You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Scarlet347
Scarlet347 Author
User level: Level 1
19 points

Emails being labelled as scam

When I send an email from my laptop to my work email it get’s flagged as spam. Tried sending the very same email to Yahoo Mail and had no problem.

This is the scam warning I received from the Work server.

Message may contain a virus

Your message wasn't delivered to **** because it may contain a virus. Learn how to check for and prevent viruses.The response from the remote server was:

550 5.7.1 message contains virus: Win.Exploit.CVE_2019_0903-6966169-0

Reporting-MTA: dns; googlemail.com

Received-From-MTA: dns; ****

Arrival-Date: Sat, 25 May 2019 14:50:39 -0700 (PDT)

X-Original-Message-ID: <*****>


Final-Recipient: rfc822; ****

Action: failed

Status: 5.7.1

Remote-MTA: dns; mailin-01.mx.sonic.net. (157.131.224.69, the server for the

domain mfcellars.com.)

Diagnostic-Code: smtp; 550 5.7.1 message contains virus: Win.Exploit.CVE_2019_0903-6966169-0

Last-Attempt-Date: Sat, 25 May 2019 14:50:51 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

       d=gmail.com; s=20161025;

       h=from:mime-version:subject:message-id:date:to;

       bh=FmwYK3pxBn5rGY+IFZKzeowsvOB3PC81OhuJQsPLHDI=;

       b=NpsF5jJo3TSOqRzlUqJKhdcrz1wgpPkYy2liVPDbVm0HwZPZJIRf8nDwZSVmLRHzvj

        HtP1rKbJd3YzloT7EykSkY0nTL7Sw3GBnNZv9HQQwvd5u6gu9HRrlB53RfELcnXFgo/q

        2eXbVDl4jWo8chhMvcz92x8+ylnULzMcLiUv9vMFOWvmzpM7Pe6JeWRzTS9NgVhkpqMn

        zBFf/waKeSFJWCHbH+KneJpm8AhHiPXiOJL53Rz5ZHtgI8K7NYzkVeMx+Nsgx43vDFBJ

        dVfENILKRnYEjOPluw0vW1qNz8viuykT/CK22LLDrCcP6z8vsIrVoa5T8cDtAq7tcb4k

        Bc6Q==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

       d=1e100.net; s=20161025;

       h=x-gm-message-state:from:mime-version:subject:message-id:date:to;

       bh=FmwYK3pxBn5rGY+IFZKzeowsvOB3PC81OhuJQsPLHDI=;

       b=JmpQW4Ud+Ch1n1wDVogjRJPmmNYp58W5e/ycjIEJSsp6EqhUQ63br6LAgf3t5gvZPF

        X/+XOlir0TXClChu4hdJW5OqvlPTeYCC8cIz20Sb/LYG6kMagU0+Wxbg86nLdWrv8EJR

        HRwLth5wwkhDwII13zakIxro+tZZY+mJwoBLg93strYLX5/v50ic1yHfDUjB46siDDyf

        oZUsPK5MVnOjDhOb7NsO8hK6GXiJ80smjOsLyR6N1jZUxAO1BxQcwoUrjANLR8nTRwid

        pir8PZJBDAOtJO8ZpESc+O8UHsNmIYrpTvF7DBXeO1GyevwFDBYsyXmkXod4X/W48nf3

        wFtg==

X-Gm-Message-State: APjAAAXJjimQvSW65ShphSPssMCx40wUHp9kMTxzf0qf2tU6h9Vc/mA6

1FG9LHYziU0061n6leQoxuJc+I8hXYo=

X-Google-Smtp-Source: APXvYqwWdXv2885QTWPXoHS4HvIlp9ppPdnQB0/3FzrWx++b602YXhyT8uTAn3IWKVf9A4iVJhm3zw==

X-Received: by 2002:a63:534f:: with SMTP id t15mr116309897pgl.445.1558821039861;

       Sat, 25 May 2019 14:50:39 -0700 (PDT)

