[Micronet] Emailing pdf files . . . or not . . . ClamAV

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Emailing pdf files . . . or not . . . ClamAV

Jon Johnsen-2
Several of our users, and now I, have been unable to successfully attach
pdf files to email messages and send the messages using CalMail, web
client or Thunderbire.

Lots of differently done attempts, but all end with:

> An error occurred while sending mail. The mail server responded:  
> Message contains malware
> (ClamAV:ASCII.Phishing.APERlink-13307.UNOFFICIAL). Please check the
> message and try again.

Any suggestions?

Different users, different pdf creators, all with Windows 7 using
Thunderbird or the CalMail web client.

--
Jon Johnsen
Information Systems Office
433 University Hall
School of Public Health, UC Berkeley
510 643-4357


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Emailing pdf files . . . or not . . . ClamAV

Jon Johnsen-2
Apparently the problem is more widespread than that.  From campus:

Hi Jon 

Thank you for reporting this matter. IST Calmail has received reports
that PDF's in emails are being flagged as containing Malware and the
calmail system is rejecting email delivery and/or receipt.

The Calmail system admins are working diligently to resolve this matter
as quickly as possible.

We do apologize for any inconvenience this matter may have cause. 

Jon Johnsen
Information Systems Office
433 University Hall
School of Public Health, UC Berkeley
510 643-4357

On 11/22/2011 1:59 PM, Don Bernstein wrote:
We got a similar message due to a bunch of unnecessary MS Word formatting in the Thunderbird signature file.

Our message was:
An error occurred while sending mail. The mail server responded:  Message contains malware (ClamAV:HTML.Phishing.APERlink-13152.UNOFFICIAL). Please check the message and try again.

Don Bernstein
Berkeley International Office
UC Berkeley
510-643-4690 or 510-642-2818


Jon Johnsen wrote, on 11/22/2011 1:01 PM:
Several of our users, and now I, have been unable to successfully attach 
pdf files to email messages and send the messages using CalMail, web 
client or Thunderbire.

Lots of differently done attempts, but all end with:

An error occurred while sending mail. The mail server responded:  
Message contains malware 
(ClamAV:ASCII.Phishing.APERlink-13307.UNOFFICIAL). Please check the 
message and try again.
Any suggestions?

Different users, different pdf creators, all with Windows 7 using 
Thunderbird or the CalMail web client.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Emailing pdf files . . . or not . . . ClamAV

Lawrence Sweet
I always rename files to *.rename when this happens, seems to work on most email servers.


.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,
Lawrence Sweet
Applications Programmer II
ECSM
Haas School of Business
University of California, Berkeley
Bakar Computer Center
Cell 925-324-2855
.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,
________________________________________
From: [hidden email] [[hidden email]] On Behalf Of Jon Johnsen [[hidden email]]
Sent: Tuesday, November 22, 2011 2:07 PM
To: Don Bernstein; [hidden email]
Subject: Re: [Micronet] Emailing pdf files  . . .  or not . . . ClamAV

Apparently the problem is more widespread than that.  From campus:


Hi Jon

Thank you for reporting this matter. IST Calmail has received reports
that PDF's in emails are being flagged as containing Malware and the
calmail system is rejecting email delivery and/or receipt.

The Calmail system admins are working diligently to resolve this matter
as quickly as possible.

We do apologize for any inconvenience this matter may have cause.


Jon Johnsen
Information Systems Office
433 University Hall
School of Public Health, UC Berkeley
510 643-4357

On 11/22/2011 1:59 PM, Don Bernstein wrote:
We got a similar message due to a bunch of unnecessary MS Word formatting in the Thunderbird signature file.

Our message was:
An error occurred while sending mail. The mail server responded:  Message contains malware (ClamAV:HTML.Phishing.APERlink-13152.UNOFFICIAL). Please check the message and try again.

Don Bernstein
Berkeley International Office
UC Berkeley
510-643-4690 or 510-642-2818


Jon Johnsen wrote, on 11/22/2011 1:01 PM:

Several of our users, and now I, have been unable to successfully attach
pdf files to email messages and send the messages using CalMail, web
client or Thunderbire.

Lots of differently done attempts, but all end with:



An error occurred while sending mail. The mail server responded:
Message contains malware
(ClamAV:ASCII.Phishing.APERlink-13307.UNOFFICIAL). Please check the
message and try again.


Any suggestions?

Different users, different pdf creators, all with Windows 7 using
Thunderbird or the CalMail web client.




