ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
False positive phishing email deletion: Dice.com Job Alerts
nerfherdr9


Joined: 22 May 2009
Posts: 1
Location: Washington, USA
Reply with quote
Clamwin 0.95.1 is flagging all JobAlert emails from Dice.com ( sender jobs@dice.com ) with the following info:

Warning: This message has had one or more attachments removed
Warning: (The entire message).
Warning: Please read the "Mail-Filter-Gateway-Attachment-Warning.txt" attachment(s) for more information.

This is a message from the MailFilterGateway E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "The entire message"
was believed to be dangerous and/or infected by a virus and has been replaced by this warning message.

At Fri May 22 02:47:09 2009 the scanner said:
message was infected: Phishing.Heuristics.Email.SpoofedDomain FOUND

I'm using Outlook 2002 ( 10.6838.6845 ) SP3 on Windows XP SP3.

Since Clamwin seems to have simply deleted the email message ( there's nothing in the quarantine folder ), I am unable to attach the triggering message and send it to you via your automated false-positive reporting system.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4191
Location: USA
Reply with quote
Are you using Clam Antivirus or ClamWin Antivirus? This is the forums for ClamWin. Clam Antivirus does provide the scanning engine and signature database used by ClamWin Antivirus. You should report false positives for both of these antiviruses to Clam Antivirus at its submission page starting at http://www.clamav.net/sendvirus/ on the web. If you are reporting a false positive, be sure to fill in the false positive designation, and tell them the exact name of the false positive virus.

Clam will need a copy of any file that has a false positive detection in order to verify it and to help them prepare a signature that will exclude that file. If you are using ClamWin, perhaps you could change ClamWin's detection option to Report Only and capture the file for submission to Clam. They get some false positives on Spoofed Domains, but it seems to me that any email with a spoofed domain is suspect. Why would anyone spoof a domain if they are legitimate?

Regards,
View user's profileSend private message
False positive phishing email deletion: Dice.com Job Alerts
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic