-Original Message-
From: "John W. Baxter" <[EMAIL PROTECTED]>
To: "ClamAV users ML"
Sent: 8/27/07 4:59 PM
Subject: Re: [Clamav-users] Possible problem with
Phishing.Heuristics.EmailSpoofedDomain daily sigs 4054
>Problem seems not to be a ClamAV problem, but ours. Sorry for the noise.
G
Problem seems not to be a ClamAV problem, but ours. Sorry for the noise.
On 8/24/07 2:12 PM, "John W. Baxter" <[EMAIL PROTECTED]> wrote:
> Daily sigs: 4054; main 44. ClamAv 0.91.2-1
>
> Installed on CentOS-4.5 from Dag's packages. Freshly updated via the
> packages from the ancient 0.90-2 (al
At 03:26 PM 8/27/2007, some careless fool wrote:
>Unfortunately, clamd doesn't seem to log (all) options on startup, so
>the log isn't terribly useful this time.
Correction, clamd does log when PhishingScanURLs is disabled. So you
should check what clamd logs on startup.
# grep phishing /path/t
At 02:49 PM 8/27/2007, John W. Baxter wrote:
>We're seeing
>1. Mail from Yahoo groups (or some mail from Yahoo groups) being marked
>as Phishing (for URL reasons)
>2. Same for a Seattle Times mailing list.
>3. Same for a Democracy in Action mailing.
>4. Customer (unwise, usually
On 8/24/07 2:12 PM, "John W. Baxter" <[EMAIL PROTECTED]> wrote:
> Daily sigs: 4054; main 44. ClamAv 0.91.2-1
>
> Installed on CentOS-4.5 from Dag's packages. Freshly updated via the
> packages from the ancient 0.90-2 (also Dag's).
(of course
> For the moment, I'm turning what should be the qu
At 04:12 PM 8/24/2007, John W. Baxter wrote:
>Daily sigs: 4054; main 44. ClamAv 0.91.2-1
>
>Installed on CentOS-4.5 from Dag's packages. Freshly updated via the
>packages from the ancient 0.90-2 (also Dag's).
>
>Called via pyclamav (rebuilt to matching libclamav) in our own code.
>
>One sample:
Daily sigs: 4054; main 44. ClamAv 0.91.2-1
Installed on CentOS-4.5 from Dag's packages. Freshly updated via the
packages from the ancient 0.90-2 (also Dag's).
Called via pyclamav (rebuilt to matching libclamav) in our own code.
One sample: what looks like a proper Netflix shipping notice, whi