Hi,
Today I received a suspicious report.zip file with a report.exe attachement.
At first I thought that clamav is not up to date: checked it: works and
is up to date:
[r...@pcintelw01 clamd]# freshclam
ClamAV update process started at Tue Feb 9 15:09:10 2010
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder:
sven)
daily.cld is up to date (version: 10371, sigs: 163572, f-level: 44,
builder: ccordes)
When I scan the report.zip with Xclamav (clamav gui for os x) it finds a
nasty trojan:
Starting scan…
----------- SCAN SUMMARY -----------
Known viruses: 707886
Engine version: 0.95.3
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.02 MB
Data read: 0.01 MB (ratio 3.00:1)
Time: 2.640 sec (0 m 2 s)
One or more infected files were found, but were left where they are.
You can either deal with them yourself, or scan again with the
preferences set to move them into a different folder.
Trojan.Bredolab-573
But the same open source clamav on my mailserver does not find it when I
send the message with the report.zip ?
Then I tried to send the zipped eicar test message: found by my mailserver..
Does anyone know why the report.zip is found by my CLamXav on OSX using
the same engine as the clamd version I use by qmail-toaster and my
mailserver isn't?
Simscan/clamd is seeing it as ok:
@400000004b716917146d7ff4
/var/qmail/simscan/1265723661.274561.31634/eicarcom2.zip:
Eicar-Test-Signature FOUND
@400000004b71693e2c0f617c
/var/qmail/simscan/1265723700.530689.31662/report.zip: OK
Any help is much appreciated as I don't want any virusses slipping
through :)
Kind regards,
Michiel
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com