lep Posted August 15, 2015 Report Share Posted August 15, 2015 Was at work and sent an email to someone at Univ of Calif. and one of their servers returned the message stating that Clam AV detected PhishTank.Phishing.3292802.UNOFFICIAL. I did notice at PhishTank that it this signature was confirmed and is being observed in traffic. Sent an email to my IT asking what's up, and told them that it's their machine and their McAfee so it's "their deal." Someone from the security team said the issue was resolved, and there are no worries. Question is: did my IT inject anything in my message or is it likely a false positive? It's quite strange, since a work (academic) server at a university kicked back my message. Thx in advance. Link to comment Share on other sites More sharing options...
ritchie58 Posted August 15, 2015 Report Share Posted August 15, 2015 Hi lep, it sounds like there was something malicious contained in the return email. Did you open an attachment or click on a link contained in the email? That's usually how malware propagates using email as a means of delivery. You have to click on an attachment or an external link. I would assume that your machine does have Immunet or ClamAV installed thus the ClamAV detection, right? McAfee and ClamAV are two completely different AV solutions. So if the IT experts at the university say it's not anything to worry about on their end then I also find that a little strange, unless, because of you reporting this detection they found the malware and quarantened it after your email in question was already sent which could be the case too. Then they owe you a "big thank you" for discovering & reporting the malware. Still rather odd though. Cheers, Ritchie... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.