Re: [Clamav-users] What is infected attachment (Email.Phishing.RB-827)?

On 7/3/07, Christoph Cordes <ib@precompiled.de> wrote:
>
> >
> >
> >
>
> Could you please provide a copy of the mail that clam blocks? The
> fact that i received your mail is a proof that ClamAV does not detect
> anything in mails from you. So, the mail that Clam detects on your
> server contains something different OR your installation is fubar OR
> you're using some signature file that is not part of the official
> ClamAV database.
>
> --
> Best regards,
> Christoph

Not including the From/To address etc. The body of the mail is as follows and it has one attachments (.eml file) which is nothing but a previous email which is being forwarded again to this user,

---
RK,

I am not sure if you have received this mail and hence forwarding it to you.

Incase you have received the mail and you are unable to give this
information, please do inform me so that I can call other agencies for a
pitch.

Please respond.

Regards,


BG Mahesh
CEO
Greynium Information Technologies Pvt. Ltd
Phone: +91 80 2518 0800 (Board)
Fax:     +91 80 2518 0801
http://www.oneindia.inhttp://www.click.in - Free Indian Classifieds
http://explore.oneindia.in - An India specific directory

----------------------------end ------------

Our setup,


surgemail_38i3_linux  mailserver
clamav-0.90.3
scavs-0.66  (
http://www.inoc.net/~dev/surgemail/scavs/<
http://www.inoc.net/%7Edev/surgemail/scavs/>)

The user was using Outlook (not Outlook Express) to send that email.

-- 
--
B.G. Mahesh
http://www.greynium.com/http://www.oneindia.in/http://www.click.in/ - Free Indian Classifieds
_______________________________________________
Help us build a comprehensive ClamAV guide: visit 
http://wiki.clamav.nethttp://lurker.clamav.net/list/clamav-users.html