_ed9530a770f34b59940e38cc79be07c0SE011093_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable <a
href="http://www.example.de/";>https://www.example.de;
--_000_ed9530a770f34b59940e38cc79be07c0SE011093_-
---snip---
a good start would be to provide a *unchanged* sample .eml file so that
somebody can reproduce it - at least unmangeled eml files saved with
thunderbird and piped through clamdscan behave 100% identical to milter usage
because there is technical no difference at all
so most likely you file is just recognized as email
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
________________________________
This e-mail and files transmitted with it are confidential, and are intended
solely for the use of the individual or entity to whom this e-mail is
addressed. If you are not the intended recipient, or the employee or agent
responsible to deliver it to the intended recipient, you are hereby notified
that any dissemination, distribution or copying of this communication is
strictly prohibited. If you are not one of the named recipient(s) or otherwise
have reason to believe that you received this message in error, please
immediately notify sender by e-mail, and destroy the original message. Thank
You.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 676 40 221 40
p: +43 1 595 3999 33
http://www.thelounge.net/
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