Return-Path: <****>

Received: from [192.168.1.48] (64-195-220-216.101netlink.com. [64.195.220.216])

       by smtp.gmail.com with ESMTPSA id k3sm7446755pju.27.2019.05.25.14.50.38

       for <****>

       (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);

       Sat, 25 May 2019 14:50:39 -0700 (PDT)

From: Scarlet Newman <****>

Content-Type: multipart/mixed;

boundary="Apple-Mail=_82E49CAC-2E0C-464F-9026-44393E93A4C6"

Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))

Subject: Hello

Message-Id: <****>

Date: Sat, 25 May 2019 14:50:38 -0700

To: Newman Scarlet <****>

X-Mailer: Apple Mail (2.3445.104.11)





[Emails Edited by Moderator]

MacBook Pro 13", macOS 10.14

Posted on May 25, 2019 2:53 PM

Reply
Question marked as Top-ranking reply
User profile for user: John Galt
John Galt
User level: Level 10
146,354 points

Posted on May 25, 2019 3:52 PM

There are several possibilities:


  • Your email server erroneously marked your message as having contained a virus
  • The recipient's email server erroneously marked your message as having contained a virus
  • The email actually contains a virus, which is certainly possible under the following circumstances:
    • That email contained a Windows virus, which you forwarded
    • Your email server modified your email message
    • The recipient's email server modified your email message


The last two are obviously functions of the particular email services used by you and your employer.


If the message is flagged in error you need to take it up with your email service provider(s). Using Microsoft as an example, read Submit spam, non-spam, and phishing scam messages to Microsoft for analysis. I can't help with Google products.


If it's legitimate, you can help isolate its source by composing a brand new message using the Mail app. Send it from yourself, to yourself, and examine its headers.


Another possibility is that ClamAV created what it called "Win.Exploit.CVE_2019_0903-6966169-0" in error or without justification: Win.Exploit.CVE_2019_0903-6966169-0 FOUND. There is no entry for it in the NIST database.

View in context

Similar questions

6 replies
Question marked as Top-ranking reply
User profile for user: John Galt
John Galt
User level: Level 10
146,354 points

May 25, 2019 3:52 PM in response to Scarlet347

There are several possibilities:


  • Your email server erroneously marked your message as having contained a virus
  • The recipient's email server erroneously marked your message as having contained a virus
  • The email actually contains a virus, which is certainly possible under the following circumstances:
    • That email contained a Windows virus, which you forwarded
    • Your email server modified your email message
    • The recipient's email server modified your email message


The last two are obviously functions of the particular email services used by you and your employer.


If the message is flagged in error you need to take it up with your email service provider(s). Using Microsoft as an example, read Submit spam, non-spam, and phishing scam messages to Microsoft for analysis. I can't help with Google products.


If it's legitimate, you can help isolate its source by composing a brand new message using the Mail app. Send it from yourself, to yourself, and examine its headers.


Another possibility is that ClamAV created what it called "Win.Exploit.CVE_2019_0903-6966169-0" in error or without justification: Win.Exploit.CVE_2019_0903-6966169-0 FOUND. There is no entry for it in the NIST database.

Reply
User profile for user: GerryB78
GerryB78
User level: Level 1
18 points

May 26, 2019 2:58 AM in response to dialabrain

I created with an online invoice program which has an pdf preview and I klick on the safe as pdf button. I think it is the build in pdf creator from Mac which on the Mac always is offered in the safari.


My second Mac had another problem with open pdf with Mac build in preview app after export from pages to pdf. After reinstall Mac OS it was solved.

Reply
User profile for user: GerryB78
GerryB78
User level: Level 1
18 points

May 26, 2019 2:41 AM in response to John Galt

Hi, I have a similar case. Today I wanted to send an email with apple mail and I had an pdf attached. The smtp server from my provider answer that clam antivirus detect a Clam Antivirus detected Win.Exploit.CVE_2019_0903-6966169-0 and cannot use this smtp. If I remove the pdf attachment or use an png file there is no error with sending.

Reply

Emails being labelled as scam

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up