I have an email attachment that uvscan is detecting as:
(When zipped) Found the W32/[EMAIL PROTECTED] virus !!!
(When unzipped using password in email text) Found the W32/[EMAIL PROTECTED] virus !!!
Clamscan detects it as: (When unzipped using password in email text) gyadu.exe: Worm.Bagle.Gen-1 FOUND
(Original zip file that is password protected MoreInfo.zip: OK
If I run sigtool as follows /home/clamav/bin/sigtool --list-sigs | grep pwd
I get a list of known virus signatures that come in password zip files.
Worm.Tibbo-zippwd Worm.Bagle.F-zippwd Worm.Bagle.F-zippwd-2 Worm.Bagle.F-zippwd-3 Worm.Bagle.F-zippwd-4 Worm.Bagle.F-zippwd-5 Worm.Bagle.F-zippwd-6 Worm.Bagle.F-zippwd-7 Worm.Bagle.H-zippwd-1 Worm.Bagle.Gen-zippwd-2 Worm.Bagle.Gen-rarpwd Trojan.Dropper.Small.HG-zippwd Worm.Bagle.Gen-zippwd
My basic question is why will clamscan not detect this Bagle , and if its because the password has changed how can I either update the main.cvd or extract the similar signature and put that into the local.db with the correct password. This is all assuming that the typically used password is stored in the main.cvd.
Thanks
Zack
|
- Re: [Clamav-users] sigtool outout very large zbuckholz
- Re: [Clamav-users] sigtool outout very large Ryan Moore
- RE: [Clamav-users] sigtool outout very large zbuckholz
- Re: [Clamav-users] sigtool outout very large Ryan Moore
- Re: [Clamav-users] sigtool outout very large Daniel Lord
- Re: [Clamav-users] sigtool outout very large Tomasz Kojm
- Re: [Clamav-users] sigtool outout very large Tomasz Kojm
- RE: [Clamav-users] sigtool outout very large zbuckholz
- Re: [Clamav-users] sigtool outout very large Tomasz Kojm