Today we got a spam email claiming to be "From: clamav" at our domain,
from IP address 201.80.225.194. We already get spam "To: clamav".
Since we indeed have a virtual mailbox named "clamav" (to receive this
list), I am wondering if this is just a good guess by the spammer, or
if somehow the ClamAV mailing list has leaked out.
Maybe it just indicates that ClamAV is gaining recognition.
P.S. We can tell that spam purporting to be "From:" our domain is
bogus because I have set up an outbound filter that adds an email
header ("X-" style) which carries a salted hash of the email's regular
headers, and this, in turn, is checked by an inbound filter. (It's
sort of a lite version of DKIM.)
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
