Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: paul.b on May 12, 2022, 11:43:18 AM
-
hi all,
i been having a back and forth thing with the sender of an email, and being blamed that it's on my side. :?
- wrote a line in spam assassin to whitelist the entire domain still not received it
- sender says they have no problems with other people getting emails from that particular email address
anybody know of this as being a virus or a false positive ? i did some digging around and some are saying that it is not a virus :???:
" <<< 552 Virus found: Heuristics.Phishing.Email.SpoofedDomain
554 5.0.0 Service unavailable "
thank you in advance :D
-
I have similar issues with a Bank using an external service based on Amzws server for vault document exchange. The emails are really comparable to a phishing campaign with no or little respect for rfc.
I choosed not to do any exception because i would be more at risk using this service.
They could easily fix that on their side in your case https://www.authsmtp.com/smtp-error-codes/250-virus-scanned-email-discarded.html
-
I have similar issues with a Bank using an external service based on Amzws server for vault document exchange. The emails are really comparable to a phishing campaign with no or little respect for rfc.
I choosed not to do any exception because i would be more at risk using this service.
They could easily fix that on their side in your case https://www.authsmtp.com/smtp-error-codes/250-virus-scanned-email-discarded.html
Oh yeah, i was actually looking at that link earlier, but at the same time I am thinking to hold back on the whitelisting / removing of the thing on our side for security reasons. I really wanted a second opinion too.
thank you for your reply Jean-Philippe :)
-
Ok, I have emailed out the IT team of that sender and they have done nothing to fix the issue, can someone please let me know how can i whitelist that signature in the antivirus ?
Heuristics.Phishing.Email.SpoofedDomain
thank you in advance
-
https://linux.die.net/man/5/clamd.conf
PhishingScanURLs BOOL
Scan URLs found in mails for phishing attempts using heuristics. This will classify "Possibly Unwanted" phishing emails as Phishing.Heuristics.Email.*
Default: yes
Seems like you need to add "PhishingScanURLs no" line to /etc/clamd.d/scan.conf via custom template
-
or just disable the specific signature
https://www.securiteinfo.com/services-cybersecurite/anti-spam-anti-virus/whitelisting_clamav_signatures.shtml
-
or just disable the specific signature
https://www.securiteinfo.com/services-cybersecurite/anti-spam-anti-virus/whitelisting_clamav_signatures.shtml
won't work https://portal.smartertools.com/community/a1225/how-to-disable-a-specific-clamav-scan.aspx#127463
-
thank you everyone for the help, i have applied the settings to the server and waiting on an email to see if it works fine :)
again thank you all :)
-
won't work https://portal.smartertools.com/community/a1225/how-to-disable-a-specific-clamav-scan.aspx#127463
if you see the comments in the page they all restarted the mail service but none actually had restarted clamav
so would still worth a try.