-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Nyoman wrote: | | | kata bapak chipset_ (where are yuh chip :p) | | dengan clamscan 0.67 bisa mendeteksi virus tersebut | mungkin punya anda masih versi 0.66 ya ? | | <chipset_> ello! =)) Worm.Bagle.Gen-zippwd clamscan: 0.67. | | | Nyoman. | #nobody is perfect, i am nobody :p | |
Ini ada patch dari milist tetangga .. saya pun udah pake' di clamAV 0.65 .. amavis nya yg di patch :
From: Noel Jones <[EMAIL PROTECTED]> Subject: patches for amavisd-new for encrypted zips To: postfix users <[EMAIL PROTECTED]> Date: Wed, 03 Mar 2004 13:31:54 -0600 X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1 Message-Id: <[EMAIL PROTECTED]>
[sent from the correct mail account this time... grrrr]
amavisd-new has a problem detecting the current Bagel-* viruses that are password encrypted. Clamav is able to detect these viruses if it examines the entire email, but not when it just scans the extracted mime parts.
Amavisd-new by default extracts the mime parts and only scans them, allowing the recent Bagle variants with encrypted zips to slip through.
The following patches (pick one, they all do about the same thing, just in different ways) solve the problem by making the original email message available in the "parts" directory to be scanned by your virus scanner. This is tested and works with clamav, other virus scanners have not been tested and may give different results.
In any case, these are unlikely to break anything.
These patches were recently posted on the amavis-users list and are for the "current" version amavisd-new-20030616-p*. Any of these are sufficient to allow amavisd-new + clamav to detect the Bagle encrypted viruses. This is likely to help other virus scanners, but I haven't tested any others.
patch by Mark Martinec; always scans decoded parts + full original mail message. http://marc.theaimsgroup.com/?l=amavis-user&m=107826666706748&w=2
more complex patch by Ted Cabeen; only scan the full original mail if it contains a ZIP part. All extracted parts are still scanned as before. This can save significant time on mail not containing a zip file. http://marc.theaimsgroup.com/?l=amavis-user&m=107827878627320&w=2
Here is a *very* simple patch by Ted Cabeen. It should apply to just about any version of amavisd-new with some fuzz, and maybe even other variants of amavis* if you can find the right place to insert the single new line. NOTE: change "copy" to "link" in the patch to improve performance and remove the need for File::Copy http://marc.theaimsgroup.com/?l=amavis-user&m=107830495801266&w=2
Saya pake' cara yg ke dua : klik aja link yg kedua .. Semoga dapat membantu ..
- -- ~ Anwar Purnomo ~ <[EMAIL PROTECTED]> ~ PGPKeyID: 6589D68F KeyServer: http://pgp.mit.edu
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFASSmg5efRdWWJ1o8RAvLkAJ97NKRdEuVrA0SOi+tELbNfp5/I5wCgm0gb mQYnsmyXUhQhQ0h8vEl0r0s= =f3eS -----END PGP SIGNATURE-----
-- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip dan info di http://linux.or.id/milis.php FAQ milis http://linux.or.id/faq.php