Heuristics.Phishing.Email.SpoofedDomain detected but not quarantined
Noel Jones
njones at megan.vbhcs.org
Thu Mar 7 13:15:42 CET 2013
On 3/7/2013 2:07 AM, Linus Haake wrote:
> Dear List,
>
>
>
> We’re running two very identical servers (Centos 5 / 6) as inbound
> MTA. Both have
>
>
>
> - The same clamd.conf and Clamav release
>
> - The same signature files
>
> - Same version of amavisd-new conf
>
>
>
> installed.
>
>
>
> Since some weaks ago, I’ve recognized that Phishing detection works
> on both servers, but only one puts the detected file into Quarantine.
>
>
>
> I was searching for hours comparing the config files, reloading
> fresh signature db’s but cannot find the reason for it.
>
> Clamd.log shows
>
>
>
> /Mon Mar 4 20:17:30 2013 ->
> /var/spool/amavis/tmp/amavis-20130304T201610-01721/parts/p003:
> Heuristics.Phishing.Email.SpoofedDomain FOUND/
>
>
>
> but the message just passes as SPAM.
>
>
>
> Does anybody has a idea what the reason for this behavior could be?
>
>
>
> Thanks!
>
>
>
The usual suspect is different setting of @virus_name_to_spam_score_maps
-- Noel Jones
More information about the amavis-users
mailing list