I just took your suggestion and tried it and it still does not detect the virus. I have the original text email that I scan like follows: ./clamscan sample.txt This is a copy of the atomic-time-stamp type file in the Maildir
I do not know the format of the cvd files, I assume I would need to find The signature that matches the unzipped version and create a new entry Just like that but with the password. Thanks Zack -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Moore Sent: Tuesday, July 27, 2004 1:19 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] sigtool outout very large zbuckholz wrote: > I have an email attachment that uvscan is detecting as: > (When zipped) > Found the W32/[EMAIL PROTECTED] virus !!! > > > (When unzipped using password in email text) > > Found the W32/[EMAIL PROTECTED] virus !!! > > > Clamscan detects it as: > > (When unzipped using password in email text) > > gyadu.exe: Worm.Bagle.Gen-1 FOUND > > > (Original zip file that is password protected > > MoreInfo.zip: OK > > > My basic question is why will clamscan not detect this Bagle , and if > its because the password has changed how can I either update the > main.cvd or extract the similar signature and put that into the local.db > with the correct password. This is all assuming that the typically used > password is stored in the main.cvd. > > Clamav needs the original rfc822 message text to detect it as a password protected virus I think. If you're trying to scan the password protected zip file itself, then I don't think it will work. Ryan Moore ---------- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users