Updates:
1) This is continuing. It seems that it's almost exclusively legitimate
emails from Citi (major US bank) that are getting flagged
as Heuristics.Phishing.Email.SpoofedDomain
I reported to ClamAV - this very well could just be a ClamAV problem, but
it started the same days as I went from 16080 to 16106 (and ASSP_AFC
update). Could something have changed between those versions to either:
1) Make ClamAV suddenly be able to detect these (incorrectly) or
2) Be sending incorrect info to ClamAV somehow?
It's likely just a coincidence and I know I can just turn off the phishing
heuristics, but it seems like a great feature to have on.
2) I know why the emails are being delivered, The sender ip range is
senderbase whitelisted which is enough to reduce the message score to an
acceptable level. OF COURSE!! Always nice to see ASSP considering
multiple facets of an email.
3) The admin notification emails still do not have a To or Subject in the
email header of the notification itself - I'm not talking about the body of
the notification which is essentially the original email header with
detection information, I'm talking about the header of the notification.
That means that in Outlook, only the from shows up. Subject is blank,
which makes it hard to spot these.
On Sun, Apr 17, 2016 at 11:53 AM, K Post <nntp.p...@gmail.com> wrote:
> Thanks for chiming in Robert. I had previously looked tat that info
> page. What I'm trying to figure out is if something changed in one of the
> last couple of releases of ASSP that could be causing these false positives
> now.
>
> And I don't understand why they would be delivered to the end user if
> ClamAV thought it was phishing. I'm glad that they were sent through since
> ClamAV was wrong, but I want to make sure functionality is working when
> there's a real phishing attempt.
>
>
> On Sun, Apr 17, 2016 at 7:08 AM, Robert K Coffman Jr. -Info From Data
> Corp. <bcoff...@infofromdata.com> wrote:
>
>> > We've seen several rejected emails since 16106 listing: Virus Detected:
>> > 'Heuristics.Phishing.Email.SpoofedDomain'
>>
>> Look at http://sanesecurity.com/support/false-positives/
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Find and fix application performance issues faster with Applications
>> Manager
>> Applications Manager provides deep performance insights into multiple
>> tiers of
>> your business applications. It resolves application problems quickly and
>> reduces your MTTR. Get your free trial!
>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>
>
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
