Running 64-bit Calibre 2.35 on Windows 8 to download and generate EPUB files, I configured auto-send to e-mail through my own Debian Linux mail server running Exim 4.80-7+deb7u1 with ClamAV 0.98.7+dfsg-0+deb7u1 that checks every message via clamd.
When trying to send
The New York Times EPUB -- and I should clarify that this is just that publication, not other publications -- Exim reports (user names and e-mail addresses obscured):
Code:
SMTPDataError: (550, 'This message was detected as possible malware (PUA.Phishing.Bank)')
Called with args: (u'C:\\Users\\XXXXX\\AppData\\Local\\Temp\\calibre_as5cqv\\hkmrldcaltmpfmt.epub', u'New York Times.epub', u'XXXXX@XXXXX', u'News: New York Times', u'Attached is the New York Times periodical downloaded by calibre.') {u'abort': <threading._Event object at 0x0000000009A4E940>, u'log': <calibre.utils.logging.GUILog object at 0x0000000009A4E7F0>, u'notifications': <Queue.Queue instance at 0x0000000009B96CC8>}
If I manually upload the file in question to the Debian Linux server and run clamscan over it, there is no detection:
Code:
$ clamscan hkmrldcaltmpfmt.epub
hkmrldcaltmpfmt.epub: OK
----------- SCAN SUMMARY -----------
Known viruses: 3960851
Engine version: 0.98.7
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 26.60 MB
Data read: 11.53 MB (ratio 2.31:1)
Time: 14.897 sec (0 m 14 s)
So my inference is that the Base64 encoding of the EPUB must be what is triggering the (I assume) false positive, but I have no idea how to capture that.
Has anyone else seen this? Does anyone have suggestions on further diagnosis?