Fernando Durango wrote:
Hello all,
Just wondering if anyone else noticed something strange recently with
Worm.Bagle.Gen-3 viruses. Using exim+exiscan-acl+clamav, we have been
seeing several of these viruses sneak thru. Decided to test out 0.87
(upgrading from 0.86.2) on one of the servers where the virus has been
coming thru, we ./configure, make, make install, restart clamd, run a
freshclam --daemon-notify, then do the following:
$ clamdscan price_09.zip
/price_09.zip: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.200 sec (0 m 0 s)
$ unzip price_09.zip
Archive: price_09.zip
inflating: 03.exe
$ clamdscan 03.exe
/03.exe: Worm.Bagle.Gen-3 FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.036 sec (0 m 0 s)
$ clamdscan price_09.zip
/price_09.zip: Worm.Bagle.Gen-3 FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.039 sec (0 m 0 s)
These commands were issued over the course of 30-45 seconds, after a fresh
upgrade and after a freshclam sync. So, first time thru it's fine, next
time not?
The signature Worm.Bagle.Gen-3 has been updated several times. Maybe
your update was just between two db updates (you should be able to
verify this by comparing db update notifications and your installation
time).
Best regards,
Diego d'Ambra
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html