Mailing List Archive: ClamAV: users

Has ClamAV mailing list been leaked?

Index | Next | Previous | View Threaded

clamav at iment

Jul 6, 2012, 8:38 AM

Post #1 of 5 (420 views)
Permalink

Has ClamAV mailing list been leaked?

Today we got a spam email claiming to be "From: clamav" at our domain,
from IP address 201.80.225.194. We already get spam "To: clamav".

Since we indeed have a virtual mailbox named "clamav" (to receive this
list), I am wondering if this is just a good guess by the spammer, or
if somehow the ClamAV mailing list has leaked out.

Maybe it just indicates that ClamAV is gaining recognition.

P.S. We can tell that spam purporting to be "From:" our domain is
bogus because I have set up an outbound filter that adds an email
header ("X-" style) which carries a salted hash of the email's regular
headers, and this, in turn, is checked by an inbound filter. (It's
sort of a lite version of DKIM.)
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Jason_Haar at trimble

Jul 7, 2012, 12:26 AM

Post #2 of 5 (364 views)
Permalink

Re: Has ClamAV mailing list been leaked? [In reply to]

I don't understand how you came to the conclusion the clamav list has
been leaked. You just emailed this list using clamav [at] iment - so all
the spammers have your email address because of that action. Assuming
this isn't the first time you've emailed this list, they *would* have
grabbed it from simply monitoring this list - probably by scraping one
of the thousand-odd web mailing-list archives

These days, the only "safe" email address is the non-existent one that
is also never used ;-)

--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

me at junc

Jul 7, 2012, 2:45 AM

Post #3 of 5 (363 views)
Permalink

Re: Has ClamAV mailing list been leaked? [In reply to]

Den 2012-07-07 09:26, Jason Haar skrev:

> These days, the only "safe" email address is the non-existent one
> that is also never used ;-)

will spammers start sending if more then one email is used from the
sender ? :=)

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

erwan at rail

Jul 7, 2012, 5:26 AM

Post #4 of 5 (360 views)
Permalink

Re: Has ClamAV mailing list been leaked? [In reply to]

On 07/07/12 09:26, Jason Haar wrote:
> These days, the only "safe" email address is the non-existent one that
> is also never used ;-)
>
Not even that. spammers generate addresses by using left part of an
address in other domains...

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

jesler at sourcefire

Jul 7, 2012, 8:02 AM

Post #5 of 5 (359 views)
Permalink

Re: Has ClamAV mailing list been leaked? [In reply to]

On Jul 7, 2012, at 3:26 AM, Jason Haar <Jason_Haar [at] trimble> wrote:

> I don't understand how you came to the conclusion the clamav list has
> been leaked. You just emailed this list using clamav [at] iment - so all
> the spammers have your email address because of that action. Assuming
> this isn't the first time you've emailed this list, they *would* have
> grabbed it from simply monitoring this list - probably by scraping one
> of the thousand-odd web mailing-list archives
>
> These days, the only "safe" email address is the non-existent one that
> is also never used ;-)

Jason's right.

The ClamAV-users mailing list is public, if you go here you can get everyone who's ever been archived sending an email to the list's email address:

http://lurker.clamav.net/list/clamav-users.en.html

Thanks.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads