You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Email.Phishing.Blackhole in Microsoft Office Data Records

I recently used ClamXav to scan my MacBook Pro and found Email.Phishing.Blackhole in the path Documents/Microsoft User Data/Office 2011/Data Records. Does this affect my Microsoft Office documents in any way ? Can I delete this ?

Mac Pro, OS X Mountain Lion (10.8.5)

Posted on Nov 5, 2013 10:42 AM

Reply
16 replies

Nov 15, 2013 3:18 PM in response to inc2022

inc2022 wrote:


Ok, this time with the scan I got only one file with Email.Phishing.Blackhole and I followed you instructions and this is what I got ...


Date: Fri, 23 Aug 2013 12:59:52 -0700

From: "US Airways - Reservations" <reservations@myusairways.com>

To: <myemailID>

Subject: US Airways check-in reminder

So this looks to me to be an actual notification from US Air back in August. That should be enough for you to locate the message in Outlook. Without being able to see the body of the message, I can't tell whether or not it contains links to a fake US Air site, but if you find it you should be able to hover your cursor over any links to see where it will actually take you.


You may remember that the only elements of a signature the ClamAV® scan engine is looking for are a reference to the Star Alliance logo and the from line above, so if you see that logo in the message, that would explain why it's giving you that identification.


I ran the header through SpamCop and the results would seem to confirm that it actually came from US Air.


If you don't need that message any more, I recommend deletion from within Outlook (don't drag the file to the trash). If you want to keep it, you can either ignore future findings or after completing the scan, do a right-click / control-click on an entry and select "Exclude From Future Scans", but since we keep finding a different identifier for it (moving train) that's probably not going to work for long.


Normally I would ask you to submit it to the folks at ClamAV® as a false positive (assuming you do find it to be legitimate), but at this point it's probably not worth the effort. If you feel inclined to do so go to ClamAV® Submit a file page and use the "Send a false positive report" form to upload it.

Email.Phishing.Blackhole in Microsoft Office Data Records

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.