 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Emailing pdf files . . . or not . . . ClamAV

billallison
In reply to this post by Jon Johnsen-2
The CalMail, Unix team and Security & Network Services teams are working on this as one of our top priorities.  The current theory is that the behavior is tied to a recent ClamAV update and we are looking to get this solved as soon as possible and will keep updates posted on http://systemstatus.berkeley.edu/

thanks
Bill

On Nov 22, 2011, at 2:07 PM, Jon Johnsen wrote:

Apparently the problem is more widespread than that.  From campus:

Hi Jon 

Thank you for reporting this matter. IST Calmail has received reports
that PDF's in emails are being flagged as containing Malware and the
calmail system is rejecting email delivery and/or receipt.

The Calmail system admins are working diligently to resolve this matter
as quickly as possible.

We do apologize for any inconvenience this matter may have cause. 

Jon Johnsen
Information Systems Office
433 University Hall
School of Public Health, UC Berkeley
510 643-4357

On 11/22/2011 1:59 PM, Don Bernstein wrote:
We got a similar message due to a bunch of unnecessary MS Word formatting in the Thunderbird signature file.

Our message was:
An error occurred while sending mail. The mail server responded:  Message contains malware (ClamAV:HTML.Phishing.APERlink-13152.UNOFFICIAL). Please check the message and try again.

Don Bernstein
Berkeley International Office
UC Berkeley
510-643-4690 or 510-642-2818


Jon Johnsen wrote, on 11/22/2011 1:01 PM:
Several of our users, and now I, have been unable to successfully attach 
pdf files to email messages and send the messages using CalMail, web 
client or Thunderbire.

Lots of differently done attempts, but all end with:

An error occurred while sending mail. The mail server responded:  
Message contains malware 
(ClamAV:ASCII.Phishing.APERlink-13307.UNOFFICIAL). Please check the 
message and try again.
Any suggestions?

Different users, different pdf creators, all with Windows 7 using 
Thunderbird or the CalMail web client.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Emailing pdf files . . . or not . . . ClamAV

Graham Patterson
I have a report of an HTML-formatted email being bounced by ClamAV as an
HTML phishing attack. Since the message is a report from a service site,
this is a bit worrying. I am arranging to have the exemplar forwarded to
CalMail. We think this may have triggered between 5:00 and 5:30pm last
Friday because similar messages came through ahead of the blocked one.

Graham

On 11/22/11 2:35 PM, Bill Allison wrote:

> The CalMail, Unix team and Security & Network Services teams are working
> on this as one of our top priorities. The current theory is that the
> behavior is tied to a recent ClamAV update and we are looking to get
> this solved as soon as possible and will keep updates posted on
> http://systemstatus.berkeley.edu/
>
> thanks
> Bill
>
> On Nov 22, 2011, at 2:07 PM, Jon Johnsen wrote:
>
>> Apparently the problem is more widespread than that. From campus:
>>
>>> Hi Jon
>>>
>>> Thank you for reporting this matter. IST Calmail has received reports
>>> that PDF's in emails are being flagged as containing Malware and the
>>> calmail system is rejecting email delivery and/or receipt.
>>>
>>> The Calmail system admins are working diligently to resolve this matter
>>> as quickly as possible.
>>>
>>> We do apologize for any inconvenience this matter may have cause.
>>
>> Jon Johnsen
>> Information Systems Office
>> 433 University Hall
>> School of Public Health, UC Berkeley
>> 510 643-4357
>>
>> On 11/22/2011 1:59 PM, Don Bernstein wrote:
>>> We got a similar message due to a bunch of unnecessary MS Word
>>> formatting in the Thunderbird signature file.
>>>
>>> Our message was:
>>>
>>>     An error occurred while sending mail. The mail server responded:
>>>     Message contains malware
>>>     (ClamAV:HTML.Phishing.APERlink-13152.UNOFFICIAL). Please check
>>>     the message and try again.
>>>
>>>
>>> Don Bernstein
>>> Berkeley International Office
>>> UC Berkeley
>>> 510-643-4690 or 510-642-2818
>>>
>>>
>>> Jon Johnsen wrote, on 11/22/2011 1:01 PM:
>>>> Several of our users, and now I, have been unable to successfully attach
>>>> pdf files to email messages and send the messages using CalMail, web
>>>> client or Thunderbire.
>>>>
>>>> Lots of differently done attempts, but all end with:
>>>>
>>>>> An error occurred while sending mail. The mail server responded:
>>>>> Message contains malware
>>>>> (ClamAV:ASCII.Phishing.APERlink-13307.UNOFFICIAL). Please check the
>>>>> message and try again.
>>>> Any suggestions?
>>>>
>>>> Different users, different pdf creators, all with Windows 7 using
>>>> Thunderbird or the CalMail web client.
>>>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or
>> unsubscribe from its mailing list and how to find out about upcoming
>> meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable,
>> and the list's archives can be browsed and searched on the Internet.
>> This means these messages can be viewed by (among others) your bosses,
>> prospective employers, and people who have known you in the past.
>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley   510-643-2222
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - directions to my office.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Emailing pdf files . . . or not . . . ClamAV

billallison
Detailed update on CalMail coming tomorrow, but I wanted to send a quick update to Micronet to let you all know the blocked PDF (along with some HTML emails) issue has been resolved.  The root cause was bad data in a manual phishing block list, which was caused by operator error (i.e., not an underlying technology problem). The service desk and the CalMail team will be implementing some process/review steps to prevent this happening again.

