Can someone expand on the ClamAV detecting phishing attempts. Or direct me some where?
Thank you,
--Joe
Matt Kettler wrote:
Sunny Forro wrote:
Hello, I've got a problem. I've got a lot of phishing attacks making it through my mailscanner setup. I do have phishing fraud detection turned on, and I have not modifed the phishing safe sites list. Most(if not all) of the phishing emails are ebay account notices with forged IP addresses. I don't understand how these are getting through. Is anyone else out there having the same problem? Does anyone have any suggestions? The only reason I know they're getting through is because I've set up MailWatch for MailScanner(works great, makes it easy to see what's going on)
Have you considered adding clamav to your MailScanner setup? clamav detects a wide variety of stock phishing scams as if they were viruses. Works great for me with my setup. (I use it with MailScanner, but I have the MailScanner phishing net disabled). It's not 100%, but it catches 80-90% of them without any work on my part.
http://www.clamav.net/
From there you might want to consider the SARE spoofing ruleset forSpamAssassin (I've not tried it myself, but it seems well written)
http://www.rulesemporium.com/rules/70_sare_spoof.cf
