Skip navigation

"Heuristic.Phishing.email.SpoofedDomain" Virus

20151 Views 35 Replies Latest reply: Jun 29, 2012 7:49 AM by varjak paw RSS
1 2 3 Previous Next
macfrombrampton Level 1 Level 1 (0 points)
Currently Being Moderated
Apr 30, 2012 5:01 PM

I am still looking for an answer as to what function this Malware performs. Clamxav virus software downloaded  from the App store identified several "Apple mails" and identified it as "Heuristic.Phishing.email.SpoofedDomain". I am unable to find the definition from Clamxav or searches through web serches.

MacBook Pro, Mac OS X (10.6.8)
  • BGreg Level 6 Level 6 (17,500 points)

    I put that message in a google search, and it found 1,950 entries. ClamXav is identifying email that appears to be phishing emails with a spoofed address (looks legit but on careful examination it may not be). You can delete the emails if the ClamXav message bothers you or just leave them. As long as you don't respond to them, there's no damage being done. If the email is a legitimate Apple email, then something in the email is generating a false positive. When I get those, I delete the offending email ... done.

  • X423424X Level 6 Level 6 (14,190 points)

    ClamXav is simply confused (as it often is) doing it's pattern matching and heuristics looking at date that just happens to match those patterms and heuristics.  The fact that it is in mail is a giveaway that ClamXav is too stupid to know what it is looking at.  Don't let ClamXav move anything it finds in mail our you could corrupt the mail data bases.

  • MadMacs0 Level 4 Level 4 (3,320 points)

    The OP has been told multiple times about everything you have said. I have personally shown him the definition of this infection in official clamav.net documentation, but he continues to ignore everything we've told him over the past several months, so don't waste a lot of time on this.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 30, 2012 7:32 PM (in response to MadMacs0)

    Yes, unbelievable! Since January. BTW, the earth is flat.

     

    https://discussions.apple.com/thread/3641143?tstart=0

  • X423424X Level 6 Level 6 (14,190 points)
    Currently Being Moderated
    Apr 30, 2012 7:44 PM (in response to MadMacs0)

    Just checked the OP's post history. Well, gee, that was a waste of time.

  • MadMacs0 Level 4 Level 4 (3,320 points)

    macfrombrampton wrote:

     

    Clamxav is able to removing the offending files on its own.

    It is able to, but you should never do that with an e-mail file as it will corrupt the mailbox index. Always delete an e-mail using your e-mail client to make certain you don't lose additional e-mail and that it is also deleted from your ISP's e-mail server.

  • Klaus1 Level 8 Level 8 (43,385 points)

    The ClamXav forum is here:

     

    http://www.markallan.co.uk/BB/viewforum.php?f=1

     

    I would suggest you ask these questions there.

  • MadMacs0 Level 4 Level 4 (3,320 points)

    macfrombrampton wrote:

     

    I have asked in the clamXav forum but no answers.

    Actually, you received three replies function of a couple of viruses.

     

    Unfortunately, the developer of ClamXav is not responsible for the malware definitions which belong to the folks at clamav.net, developers of the multi-platform scanning engine used by ClamXav.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 3, 2012 5:29 AM (in response to MadMacs0)

    Mad, I apologize for hijacking this thread, but I am completely stuck and maybe you can help with this. I tried registering for the ClamX forum, but never received my activation e-mail. I wrote the following message, here excerpted, to Mark Allan twice, but haven't received a reply. I realize he can't reply to every e-mail he receives, but I would have thought he'd make an exception for this. Maybe I made a mistake by choosing the category "other."

     

    This is the second time I am writing, as I have had no reply to my first message, sent on 4/27.

     

    I registered for the ClamXav support forum last Friday, 4/27, but never received my activation email and am unable to log in. I have no blocking or rules set up either on my email server or locally that would have prevented this email getting through. I am blocked from re-registering using the same email address.

     

    After I registered, I saw that my user name "brillo" appeared as "newest member," so that part, at least, went through.

     

    I am completely stuck.

     

    One other ClamX related question, if I may.

     

    The ClamAV scanning engine installer I'm seeing in receipts is version 0.95.3 from 4/25/2010. I would have thought updating ClamXav would have brought along the latest ClamAV engine, but maybe not. Do I need to separately download and install the current one, which is 0.97.4? And if I do, will it properly overwrite the older one?

     

    I'm also seeing this ClamAV folder with a creation date of 3/17/2012. Does that mean it was updated?

     

    /usr/local/clamXav/share/clamav

     

     

    Thanks

     

    <Edited by Host>

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 3, 2012 5:26 AM (in response to WZZZ)

    To prevent it getting spammed, I've asked the hosts to edit out or obfuscate that e-mail address for Mark Allan.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    May 3, 2012 10:45 AM (in response to WZZZ)

    WZZZ wrote:

     

    Mad, I apologize for hijacking this thread, but I am completely stuck and maybe you can help with this. I tried registering for the ClamX forum, but never received my activation e-mail.

    Mark just returned from Holiday (a European term) so he's running a bit behind, but I would expect him to get back to you when he has a moment. I've not heard of this problem before, but I'm not sure how I would. I do know that I had a similar problem getting an activation e-mail for over a week at another site before it finally worked.

    The ClamAV scanning engine installer I'm seeing in receipts is version 0.95.3 from 4/25/2010. I would have thought updating ClamXav would have brought along the latest ClamAV engine, but maybe not. Do I need to separately download and install the current one, which is 0.97.4? And if I do, will it properly overwrite the older one?

     

    I'm also seeing this ClamAV folder with a creation date of 3/17/2012. Does that mean it was updated?

     

    /usr/local/clamXav/share/clamav

    That's very strange. I've never paid attention to that but when I look at /Library/Receipts/clamavEngineInstaller104.pkg I see v0.97.4 dated 3/30/12. The 0.95.3 version came with ClamXav 2.0.4 & 2.0.5 back in Nov/Dec 2009.

     

    To find out what version is actually installed try this Terminal command:

     

         /usr/local/clamXav/bin/clamscan -V

     

    You didn't mention whether you are using the AppStore or the website version, which store the engine in different places. If it's the AppStore version then you should probably remove any older scan engines that remain on your hard drive. Use the "ClamAV Engine REMOVER" script found on any ClamXav_2.x.x.dmg file you downloaded.

     

    If you are using the web site version and the above command shows an older scan engine, use the same script to remove it (make sure both ClamXav and Sentry are not running), then launch ClamXav and it should offer to install the newer engine for you.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 3, 2012 11:18 AM (in response to MadMacs0)

    Thanks very much. First, from running that command, I'm seeing I do have the 0.97.4. So no problem there after all. And thanks for the word on the registration. Perhaps that e-mail will arrive eventually or Mark will be able to look into it.

1 2 3 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.