Thanks to Paul, Bernie and Jon for their work getting to the bottom of this.

-Bill

On Nov 22, 2011, at 3:10 PM, Graham Patterson wrote:

> I have a report of an HTML-formatted email being bounced by ClamAV as an
> HTML phishing attack. Since the message is a report from a service site,
> this is a bit worrying. I am arranging to have the exemplar forwarded to
> CalMail. We think this may have triggered between 5:00 and 5:30pm last
> Friday because similar messages came through ahead of the blocked one.
>
> Graham
>
> On 11/22/11 2:35 PM, Bill Allison wrote:
>> The CalMail, Unix team and Security & Network Services teams are working
>> on this as one of our top priorities. The current theory is that the
>> behavior is tied to a recent ClamAV update and we are looking to get
>> this solved as soon as possible and will keep updates posted on
>> http://systemstatus.berkeley.edu/
>>
>> thanks
>> Bill
>>
>> On Nov 22, 2011, at 2:07 PM, Jon Johnsen wrote:
>>
>>> Apparently the problem is more widespread than that. From campus:
>>>
>>>> Hi Jon
>>>>
>>>> Thank you for reporting this matter. IST Calmail has received reports
>>>> that PDF's in emails are being flagged as containing Malware and the
>>>> calmail system is rejecting email delivery and/or receipt.
>>>>
>>>> The Calmail system admins are working diligently to resolve this matter
>>>> as quickly as possible.
>>>>
>>>> We do apologize for any inconvenience this matter may have cause.
>>>
>>> Jon Johnsen
>>> Information Systems Office
>>> 433 University Hall
>>> School of Public Health, UC Berkeley
>>> 510 643-4357
>>>
>>> On 11/22/2011 1:59 PM, Don Bernstein wrote:
>>>> We got a similar message due to a bunch of unnecessary MS Word
>>>> formatting in the Thunderbird signature file.
>>>>
>>>> Our message was:
>>>>
>>>>    An error occurred while sending mail. The mail server responded:
>>>>    Message contains malware
>>>>    (ClamAV:HTML.Phishing.APERlink-13152.UNOFFICIAL). Please check
>>>>    the message and try again.
>>>>
>>>>
>>>> Don Bernstein
>>>> Berkeley International Office
>>>> UC Berkeley
>>>> 510-643-4690 or 510-642-2818
>>>>
>>>>
>>>> Jon Johnsen wrote, on 11/22/2011 1:01 PM:
>>>>> Several of our users, and now I, have been unable to successfully attach
>>>>> pdf files to email messages and send the messages using CalMail, web
>>>>> client or Thunderbire.
>>>>>
>>>>> Lots of differently done attempts, but all end with:
>>>>>
>>>>>> An error occurred while sending mail. The mail server responded:
>>>>>> Message contains malware
>>>>>> (ClamAV:ASCII.Phishing.APERlink-13307.UNOFFICIAL). Please check the
>>>>>> message and try again.
>>>>> Any suggestions?
>>>>>
>>>>> Different users, different pdf creators, all with Windows 7 using
>>>>> Thunderbird or the CalMail web client.
>>>>>
>>>
>>> -------------------------------------------------------------------------
>>> The following was automatically added to this message by the list server:
>>>
>>> To learn more about Micronet, including how to subscribe to or
>>> unsubscribe from its mailing list and how to find out about upcoming
>>> meetings, please visit the Micronet Web site:
>>>
>>> http://micronet.berkeley.edu
>>>
>>> Messages you send to this mailing list are public and world-viewable,
>>> and the list's archives can be browsed and searched on the Internet.
>>> This means these messages can be viewed by (among others) your bosses,
>>> prospective employers, and people who have known you in the past.
>>
>>
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
> --
> Graham Patterson, Systems Administrator
> Lawrence Hall of Science, UC Berkeley   510-643-2222
> "...past the iguana, the tyrannosaurus, the mastodon, the mathematical
> puzzles, and the meteorite..." - directions to my office.
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.