On Wed, Apr 25, 2007 at 02:40:32PM -0600, Gary V wrote:
> > Quite possibly an encrypted, and as of yet, undetected virus. I just got
> > one with a password protected .rar file. I suggest blocking .rar files. I
> > hope your users have not opened any of these. Mine claims to be a patch
> > for an undetected worm.
>
> A-Squared Found nothing
> AntiVir Found nothing
> ArcaVir Found nothing
> Avast Found nothing
> AVG Antivirus Found nothing
> BitDefender Found nothing
> ClamAV Found Email.Phishing.RB-686
> Dr.Web Found nothing
...
> VBA32 Found nothing
>
> I think you are getting this virus. I think it's more serious than
> ClamAV thinks it is. I would say there's another storm a brewin'.
You should be able to stand down from the alert a bit:
ClamAV by default reports known standard phish emails as "viruses",
using this "Email.Phishing" format, to protect unsuspecting users from
getting all their money stolen. No other AV vendors do that, so far as
I know. If you don't want this behavior, ISTR you can disable those
signatures in current versions of ClamAV.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network consulting services
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
