I made an attempt to determine whether epl.paypal-communication.com was a
legitimate domain owned by PayPal with very mixed results.
No WhoIs service could identify it directly, but ARIN was able to determine
that the IP address 159.127.187.100 belongs to Epsilon Data Management LLC
(PSI1),
Most of your links check out clean. The one that was found to be Possibly
Unwanted was this one, apparently regarding Legal Agreements:
>
> We're changing our Legal Agreements. We wanted to check
> its OK with you. We're making some changes to our Legal
> Agreements; the documents that govern
Hi,
I have a strange problem. On a machine with 8 core and 32Gb of RAM, and
CentOS 6 with EPEL as OS and ClamAV 0.99.2-2.el6, after the 26 of April
I noticed an increase of the CPU usage (from 260% to 530%). Only change
happened was the update of the databases via freshclam. None in log, or
Am 31.05.2017 um 12:41 schrieb Joel Esler (jesler):
So is it us that needs to adjust our software for something that PayPal is
doing? Or should PayPal adjust what they are doing?
you need to adjust when you pretend something is phising while it's
legit which can be verified by SPF/DKIM and
Hi Al,
Thank you for your help with this, it's appreciated.
Not being a ClamAv user myself, this doesn't make much sense to me tough.
Could someone please confirm what this issue is in clear terms?
Thanks,
Anne-Sophie
-Original Message-
From: clamav-users
So is it us that needs to adjust our software for something that PayPal is
doing? Or should PayPal adjust what they are doing?
--
Sent from my iPhone
> On May 31, 2017, at 06:38, Al Varnell wrote:
>
> OK, I managed to clean it up enough and added a fake header so I could
OK, I managed to clean it up enough and added a fake header so I could run
clamscan --debug and it confirmed my suspicions:
> LibClamAV debug: Phishcheck:host:.epl.paypal-communication.com
> LibClamAV debug: Phishing: looking up in whitelist:
> .epl.paypal-communication.com:.www.paypal.com;
Hi Al,
Could you please confirm exactly what is the issue you see with the links? As
far as I can see, they use standard link tracking. Here are two examples:
Well I certainly have run across several legit detections over the years along
with many more FP's, and since it was confusing so many ClamXav users, it's
been turned off for by the developer for over a year now. SafeBrowsing has
always been disabled (already in use by most all OS X browsers),
Hi Al,
I'm including below the source of an email that was rejected recently. Could
you please point out exactly what you feel is the issue with the links?
Many thanks,
Anne-Sophie
Your Legal Agreements with PayPal
table th { margin:0 !important; padding:0 !important;
Am 31.05.2017 um 10:05 schrieb Al Varnell:
Perhaps they feel the burden is on PayPal to remove the obfuscation being used
in their links.
they don't have to feel anything - they have to fix false positives and
if it means remove heuristic phisiing signatures completly when they are
provne
Perhaps they feel the burden is on PayPal to remove the obfuscation being used
in their links.
Might be necessary for PayPal corporate to contact Cisco/Talos/ClamAV directly
to resolve this long standing issue.
But I am a bit surprised that they haven't commented.
-Al-
On Wed, May 31, 2017
Hi,
I did but never heard anything back unfortunately.
We still had a lot of mail blocked on the 29/5 because of this issue.
Is there any other way I can submit the samples than via the website? It looks
like no-one is following up on this, which is very poor.
Thanks,
Anne-Sophie
13 matches
Mail list logo