> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Andreas > Haase > Sent: Tuesday, April 20, 2004 2:46 PM > To: [EMAIL PROTECTED] > Subject: RE: [Clamav-users] Problems detecting Worm.SomeFool.Y > > > Hello, > > > > Version 0.67 detects the virus correctly, 0.70 doesn't. Comparing the > > > amount of known virus, there is a difference of about 75 > viruses. Needless > > > to say that I updated the signatures several times using > freshclam, which > > > was successfull (no error messages) but the diff between the > installations > > > keeps as it is. > > > > This smells of freshclam downloading the virus definitions to > one location > > and clamav using a copy in a different location. Make sure > > "DatabaseDirectory" has the same location in both > /etc/freshclam.conf and > > /etc/clamav.conf. Mine is DatabaseDirectory /var/lib/clamav > > mx:/etc/clamav # grep DatabaseDirectory *.conf > clamav.conf:DatabaseDirectory /var/lib/clamav > freshclam.conf:DatabaseDirectory /var/lib/clamav > > Thanks for your try, but that doesn't seem to be the solution. >
Have you tried to locate or find *.cvd? Are there other copies somewhere? What about: sigtool -l|grep SomeFool my output is: Worm.SomeFool.Gen-unp Worm.SomeFool.O Worm.SomeFool.P Worm.SomeFool.P-dll Worm.SomeFool.Q Worm.SomeFool.N Worm.SomeFool.R Worm.SomeFool.Q.2 Exploit.HTML.SomeFool.V Worm.SomeFool.X Worm.SomeFool.Y Worm.SomeFool Worm.SomeFool.B Worm.SomeFool.B.2 Worm.SomeFool.D Worm.SomeFool.E Worm.SomeFool.F Worm.SomeFool.Gen-1 Worm.SomeFool.Gen-2 Worm.SomeFool.I Worm.SomeFool.K Worm.SomeFool.L Worm.SomeFool.M Do you have SomeFool.Y listed? > ClamAV was compiled using the option --sysconfdir=/etc/clamav ... and I > figured out another interesting "feature". Clamscan doesn't detect the > worm, but Clamdscan does. > have you tried clamscan -m <message>? > When I use strace to figure out, where clamscan is looking for the config > file, there's no appearance of clamav.conf in the output. > Thats because clamscan doesnt use clamav.conf only clamd/clamdscan That brings up something ive been thinking about recently. With all the people asking why doesnt clamscan listen to settings in /etc/clamav.conf would it be difficult to rename clamav.conf to clamd.conf since only clamd uses it? I realize that this wouldnt always be a good idea since according to freshclam.conf "## This file may be optionally merged with clamav.conf.", but how many people actually merge the 2 into just clamav.conf? I think renaming clamav.conf to clamd.conf would lessen some of the confusion. Anyone else have any opinions on the topic? Jim ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users