Re: [Clamav-users] Strange behavior of Clamav with HTML email from Outlook

Mon, 01 Oct 2007 20:49:38 -0700 

Dennis Peterson wrote:
> Chinh Nguyen Tam wrote:
>> Dennis Peterson wrote:
>>> Chinh Nguyen Tam wrote:
>>>> Greetings,
>>>>
>>>> We've notice some strange behavior of clamav in our email server for. 
>>>> When we try to send some email (HTML format, Outlook 2003) with URL 
>>>> inside, clamav detects these email as Email.Foolball-2 virus. If we send 
>>>> the emails with the same URL in Thunderbird HTML format or in pure text, 
>>>>   clamav will let the emails pass by.
>>>> You can see the example of one Outlook HTML attached in this messages 
>>>> (please unpack with gzip).
>>>> Please advice if anyone met the same problem before and how to solve this.
>>>>
>>>> Thank you very much!
>>> If your message contains a url such as http://123.231.255.29/, in other 
>>> words a URL 
>>> made up from an IP address, and if that URL is preceded by the word 
>>> "tracker" then 
>>> the message will fail. In fact I had to reword this post to get past the av 
>>> filter.
>>>
>>> dp
>> Yes, our emails contain urls with IP. We must change it so something 
>> like hxxp://123.123.123.123 to pass the filter. But you know, It's a bit 
>>    noisy for the users. It'd be ok if there's a tip to disable this kind 
>> of check from clamav.
> 
> Perhaps setting this option in your clamd.conf file will help.
> 
> # Scan URLs found in mails for phishing attempts using heuristics.
> # Default: yes
> #PhishingScanURLs yes
> 
> PhishingScanURLs no
> 
> The default is Yes.
> 
> dp

Some days ago I tried to set PhisingScanURLs to no but after that clamav 
failed to restart. My clamav version is 0.90.3. Does this means that an 
upgrade is needed?

[EMAIL PROTECTED] etc]# sh /etc/rc.d/init.d/clamd reload
Stopping Clam AntiVirus Daemon:                            [  OK  ]
Starting Clam AntiVirus Daemon: ERROR: Parse error at line 234: Unknown 
option PhishingScanURLs.
ERROR: Can't open/parse the config file /etc/clamd.conf
                                                            [FAILED]

Regards,
Chinh Nguyen
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Reply via email to