Heuristics.Phishing.Email.SpoofedDomain detected but not quarantined
Linus Haake
linus at haake-it.net
Thu Mar 7 09:07:53 CET 2013
Dear List,
We're running two very identical servers (Centos 5 / 6) as inbound MTA. Both have
- The same clamd.conf and Clamav release
- The same signature files
- Same version of amavisd-new conf
installed.
Since some weaks ago, I've recognized that Phishing detection works on both servers, but only one puts the detected file into Quarantine.
I was searching for hours comparing the config files, reloading fresh signature db's but cannot find the reason for it.
Clamd.log shows
Mon Mar 4 20:17:30 2013 -> /var/spool/amavis/tmp/amavis-20130304T201610-01721/parts/p003: Heuristics.Phishing.Email.SpoofedDomain FOUND
but the message just passes as SPAM.
Does anybody has a idea what the reason for this behavior could be?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20130307/dc69f5ea/attachment.html>
More information about the amavis-users
mailing list