I have just started getting these claiming to be relevant to ClamAV, but I have *also* been receiving this sort of thing claiming to be from the Firefox ESR list for months now.
I am posting (one of) the HTMLs "about" ClamAV to https://www.clamav.net/reports/malware. Should I also post (one of) the Firefox phishes? (In fact, I have several of each, but it quickly gets tedious.) On Wed, 22 Mar 2023 16:48:32 +0000 "Micah Snyder \(micasnyd\) via clamav-users" <clamav-users@lists.clamav.net> wrote: > All, > > Some users have reported receiving emails that appear to be a reply to a > clamav-users mailing list thread but are in fact a phishing attempt have > attached malware. > > Most recently, Marc reported receiving an email that appeared to be a reply > to an older clamav-users mailing list thread but was in fact a direct email > targeting him. It had this fairly generic phishing text: > > "Would you please look through the last agreement? I have attached some extra > details about it." > > The attached file was some small HTML file containing malicious obfuscated > javascript. > > This isn't the first time we've heard of this type of phishing using our > mailing list archives. Please be careful when you see any sort of attachment, > even if it appears to be from this community. > > If you receive this sort of phishing email, please report the attached HTML > file to https://www.clamav.net/reports/malware > > Regards, > Micah > > > > Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
