Jump to content
lep

Server Phish Detection

Recommended Posts

Was at work and sent an email to someone at Univ of Calif. and one of their servers returned the message stating that Clam AV detected PhishTank.Phishing.3292802.UNOFFICIAL.  I did notice at PhishTank that it this signature was confirmed and is being observed in traffic.  Sent an email to my IT asking what's up, and told them that it's their machine and their McAfee so it's "their deal."   Someone from the security team said the issue was resolved, and there are no worries.   Question is: did my IT inject anything in my message or is it likely a false positive?   It's quite strange, since a work (academic) server at a university kicked back my message.  Thx in advance.        

Share this post


Link to post
Share on other sites

Hi lep, it sounds like there was something malicious contained in the return email. Did you open an attachment or click on a link contained in the email? That's usually how malware propagates using email as a means of delivery. You have to click on an attachment or an external link. I would assume that your machine does have Immunet or ClamAV installed thus the ClamAV detection, right? McAfee and ClamAV are two completely different AV solutions. So if the IT experts at the university say it's not anything to worry about on their end then I also find that a little strange, unless, because of you reporting this detection they found the malware and quarantened it after your email in question was already sent which could be the case too. Then they owe you a "big thank you" for discovering & reporting the malware. Still rather odd though.
 

Cheers, Ritchie...

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...