> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Bill Landry > Sent: Friday, June 15, 2007 3:51 PM > To: amavis-user@lists.sourceforge.net > Subject: Re: [AMaViS-user] Someone missed a virus.. > > Michael Scheidell wrote the following on 6/15/2007 12:27 PM -0800: > Thanks for reporting this one Michael, malware distributors > are getting more creative all the time. Just as an FYI, > since I am using the recent "$bypass_decode_parts = 1" > feature that disables all decoding by amavisd-new and instead > passes the raw messages to the virus scanner(s) and relies on > the decoding supported by the virus scanner itself. In this > case I run both clamd and f-prot, and both were able to > detect the trojan inside the .doc file, without any decoding > on the part of > amavisd-new: > > F-Prot: > /var/quarantine/virus/virus-TO4HclB5j1Sz->Proforma_Invoice.doc ->Proforma_Invoice.exe > is a security risk named W32/Dropper.ESR > > ClamD: > /var/quarantine/virus/virus-TO4HclB5j1Sz: Trojan.Dropper-1047 FOUND > > Thanks again, Mark, for adding the ability to bypass all > decoding in amavisd-new, it seems to be working fine for me thus far.
Yes, but you only got that because I reported it to clamav at CA: (I use clamav, and at the time, it wasn't in the file: If you had checked that earlier (before daily/3430) you would have missed it. -------- Original Message -------- Subject: Your submission to ClamAV Date: Fri, 15 Jun 2007 19:22:27 +0000 (GMT) From: ClamAV <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Dear ClamAV user, The following submissions have been processed and published: - 1213966 Trojan.Dropper-1046 See http://cvdpedia.clamav.net/daily/3430 -- Best regards, The ClamAV team _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _________________________________________________________________________ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
