Virus scan result shows problem shock horror!
Graham Watkins
shellycat.gw at ntlworld.com
Sun Jul 13 12:21:27 UTC 2008
Xandros Pilosa wrote:
> Graham Watkins:
>
>> Recent virus scans using Clamav with Avscan front end have shown a
>> virus: Phishing.Heuristics.Email.SpoofedDomain as infecting my mailbox
>>
>> This presumably relates to a phishing E-mail I got recently purporting
>> to be from Monster (which is weird because I'm not registered with them)
>> which I deleted. However, it still shows up on scans.
>>
>>
> Hello Graham,
> deleting inbox won't be necessary. Compacting your inbox and/or other
> directories should do the job.
> http://kb.mozillazine.org/Thunderbird_:_Tips_:_Compacting_Folders
> Just to be on the safe side: I would do this in off-line mode.
> Regards!
>
>
Did this and ran a scan - it's gone now. Thanks.
Robert Spanjaard wrote:
> Did you delete it from the Inbox only, or from the Trash folder too?
Trash already emptied.
Mario Vukelic wrote:
> Google seems to show that this might simply be a false
> positive; there a many posts to that effect in the search results:
>
> http://www.google.com/search?q="Phishing.Heuristics.Email.SpoofedDomain"+clamav
>
Checked it out. Clamav does seem to have a problem with false positives
but this wasn't a false positive insofar as it was triggered by a
"genuine" spoof mail. Whether there's any point in an AV detecting
such things is another question. I found the following in the Google
search. Seems to me it might just be worth doing.
> > That said... Phishing.Heuristics.* signatures are, as it says,
> heuristic
> > signatures, not triggered by any rules, but by heuristics. It can
> > be turned off by adding this line to your clamd.conf:
> > PhishingScanURLs no
Thanks to all who replied. When you guys are good, you're really good.
--
Graham Watkins
"To mess up a Linux box, you need to work at it; to mess up your Windows
box, you just need to work on it."
SecurityFocus columnist Scott Granneman.
More information about the ubuntu-users
mailing list