René Bellora wrote:
John Hinton wrote:
John Hinton wrote:
In the last couple of weeks, I'm getting reports from users that Norton is reporting W32.Netsky.P making it through from my servers. I'm configured right, have the latest db updates. I'm wondering if this is another of Norton's reporting of 'broken' viruses? I searched the list and only could find data from 2004.
I do know that these are appearing as at least .pif and .jpg extensions.
Sorry, but I don't have one of these messages to send to the clam report virus system.
Seems all other viruses are being handled by Clam on these machines.
do you have 'DetectBrokenExecutables' enabled in clamd.conf ?
regards, René _______________________________________________
Darn! Good call... but as I read it I think I do.. from config...
# With this option clamav will try to detect broken executables and mark # them as Broken.Executable # Default: disabled DetectBrokenExecutables
I assume this a the proper entry.
I'll try to lay my hands on one of these examples and get it to the powers that be. It might be helpful if ClamAV had a sort of 'Virus News' area. A quick place for us to go look for what's going on out there right now. Seems the last time I had an issue like this was a case of a broken exe and back then Clam was not writing sigs for those. Somehow though, I found my answer very quickly.
Sites like F-secure and Norton, and the full list here, seem to have an annoucement area just for viruses. I do see the annouce list. Perhaps I should join that. I also am well aware that Clam is open source, making it radically different from those others.
And, I should follow this whole statement with a big thank you to all those putting time, bandwidth and efforts into Clam as it is a most fantastic product. I'm not meaning to be moaning. :)
Best, John Hinton _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
