Ged, > Hi there,
> On Wed, 29 Jun 2022, Eric Tykwinski via clamav-users wrote:
>> Any one have an abuse contact for Cisco IronPorts hosted service?
>> Customer of ours received a phishing email from a Cisco client but
>> wasn't sent by them, at least that what I'm being told.
> I don't think you can rely on the customer's say-so. You need to get a
complete copy of the message - especially full headers - for analysis. > Having said that here's a random hit:
I forwarded the raw message and our server logs to
email@example.com, which took me awhile to find on Cisco's site.
Hopefully that works. The email itself came from Cisco IronPorts (Address
22.214.171.124 resolves to esa2.hc2580-79.iphmx.com.)
The sending client is on Cisco:
chesco.org. 0 IN MX 10 mx2.hc2580-79.iphmx.com.
chesco.org. 0 IN MX 10 mx1.hc2580-79.iphmx.com.
I didn't see any DKIM signatures in the headers, so I'm not sure if it was a
legit encrypted email or a phishing scam.
But definitely looked hokey with an html attachment asking for info, and
> If it's really Cisco, and all else fails, I'd send a report to the abuse
address for cisco.com (and to SpamCop - Cisco owns SpamCop of course...:) >
clamav-users mailing list
Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat