Still not recognised.
On Wed, Jun 29, 2011 at 4:00 PM, Mihamina Rakotomandimby
miham...@bbs.mg wrote:
On Wed, 29 Jun 2011 12:45:37 +0300
Henrik K h...@hege.li wrote:
So your users receive lot of legimate exes?
Nope, exes are zipped
--
RMA.
___
Dear,
One of our customers got a virus not detected by
Clamav:dhl-express-prtcopy-Delivery-Failure-Notification-HXZsVlN[...].exe
A fake DHL non-delivery report.
Other engines do detect it:
BitDefender 7.2 2011.06.27 Trojan.Zbot.1911
F-Secure 9.0.16440.0 2011.06.27 Trojan.Zbot.1911
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx poll...@gmail.com wrote:
Are there other user with the same problem? Any solution?
I have the same problem.
I manage a mail server used by a vendor of DHL.
Pretty annoying as far as all emails from DHL are sensible and
important for the suers :-)
On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx poll...@gmail.com wrote:
Are there other user with the same problem? Any solution?
I have the same problem.
I manage a mail server used by a vendor of DHL.
Pretty
On Wed, Jun 29, 2011 at 11:45 AM, Henrik K h...@hege.li wrote:
On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx poll...@gmail.com wrote:
Are there other user with the same problem? Any solution?
I have the same problem.
On 2011-06-29 13:04, polloxx wrote:
On Wed, Jun 29, 2011 at 11:45 AM, Henrik K h...@hege.li wrote:
On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx poll...@gmail.com wrote:
Are there other user with the same problem? Any
On Jun 29, 2011, at 6:04 AM, polloxx wrote:
On Wed, Jun 29, 2011 at 11:45 AM, Henrik K h...@hege.li wrote:
On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx poll...@gmail.com wrote:
Are there other user with the same
If you have a sample of the file, submitting it through ClamAV's submission
interface makes it bubble up so the rule writers can get to it faster.
(instead of waiting for it to come through Virustotal)
J
On Jun 29, 2011, at 5:24 AM, polloxx wrote:
Dear,
One of our customers got a virus
On Wed, 29 Jun 2011 13:12:30 +0300
Török Edwin articulated:
On 2011-06-29 13:04, polloxx wrote:
On Wed, Jun 29, 2011 at 11:45 AM, Henrik K h...@hege.li wrote:
On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby
wrote:
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx
On Wed, Jun 29, 2011 at 12:49 PM, Joel Esler jes...@sourcefire.com wrote:
If you have a sample of the file, submitting it through ClamAV's submission
interface makes it bubble up so the rule writers can get to it faster.
(instead of waiting for it to come through Virustotal)
Joel,
I did
On Jun 29, 2011, at 7:58 AM, polloxx wrote:
On Wed, Jun 29, 2011 at 12:49 PM, Joel Esler jes...@sourcefire.com wrote:
If you have a sample of the file, submitting it through ClamAV's submission
interface makes it bubble up so the rule writers can get to it faster.
(instead of waiting for
I think he should demand all his money back.
--
Michael Scheidell, CTO
SECNAP Network Security
-Original message-
From: Joel Esler jes...@sourcefire.com
To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Wed, Jun 29, 2011 10:50:25 GMT+00:00
Subject: Re: [clamav-users] Virus
On 2011 Jun 29, at 12:49 , Joel Esler wrote:
If you have a sample of the file, submitting it through ClamAV's submission
interface makes it bubble up so the rule writers can get to it faster.
Or if you're lucky and it's the exact same file every time, you can trivially
create your own
Seriously! Why not have the user shut down his mail system entirely.
That would pretty much ensure that no Virus or Malware is delivered via
SMTP.
Your suggest is only feasible if the user never wants to receive any
executable or archived file formats. Assuming that they do, a better
On Wed, 29 Jun 2011 12:45:37 +0300
Henrik K h...@hege.li wrote:
So your users receive lot of legimate exes?
Nope, exes are zipped
--
RMA.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Not detected here too, oldest clamav versions detect it well.
Linux cubo 2.4.27-2-686 #1 Mon May 16 17:03:22 JST 2005 i686 GNU/Linux
ClamAV 0.87.1/1213/Mon Dec 19 15:48:34 2005
([EMAIL PROTECTED]:~)# clamscan attreg.zip
attreg.zip: OK
([EMAIL PROTECTED]:~)# f-prot -ver
Program version: 4.6.3
On Dec 20, 2005, at 04:40 , Luis Miguel R. wrote:
Not detected here too, oldest clamav versions detect it well.
