Email.Phishing.Blackhole

Sanz Moreno David via amavis-users amavis-users at amavis.org
Tue Dec 10 15:03:39 CET 2013 

Hi all,

I have receive an alert from Clamav, which have detected this virus on my system.

I have configured amavis to quarantine every virus that detects, but I can’t found it in the quarantine directory, and searching for the amavis line in the log related to it, I also haven’t found (there is only one line from the clamav about it)

Amavis:

$QUARANTINEDIR = "/var/spool/amavisd/quarantine";
$final_virus_destiny      = D_DISCARD;
$virus_quarantine_to      = 'virus-quarantine';
$final_banned_destiny     = D_PASS;
$final_spam_destiny       = D_PASS;
$banned_quarantine_to     = undef;
$final_bad_header_destiny = D_PASS;
$bad_header_quarantine_to = undef;


Log: (amavis & clamav logs in the same file)

$ cat maillog | grep Email.Phishing.Blackhole
Dec 10 13:01:46 xxxx clamd[6964]: /var/spool/amavisd/tmp/amavis-20131210T130134-23924-Hk9fgnIz/parts/p002: Email.Phishing.Blackhole FOUND

$ grep -i Email.Phishing.Blackhole /var/spool/amavisd/quarantine/* | wc -l
0

Maybe this kind of virus is not detected as virus and is not been managed by the $final_virus_destiny directive

Regards
David

________________________________
Antes de imprimir este mensaje o sus documentos anexos, asegúrese de que es necesario.
Proteger el medio ambiente está en nuestras manos.

Before printing this e-mail or attachments, be sure it is necessary.
It is in our hands to protect the environment.

******************AVISO LEGAL**********************
Este mensaje es privado y confidencial y solamente para la persona a la que va dirigido. Si usted ha recibido este mensaje por error, no debe revelar, copiar, distribuir o usarlo en ningún sentido. Le rogamos lo comunique al remitente y borre dicho mensaje y cualquier documento adjunto que pudiera contener. No hay renuncia a la confidencialidad ni a ningún privilegio por causa de transmisión errónea o mal funcionamiento.
Cualquier opinión expresada en este mensaje pertenece únicamente al autor remitente, y no representa necesariamente la opinión de Grupo Santander, a no ser que expresamente se diga y el remitente esté autorizado para hacerlo. Los correos electrónicos no son seguros, no garantizan la confidencialidad ni la correcta recepción de los mismos, dado que pueden ser interceptados, manipulados, destruidos, llegar con demora, incompletos, o con virus. Grupo Santander no se hace responsable de las alteraciones que pudieran hacerse al mensaje una vez enviado.
Este mensaje sólo tiene una finalidad de información, y no debe interpretarse como una oferta de venta o de compra de valores ni de instrumentos financieros relacionados. En el caso de que el destinatario de este mensaje no consintiera la utilización del correo electrónico vía Internet, rogamos lo ponga en nuestro conocimiento.


**********************DISCLAIMER*****************
This message is private and confidential and it is intended exclusively for the addressee. If you receive this message by mistake, you should not disseminate, distribute or copy this e-mail. Please inform the sender and delete the message and attachments from your system. No confidentiality nor any privilege regarding the information is waived or lost by any mistransmission or malfunction.
Any views or opinions contained in this message are solely those of the author, and do not necessarily represent those of Grupo Santander, unless otherwise specifically stated and the sender is authorized to do so. E-mail transmission cannot be guaranteed to be secure, confidential, or error-free, as information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. Grupo Santander does not accept responsibility for any changes in the contents of this message after it has been sent.
This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. If the addressee of this message does not consent to the use of internet e-mail, please communicate it to us.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20131210/0a9677b9/attachment.html>

More information about the amavis-users mailing list