-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2005-09-25 at 03:25 +0200, Tomasz Papszun wrote:
On Sun, 25 Sep 2005 at 2:09:37 +0200, Carlos E. R. wrote:
The Saturday 2005-09-24 at 22:59 +0200, Tomasz Papszun wrote:
Weird. You are using Mutt, but your email broke the thread. Something funny going on :-?
Nothing special. I forgot that this list requires not only the "From: " address, but also the "From " one to be subscribed to be able to post, and I forgot to ":set envelope_from=yes" before posting. The message bounced, so I used the copy from =sent folder, but this time forgot to manually paste the "References: " field from your message :-) .
X'-) I see. What I do in those cases is reply, again, to the poster, but inserting the text from the sent email I copied to a file first.
These are names of signatures by ClamAV.
Ah, Clamav. Interesting :-)
Indeed :-) .
Yes, because I could not guess what antivirus they were using. It also means that they probably may be using Linux at the mail server, and that is way more interesting for this organization in particular, that I thought to be windows users ;-) It also means that clamav is better than what I thought, and I must look at it more carefully.
This error message is most likely from amavis. Not from ClamAV in any case. Infected messages should not be bounced (*) and it was not ClamAV's fault that it was bounced, but of improperly configured script.
(*) Because most worms and spams use forged sender addresses. Bouncing them is pointless and harmful as almost always the bounce goes to innocent person.
Amavis has a list of viruses known for forging the sender address, and doesn't bounce in that case. In any case, the bounce doesn't contain the full message with the virus load, but only the headers. I have mine configured to never bounce. Took some convincing. In this case, the bounce served the purpose of making me notice the problem, and resend attaching the problem email inside a zip archive with password.
I know they are phising attempts, but they are also viruses. The one above contains javascript code.
The idea is that an organization here is keen in being sent phising attempts, so they can investigate the emails;
So they should not filter messages addressed to the account for receiving phishing messages. In amavisd-new one can easily "whitelist" such recipients.
Yes, they call it "virus_lovers" in amavis.conf
At http://www.antivir.de/en/support/suspicious_files/index.html there is a form to uploading suspicious files. There is also the email address listed there for that purpose: virus@antivir.de .
AH, thanks, I didn't see it.
BTW, the ClamAV's form for such purpose is at http://www.clamav.net/sendvirus.html .
Good :-) - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDNo7ftTMYHG2NR9URAipvAJ40mCwQRZh0z3MibbL2lyQ3fckcuQCgipHf at181Ng4u48ZhFq3cKeRQnA= =QnpL -----END PGP SIGNATURE-----