Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain...

Tue, 13 Apr 2021 07:40:43 -0700 

I'm seeing a FP from a Delta Airlines email.

Also, with clamav-milter and sendmail. I see that the headers of
quarantined messages go to /var/spool/mqueue with root:smmsp owner/group
permissions and the header of the email starts with hf whilst the body of
the message starts with df. So the message in question looks like this:
-rw------- 1 root smmsp    10050 Apr 12 09:40 hf13CDdtaZ2926176
-rw------- 1 root smmsp   100157 Apr 12 09:39 df13CDdtaZ2926176

To release the message how does one find the queue_id to use the sendmail
-qI command?


On Thu, Apr 1, 2021 at 7:11 PM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Thu, 1 Apr 2021, eric-l...@truenet.com wrote:
>
> > Just a heads up.  I noticed a bunch of American Express Statements in our
> > quarantine.
> > My guess is because they are using m.amex and go.amex links in the
> emails.
> >
> > DKIM and SPF pass so these definitely seem to be legit AMEX emails.
> > From address is "American Express" <americanexpr...@welcome.aexp.com>
>
> Name(s) of the signature(s) detected?
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.clamav.net_mailman_listinfo_clamav-2Dusers&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=-Ywl1Y1MejQU-csE6Jqe9E3SmvO8PsWBo-EwYfHf15s&s=Bdo5j9dvw_GstTEa1ILzn6mOYmD8W0IVP0I8_GsdYHY&e=
>
>
> Help us build a comprehensive ClamAV guide:
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vrtadmin_clamav-2Dfaq&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=-Ywl1Y1MejQU-csE6Jqe9E3SmvO8PsWBo-EwYfHf15s&s=M_PbxgBAZBj7rq-kfXkFAipn5xCbNt98-fKsWwVxAtE&e=
>
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clamav.net_contact.html-23ml&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=-Ywl1Y1MejQU-csE6Jqe9E3SmvO8PsWBo-EwYfHf15s&s=HLTiTlk4nPlro9VIn2SAysUbnxk5AHP6mJZx2kXLVMs&e=
>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to