Re: [mailop] How to contact ClamAVNet support
Dňa 6. júna 2022 14:10:17 UTC používateľ Tim Bray via mailop napísal: >And financial companies (our banks) give us the most trouble. PDFs with >javascript. Wordocs with weird macros. Emails with links that point to >really crazy domains. All usually something to just print, fill in and send >back in snail mail. Thanks for this, i see the same behaviour from our (Slovak) e-shops. While most of them haven't own IT team, i feel very bad, but now i see, that this is not exclusive to our country ;-) regards Slavko ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] How to contact ClamAVNet support
On 03/06/2022 11:13, Carlota Iglesias Martinez via mailop wrote: I have managed to find that “Herustics” refers that they are coming from a financial institution and ‘SpoofedDomain’ means that they contain hyperlinks that are not known to be associated with the organization and may be phishing attempt. I can’t find any suspicious links on the email content. I think you have to remember that without dmarc, it is very easy to send email from bongosbank.com with links pointing to a scam site. And people click these links, because they come from a trusted source :) (People even forward these scam emails to their PAs and say `can you sort this for me?`) So at work we run clamav with the securiteinfo.com extra signatures. And rspamd. And financial companies (our banks) give us the most trouble. PDFs with javascript. Wordocs with weird macros. Emails with links that point to really crazy domains. All usually something to just print, fill in and send back in snail mail. And second of all, the banks are most upset when they get a call back saying `We didn't get your email`, `oh, I checked with IT and what you are emailing definitely looks like a virus`. It's always our fault and they are always very defensive. And we end up whitelisting them because otherwise we can't operate because we need flowing money, thus opening the door to real scammers. Yet the banks are emailing us every week saying `watch out for phishing attempts`. I'd counter that they just need to make their IT more plain and simple with way less tracking, which would benefit security. And this is before we get onto: 10 different marketing click tracking, pop up loading, lots of javascript from 8 different domains/CDNs in a simple website. Tim ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] How to contact ClamAVNet support
On Fri, 3 Jun 2022, Carlota Iglesias Martinez via mailop wrote: Hi all, Hope you are well. Does anyone here works or know how to contact ClamAVNet? I have opened several tickets through their website but I am not getting any response. You could try clamav-us...@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users says that you should *subscribe to* this list if you need support. In my experience, traffic on the list is more about the ClamAV software than their malware database. As Jarland said, ClamAV is open source software, so no one is paying for support, but that means they have no paying customers to prioritize. They are part of Cisco. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] How to contact ClamAVNet support
That's open source software, there's no one to get ahold of. The way that you trigger the rule you mentioned is by having an HTML link in your email which shows in it's text to point to one domain, but in reality points to another. To avoid triggering it myself, I'll show you what I mean here: https://paste.mxroute.app/?3c0c6331e456a71d#3yo1hu5hQximbkGdH3nz2bf1sHtrPZqsCaFGRNE81byL The way this is parsed, the user thinks they're going to "whereimtellingyouimsendingyou.com" but I'm actually sending them to "whereimreallysendingyou.com" instead. It isn't uncommon for this to be triggered without malicious intent, often because the email uses tracking links that send a user to a different domain which logs the click and then forwards them to the domain they were told they were being sent to anyway. There are only two ways to solve this: 1. Don't send emails with links like that. 2. Ask the administrator of the recipient server to change configurations as necessary. On 2022-06-03 05:13, Carlota Iglesias Martinez via mailop wrote: Hi all, Hope you are well. Does anyone here works or know how to contact ClamAVNet? I have opened several tickets through their website but I am not getting any response. I have a financial institution sending emails and receiving the following bounce on some B2B domains: _550 Message contained unsafe content (Heuristics.Phishing.Email.SpoofedDomai_n). After a lot of digging, I managed to get in touch with one of the B2B ISPs who told me the reason why emails were failing was due to ClamAVNet filtering system and I should get in touch with them. I have managed to find that “Herustics” refers that they are coming from a financial institution and ‘SpoofedDomain’ means that they contain hyperlinks that are not known to be associated with the organization and may be phishing attempt. I can’t find any suspicious links on the email content. If anyone know how to get in touch with ClamAVNet, it would be highly appreciated. Thanks, Carlota Carlota Iglesias Martinez SENIOR DELIVERABILITY CONSULTANT EXPERIENCE OPTIMIZATION- CAMPAIGN MANAGED SERVICES M +44 79020-545429 igles...@adobe.com _PTO: 14th, 25th-29th April 2022, 2nd May 2022_ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop