[qmailtoaster] Re: question about simscan, clamd and qmail

Tue, 09 Feb 2010 08:10:16 -0800 

Good guess Aleksander.

I think I'd ask the clamav community about this.

Please keep us apprised of what you find.

Michiel van Es wrote:

Hi,
Today I received a suspicious report.zip file with a report.exe attachement. At first I thought that clamav is not up to date: checked it: works and is up to date: 
[r...@pcintelw01 clamd]# freshclam
ClamAV update process started at Tue Feb  9 15:09:10 2010
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) daily.cld is up to date (version: 10371, sigs: 163572, f-level: 44, builder: ccordes)
When I scan the report.zip with Xclamav (clamav gui for os x) it finds a nasty trojan: 

Starting scan…

----------- SCAN SUMMARY -----------
Known viruses: 707886
Engine version: 0.95.3
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.02 MB
Data read: 0.01 MB (ratio 3.00:1)
Time: 2.640 sec (0 m 2 s)
One or more infected files were found, but were left where they are. You can either deal with them yourself, or scan again with the preferences set to move them into a different folder. 

Trojan.Bredolab-573
But the same open source clamav on my mailserver does not find it when I send the message with the report.zip ? Then I tried to send the zipped eicar test message: found by my mailserver..
Does anyone know why the report.zip is found by my CLamXav on OSX using the same engine as the clamd version I use by qmail-toaster and my mailserver isn't? 

Simscan/clamd is seeing it as ok:
@400000004b716917146d7ff4 /var/qmail/simscan/1265723661.274561.31634/eicarcom2.zip: Eicar-Test-Signature FOUND @400000004b71693e2c0f617c /var/qmail/simscan/1265723700.530689.31662/report.zip: OK
Any help is much appreciated as I don't want any virusses slipping through :) 

Kind regards,

Michiel
--------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) 
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!



--
-Eric 'shubes'


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to