|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: [Clamav-users] Strange behavior of Clamav with HTML email from Outlook
From: Chinh Nguyen Tam <ntchinh(at)tma.com.vn>
Date: Mon Oct 01 2007 - 23:47:03 EDT
>
> Perhaps setting this option in your clamd.conf file will help.
>
> # Scan URLs found in mails for phishing attempts using heuristics.
> # Default: yes
> #PhishingScanURLs yes
>
> PhishingScanURLs no
>
> The default is Yes.
>
> dp
ERROR: Can't open/parse the config file /etc/clamd.conf
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html Received on Mon Oct 1 23:51:18 2007
Date: Mon Oct 01 2007 - 23:47:03 EDT
Dennis Peterson wrote:
> Chinh Nguyen Tam wrote:
>> Dennis Peterson wrote: >>> Chinh Nguyen Tam wrote: >>>> Greetings, >>>> >>>> We've notice some strange behavior of clamav in our email server for. >>>> When we try to send some email (HTML format, Outlook 2003) with URL >>>> inside, clamav detects these email as Email.Foolball-2 virus. If we send >>>> the emails with the same URL in Thunderbird HTML format or in pure text, >>>> clamav will let the emails pass by. >>>> You can see the example of one Outlook HTML attached in this messages >>>> (please unpack with gzip). >>>> Please advice if anyone met the same problem before and how to solve this. >>>> >>>> Thank you very much! >>> If your message contains a url such as http://123.231.255.29/, in other words a URL >>> made up from an IP address, and if that URL is preceded by the word "tracker" then >>> the message will fail. In fact I had to reword this post to get past the av filter. >>> >>> dp >> Yes, our emails contain urls with IP. We must change it so something >> like hxxp://123.123.123.123 to pass the filter. But you know, It's a bit >> noisy for the users. It'd be ok if there's a tip to disable this kind >> of check from clamav.
>
> Perhaps setting this option in your clamd.conf file will help.
>
> # Scan URLs found in mails for phishing attempts using heuristics.
> # Default: yes
> #PhishingScanURLs yes
>
> PhishingScanURLs no
>
> The default is Yes.
>
> dp
Some days ago I tried to set PhisingScanURLs to no but after that clamav failed to restart. My clamav version is 0.90.3. Does this means that an upgrade is needed?
[root@mail etc]# sh /etc/rc.d/init.d/clamd reload
Stopping Clam AntiVirus Daemon: [ OK ]Starting Clam AntiVirus Daemon: ERROR: Parse error at line 234: Unknown option PhishingScanURLs.
ERROR: Can't open/parse the config file /etc/clamd.conf
[FAILED]
Regards,
Chinh Nguyen
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html Received on Mon Oct 1 23:51:18 2007
This archive was generated by hypermail 2.1.8 : Mon Oct 29 2007 - 12:21:08 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |