Mailing List Archive

[clamav-users] Heueristics.Structured.CreditCardNumber ???
This is another frequent hit I get doing a clamdscan: Heueristics.Structured.CreditCardNumber

I've read of a scam which prompts people to apply for a credit card, or says falsely that a person has already a credit card... responding to either leads to a scam.

Are eliminating these two scams the only reasons for searching out files containing credit card numbers? Or are there other reasons we should be aware of?
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Heueristics.Structured.CreditCardNumber ??? [ In reply to ]
On February 24, 2023 2:53:31 PM EST, Andrew C Aitchison <andrew@aitchison.me.uk> wrote:
>On Fri, 24 Feb 2023, musc via clamav-users wrote:
>
>> This is another frequent hit I get doing a clamdscan:
>> Heueristics.Structured.CreditCardNumber
>>
>> I've read of a scam which prompts people to apply for a credit card,
>> or says falsely that a person has already a credit
>> card... responding to either leads to a scam.
>>
>> Are eliminating these two scams the only reasons for searching out
>> files containing credit card numbers? Or are there other reasons we
>> should be aware of?
>
>My guess would be that the main use of this would be to catch
>*outgoing* emails from your users replying to scams, or otherwise
>emailing their c/c number to someone.
>Email simply isn't secure enough to use for online payments,
>so seems reasonable to reject submitted messages which contain c/c details.
>Probably a case for outright rejection or quarantine, rather than
>just adding to a spam score.
>

In that event the very substantial and formulaic email header or attachment syntax could radically eliminate false positives.
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat