SPAM from eigbox.net

Disregard.

oilnwine wrote:

OK so I downloaded and ran ClamXav and it found 6 instances of a phishing app. It found several instances of these:

Heuristics.Phishing.Email.SpoofedDomain

This may or may not have been an actual phishing attempt. The word "Heuristics" indicates that something about the format of the message was suspicious, not that it matched a particular signature. You should always read these before deleting.

HTM.Phishing.Pay-201

Looks like it's actually "HTML.Phishing.Pay-201" matches a signature that reads "as*part*of*our*security measures, we regularly screen activity in the{WILDCARD_ANY_STRING(LENGTH<=14)}paypal system. we recently contacted you after noticing an issue" except that I inserted some "*" for spaces to prevent this from being identified. This can safely be deleted, but make certain you do it properly.

Never use ClamXav (or any other A-V software) to move (quarantine) or delete e-mail. It will corrupt the mailbox index which could cause loss of other e-mail and other issues with functions such as searching. It may also leave the original e-mail on your ISP's e-mail server and will be re-downloaded to your hard drive the next time you check for new mail.

So, if you choose to "Scan e-mail content for malware and phishing" in the General Preferences, make sure you do not elect to either Quarantine or Delete infected files.

I am wondering where this email is originating from.

The best way I know is to submit it to SpamCop the next time you get one.

oilnwine wrote:

Thanks, but what do I do with the files that it does find? Can I delete them manually?

Sort of.

When possibly infected e-mail files are found:

1. Highlight the entry in the ClamXav window's top pane that needs to be dealt with.
2. Right-click/Control-click on the entry.
3. Select "Reveal In Finder" from the pop-up menu.
4. When the window opens, double-click on the file to open the message in your e-mail client application.
5. Read the message and if you agree that it is junk/spam/phishing then use the e-mail client's delete button to delete it (reading it is especially important when the word "Heuristics" appears in the infection name).
6. If you disagree and choose to retain the message, return to ClamXav and choose "Exclude From Future Scans" from the pop-up menu.
7. If this is a g-mail account and those messages continue to show up after you have deleted them in the above manner, you may need to log in to webmail using your browser, go to the "All Mail" folder, find the message(s) and use the delete button there to permanently delete them from the server. Then check the "Trash" folder and delete them there.