Detection of viruses in a buffer scan isn't working well either, it
doesn't recognize most viruses including the ClamAV test viruses that
the older versions (pre 0.87)
Hamilton Vera said:
Hi list,
Since November, I noticed that clamav 87.1 does not recognize the
following virus.
www.i2.com.br/~hamilton/reg_pass.zip
So I posted it in http://cgi.clamav.net/sendvirus.cgi, but I got no answer
NOD32 detects it as Win32/Sober.Y worm, I'd like to know
On Mon, 19 Dec 2005, Hamilton Vera wrote:
; Since November, I noticed that clamav 87.1 does not recognize the following
; virus.
;
; www.i2.com.br/~hamilton/reg_pass.zip
;
; So I posted it in http://cgi.clamav.net/sendvirus.cgi, but I got no answer
;
; NOD32 detects it as Win32/Sober.Y
Hi Denis, thanks for answering.
What version are you using? I am using and updated 87.1, and I think
that this version is not working.
clamd -V
ClamAV 0.87.1
Received signal: wake up
ClamAV update process started at Mon Dec 19 13:51:22 2005
main.cvd is up to date (version: 34, sigs: 39625,
What version are you using? I am using and updated 87.1, and I think
that this version is not working.
my clamscan (87.1/1213) definitely finds it here (Worm.Sober.U).
--
___
http://lurker.clamav.net/list/clamav-users.html
Hamilton Vera said:
Hi Denis, thanks for answering.
What version are you using? I am using and updated 87.1, and I think
that this version is not working.
I'm running v 87.1. Examine your clamd.conf and freshclam.conf files and
ensure they agree on where the cvd files are being placed. It
Hamilton Vera wrote:
Hi list,
Since November, I noticed that clamav 87.1 does not recognize the
following virus.
www.i2.com.br/~hamilton/reg_pass.zip
Try the development version:
[EMAIL PROTECTED] ~]$ clamscan reg_pass.zip
reg_pass.zip: Worm.Sober.U FOUND
--- SCAN SUMMARY
On Mon, 19 Dec 2005 13:34:00 -0200 (BRDT) in
[EMAIL PROTECTED] Hamilton Vera
[EMAIL PROTECTED] wrote:
NOD32 detects it as Win32/Sober.Y worm, I'd like to know if it is an
isolated case.
Don't assume that NOD32 has identified it correctly, other packages
have false positives you know.
--
Nigel Horne said:
Hamilton Vera wrote:
Hi list,
Since November, I noticed that clamav 87.1 does not recognize the
following virus.
www.i2.com.br/~hamilton/reg_pass.zip
Try the development version:
It would be very nice if future releases of clamd and freshclam printed
out the
Brian Morrison wrote:
On Mon, 19 Dec 2005 16:28:47 + in [EMAIL PROTECTED]
Nigel Horne [EMAIL PROTECTED] wrote:
www.i2.com.br/~hamilton/reg_pass.zip
Try the development version:
[EMAIL PROTECTED] ~]$ clamscan reg_pass.zip
reg_pass.zip: Worm.Sober.U FOUND
So does that
Brian Morrison wrote:
On Mon, 19 Dec 2005 16:28:47 + in [EMAIL PROTECTED]
Nigel Horne [EMAIL PROTECTED] wrote:
www.i2.com.br/~hamilton/reg_pass.zip
Try the development version:
[EMAIL PROTECTED] ~]$ clamscan reg_pass.zip
reg_pass.zip: Worm.Sober.U FOUND
So does that mean a new
Hamilton Vera wrote:
Hi list,
Since November, I noticed that clamav 87.1 does not recognize the
following virus.
www.i2.com.br/~hamilton/reg_pass.zip
So I posted it in http://cgi.clamav.net/sendvirus.cgi, but I got no answer
NOD32 detects it as Win32/Sober.Y worm, I'd like to know if
On Mon, Dec 19, 2005 at 08:39:10AM -0800, Dennis Peterson wrote:
In fact it would be nice to have a command line switch that generates a
listing of what is seen and understood by the applications after reading
the clamd.conf and freshclam.conf files, as well as where they were found.
delurk
Rob Chanter said:
On Mon, Dec 19, 2005 at 08:39:10AM -0800, Dennis Peterson wrote:
In fact it would be nice to have a command line switch that generates a
listing of what is seen and understood by the applications after reading
the clamd.conf and freshclam.conf files, as well as where they
30 matches
Mail list logo