koffiejunkie wrote: > Hi guys, > > Pretty much what the subject says. Amavisd-new (through ClamAV) is > identifying legitimate mails from eBay as HTML.Phishing.Auction-113. > The notification I get looks like this (Subject and e-mail address > changed for privacy, of course): > > > A virus was found: HTML.Phishing.Auction-113 > > Scanner detecting a virus: ClamAV-clamd > > Content type: Virus (9,0) > Internal reference code for the message is 29147-19/PLfqqUg3n0u6 > > First upstream SMTP client IP address: [66.135.215.239] > smfcamppool10.emailebay.com > According to a 'Received:' trace, the message originated at: > [66.135.215.239], > dooby3-snat.smf.ebay.com (HELO [10.108.161.72]) ([10.108.160.72]) > > Return-Path: <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > X-Mailer: Kana Connect 6 > Subject: ebayuser, knock her Christmas stockings off this year with > eBay > The message has been quarantined as: virus-PLfqqUg3n0u6 > > Notification to sender will not be mailed. > > The message WAS NOT relayed to: > <[EMAIL PROTECTED]>: > 254 2.7.1 Ok, discarded, id=29147-19 - VIRUS: HTML.Phishing.Auction-113 > > Virus scanner output: > p002: HTML.Phishing.Auction-113 FOUND > > > What is triggering this? Any way to prevent it? > > Thanks
Submit the mail to the clamav team as a false positive. clamav.net/sendvirus/ Release the mail from your quarantine with amavisd-release. Newer versions of amavisd-new can turn phishing detection into spam points rather than blocking the mail outright. Look in amavisd.conf-sample for @virus_name_to_spam_score_maps. -- Noel Jones ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
