clamav-users October 2011 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] Phishing and ClamAV

Re: [clamav-users] Phishing and ClamAV

From: Ivan Ivanov <unix.ivan_at_nospam>
Date: Thu Oct 20 2011 - 12:53:15 GMT
To: clamav-users@lists.clamav.net

Hello Edwin:

It is okay now:

 clamscan -d /var/lib/clamav/local.pdb message.eml
message.eml: Heuristics.Phishing.Email.SpoofedDomain FOUND

----------- SCAN SUMMARY -----------
Known viruses: 1
Engine version: 0.97.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.023 sec (0 m 0 s)

Thank you very much for your hepl and support!

With best regards,

Ivan Ivanov

 

 

 

-----Original Message-----
From: Török Edwin <edwin@clamav.net>
To: clamav-users <clamav-users@lists.clamav.net>
Sent: Thu, Oct 20, 2011 3:36 pm
Subject: Re: [clamav-users] Phishing and ClamAV

On 10/20/2011 03:31 PM, Ivan Ivanov wrote:
> Hello Edwin.
>
> Here is:
>
> clamscan -d /var/lib/clamav/local.pdb message.eml
> message.eml: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 1
> Engine version: 0.97.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 0.021 sec (0 m 0 s)
>
>
> # cat message.eml

The file should be a mail message, so add these 4 lines (including blank one) at
the beginning:

From test@example.com
From: test@example.com
To: test@example.com

> Visit testbank.lan

There is the problem, .lan is not a valid TLD and ClamAV doesn't recognize
testbank.lan as a URL.
Try using valid TLDs, for example testbank.example.com and then ClamAV should
block your message.

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

 
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml