Dave - you are right! This appears to a matter of poor "labeling" by AVG -
and has nothing to do with Declude.


I have since looked through a large sample of held emails and they either
are well crafted short "Notices" about a supposed change in SMTP, POP
settings - which even lists the person's email address, and a warning to
"carefully" read the enclosed "instructions" before making changes. Then
there is a link to a ZIP file (which likely will be a virus).


The other group of emails deals with a supposed non-deliverable DHL package
that one needs to pick up at the post office after printing the attached
label (with the link to a zip file).


All appears to be emails with links to malicious pages. In that respect, one
can't argue that Declude Virus is the appropriate place to catch that (but
then it's inconsistent for AVG to detect it with a label "Spam").


You are further correct, that AVG has done a good job catching this one. I
ran it past ClamD and the latest McAfee hourly signature - and neither
flagged those emails.



From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Sent: Wednesday, May 12, 2010 12:20 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] AVG reports "SPAM" as "VIRUS"!


Looks like it is part of their virus signatures, and the only line in the
email was:    http://glunis.g**glegroups.com/web/setup.zip


We could request that they change the name. if not we will have to make an
translation in our code to accommodate this.


File 45710617.eml received on 2010.05.12 16:16:29 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND


Result: 1/41 (2.44%)

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.


Reply via email to