ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
False PayPal detection with hMail
megastrike


Joined: 14 Sep 2008
Posts: 2
Reply with quote
Rolling Eyes
Hi We use ClamWin and hMail on our windows 2003 server. That works really well except for the interception of the PayPal receipts whenever a user buys something through PayPal.
It says:- Virus found: Receipt for Your Payment to Apus Corporation Pty Ltd

It only happens via PayPal. How can I prevent this?

Neil
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 894
Location: Italy
Reply with quote
are you using phishing detection? you may need to disable it
View user's profileSend private message
megastrike


Joined: 14 Sep 2008
Posts: 2
Reply with quote
No it is not phishing as far as I can tell. The logs on the server indicate that hmail scanned the incoming message (using Clamwin) and found a virus (false). I also get these false virus detections when a member responds to a question.

Or.... is there a phishing filter in clamwin somewhere that I can turn off. Is there a way to add a whitelist?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4210
Location: USA
Reply with quote
Clam has phishing turned off. There is a list of command line options in this thread: http://forums.clamwin.com/viewtopic.php?t=800&highlight=command+line+commands in the ClamWin forum. These information probably needs greater exposure.

You can exclude a file from ClamWin scheduled scans (but not from an individual scan) by listing the file in Preferences, Filters, on the left-hand side of the page. Use something like: filename.ext and that should work.

You can whitelist file also, but the Filters option might be better, as it is easier to change. Some whitelist info is below, but it might not be current. Do some Googling first if you want to try it. I think whitelisting will exclude it from all scans.

"2.5 Whitelist databases
To whitelist a specific file use the MD5 signature format and place it inside a
database file with the extension of .fp.
To whitelist a specific signature inside main.cvd add the following entry into
daily.ign or a local file local.ign:
db_name:line_number:signature_name"

If you have a known false positive (check it out on Jotti or VirusTotal first), submit the file to Clam. Fill out the form on the Clam submission page at http://www.clamav.net/sendvirus/ on the web.

Regards,
View user's profileSend private message
False PayPal detection with hMail
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic