Re: [Declude.Virus] pay-pal phishing
Isn't that basically what the spamdomains test does? Specifies what domains a mail server can be in that sends for a particular domain... Darin. - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Thursday, February 15, 2007 7:22 PM Subject: RE: [Declude.Virus] pay-pal phishing One way you could do this is to use the following lines in a filter #PAYPAL REVDNS END ENDSWITH .paypal.com MAILFROM 20 ENDSWITH @paypal.com Also as far as I know the genuine paypal IP's are listed with BONDEDSENDER David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob McGregor Sent: Thursday, February 15, 2007 5:17 PM To: Declude-List Subject: [Declude.Virus] pay-pal phishing Anyone configured a way to stop some of the pay-pal scam emails? thanks, bob --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] pay-pal phishing
One drawback of spamdomains: I believe the spamdomains compares the smtp sender with the revdns. Many phish will come from a SMTP sender of [EMAIL PROTECTED] and thus won't fail a spamdomains test. I second the CLAMAV with sanesecurity phish addons. - Original Message - From: Darin Cox [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, February 16, 2007 5:06 AM Subject: Re: [Declude.Virus] pay-pal phishing Isn't that basically what the spamdomains test does? Specifies what domains a mail server can be in that sends for a particular domain... Darin. - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Thursday, February 15, 2007 7:22 PM Subject: RE: [Declude.Virus] pay-pal phishing One way you could do this is to use the following lines in a filter #PAYPAL REVDNS END ENDSWITH .paypal.com MAILFROM 20 ENDSWITH @paypal.com Also as far as I know the genuine paypal IP's are listed with BONDEDSENDER David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob McGregor Sent: Thursday, February 15, 2007 5:17 PM To: Declude-List Subject: [Declude.Virus] pay-pal phishing Anyone configured a way to stop some of the pay-pal scam emails? thanks, bob --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Current Version of Clam AV
What is the current release of Clam AV for windows? I saw 0.90 stable is out now. Mark Reimer IT System Admin American CareSource 972-308-6887 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Current Version of Clam AV
Clam AV releases prior to 0.90 have Dos issues I believe. Is their a 0.90 release for windows? Mark Reimer IT System Admin American CareSource 972-308-6887 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Reimer Sent: Friday, February 16, 2007 10:06 AM To: declude.virus@declude.com Subject: [Declude.Virus] Current Version of Clam AV What is the current release of Clam AV for windows? I saw 0.90 stable is out now. Mark Reimer IT System Admin American CareSource 972-308-6887 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Exploit-Dropper.1Table
Here's a strange one. Declude reports that it is detecting a virus in a file attachment that is a Word document. AVG Reports VIRUS: Exploit-Dropper.1Table Yet when I send that same email to VirsuTotal.com, AVG states no virus detected. And none of the other programs listed on VirusTotal.com detect anything either. I guess I need to send this one to Declude support. Gary --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
