Phishing emails not being quanrantined

Thread: Phishing emails not being quanrantined

Search this list only Search all lists
Phishing emails not being quanrantined
United States	2008-03-23 09:56:04
I'm using ClamAV with Amavis-new (latest versions of both). How do I get phishing messages to be quarantined like infected messages? I noticed that emails that ClamAV identifies as phishing emails are not being quarantined. Even though I have the final_virus_destiny set to D_DISCARD, these phishing messages are being treated differently than the infected messages. Here is a section of my clamd.log file... Sun Mar 23 03:04:49 2008 -> /var/amavis/tmp/ amavis-20080323T025140-62561/parts/p001: HTML.Phishing.Pay-287 FOUND Sun Mar 23 03:31:56 2008 -> /var/amavis/tmp/ amavis-20080323T033050-63534/parts/p001: HTML.Phishing.Pay-287 FOUND Sun Mar 23 03:37:00 2008 -> /var/amavis/tmp/ amavis-20080323T032847-63470/parts/p001: HTML.Phishing.Pay-287 FOUND Sun Mar 23 03:39:58 2008 -> /var/amavis/tmp/ amavis-20080323T033828-63652/parts/p004: Trojan.Dropper-4944 FOUND Sun Mar 23 03:41:05 2008 -> /var/amavis/tmp/ amavis-20080323T033045-63526/parts/p001: HTML.Phishing.Pay-287 FOUND Sun Mar 23 03:46:02 2008 -> /var/amavis/tmp/ amavis-20080323T034501-63783/parts/p001: HTML.Phishing.Pay-287 FOUND Sun Mar 23 04:03:27 2008 -> /var/amavis/tmp/ amavis-20080323T040327-64058/parts/p001: HTML.Phishing.Pay-287 FOUND The virus quarantine directory contains only one email, the one with the trojan payload. I received a phishing message and the tests section of its X-Spam- Status line has AV:HTML.Phishing.Pay-287=<some low score>. AV:HTML.Phishing.Pay-287 doesn't appear to be a rule that SpamAssassin is adding or even aware of, so I don't think that putting this rule with an increased score in the SpamAssassin local.cf file would make any difference. Jose ....................................................... Jose Hales-Garcia UCLA Department of Statistics josestat.ucla.edu ------------------------------------------------------------ ------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

Re: Phishing emails not being quanrantined
	2008-03-23 10:31:06
On 3/23/08, Jose Hales-Garcia wrote: > > I'm using ClamAV with Amavis-new (latest versions of both). How do I > get phishing messages to be quarantined like infected messages? > > I noticed that emails that ClamAV identifies as phishing emails are > not being quarantined. Even though I have the final_virus_destiny set > to D_DISCARD, these phishing messages are being treated differently > than the infected messages. > > > Jose > http://marc.info/?l=amavis-user&m=119895890804677 Read: http://www.ijs.si/software/amavisd/release-notes.txt Search for virus_name_to_spam_score_maps -- Gary V ------------------------------------------------------------ ------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )