BTW, I see that McAfee GroupShield on our Exchange server catches these phishing e-mails, as well (this was a Citibank phish): ===== ******** McAfee GroupShield for Microsoft Exchange ********** **********************************************************************
Alert generated on: Tuesday, October 05, 2004 09:34:49 AM Pacific Daylight Time The body of this message has been replaced as it contains the Phish-BankFraud.eml virus. Please consult your administrator for further help quoting your ticket ===== So I would expect anyone that is running McAfee's scan.exe with Declude should be seeing these blocked, as well. Bill ----- Original Message ----- From: "Bill Landry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 05, 2004 9:23 AM Subject: Re: [Declude.JunkMail] Citibank - phishing- still live > ----- Original Message ----- > From: "Scott Fisher" <[EMAIL PROTECTED]> > > > > I've never caught any phish with my Viruscan. > > > > Do you have any special configuration settings that you use? > > Depends on your virus scanner. With uvscan on my Postfix gateways, I get > notifications like: > ===== > A virus was found: Phish-BankFraud.eml > Scanner detecting a virus: NAI McAfee AntiVirus (uvscan) > ===== > > Phishing detection is enabled by default with uvscan, however, can be > disable by using the following switch: > > --ignore-links > > I have not actually gotten any ClamAV notifications yet, since I just > installed the release candidate last night. But ClamAV by default now > supports many new features, which can be disabled with the following > switches: > > --no-mail Disable mail file support > --no-pe Disable PE analysis > --no-ole2 Disable OLE2 support > --no-html Disable HTML support > --no-archive Disable libclamav archive support > --detect-broken Try to detect broken executable > files > --block-encrypted Block encrypted archives > --block-max Block archives that exceed limits > --mail-follow-urls Download and scan URLs > > Bill > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
