Hi, I am new to the mail list. We have used Clamav for many years via MailScanner.
Today we have received 172 emails from various addresses and relays with subject line examples: Subject: Your order N13340 for helicopter for the weekend Subject: Your order N14776 for rotorcraft for the weekend Subject: Your order N16400 for chopper for the weekend The emails contain one of the two following virus/worms: Virus name: "Trojan:JS/BlacoleRef.AS" Worm name: "JS/Agent.PX.gen" We have 5 MX servers - Linux running clamav version .97.4 (although clamd -V says 97.3). The virus and worm were not caught by Clamav. Should I just submit the problem email bodies to clamav to review? ----------------------------------------------------- Review /tmp/ClamAV.update.log Fri Apr 13 12:17:29 2012 -> Current working dir is /var/clamav Fri Apr 13 12:17:29 2012 -> Max retries == 5 Fri Apr 13 12:17:29 2012 -> ClamAV update process started at Fri Apr 13 12:17:29 2012 Fri Apr 13 12:17:29 2012 -> Using IPv6 aware code Fri Apr 13 12:17:29 2012 -> Querying current.cvd.clamav.net Fri Apr 13 12:17:29 2012 -> TTL: 900 Fri Apr 13 12:17:29 2012 -> Software version from DNS: 0.97.4 Fri Apr 13 12:17:29 2012 -> main.cvd version from DNS: 54 Fri Apr 13 12:17:29 2012 -> main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) Fri Apr 13 12:17:29 2012 -> daily.cvd version from DNS: 14790 Fri Apr 13 12:17:29 2012 -> daily.cld is up to date (version: 14790, sigs: 149343, f-level: 63, builder: ccordes) Fri Apr 13 12:17:29 2012 -> bytecode.cvd version from DNS: 168 Fri Apr 13 12:17:29 2012 -> bytecode.cld is up to date (version: 168, sigs: 38, f-level: 63, builder: edwin) Fri Apr 13 12:17:30 2012 -> SubmitDetectionStats: Not enough recent data for submission clamd -V ClamAV 0.97.3/14790/Fri Apr 13 10:07:30 2012 Donald Dawson Security Administrator Baker Botts L.L.P. One Shell Plaza 910 Louisiana Houston, TX 77002 W: 713-229-2183 Confidentiality Notice: The information contained in this email and any attachments is intended only for the recipient[s] listed above and may be privileged and confidential. Any dissemination, copying, or use of or reliance upon such information by or to anyone other than the recipient[s] listed above is prohibited. If you have received this message in error, please notify the sender immediately at the email address above and destroy any and all copies of this message. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml