Clifton wrote: > On Wed, Apr 25, 2007 at 02:40:32PM -0600, Gary V wrote: >> > Quite possibly an encrypted, and as of yet, undetected virus. I just got >> > one with a password protected .rar file. I suggest blocking .rar files. I >> > hope your users have not opened any of these. Mine claims to be a patch >> > for an undetected worm. >> >> A-Squared Found nothing >> AntiVir Found nothing >> ArcaVir Found nothing >> Avast Found nothing >> AVG Antivirus Found nothing >> BitDefender Found nothing >> ClamAV Found Email.Phishing.RB-686 >> Dr.Web Found nothing > ... >> VBA32 Found nothing >> >> I think you are getting this virus. I think it's more serious than >> ClamAV thinks it is. I would say there's another storm a brewin'.
> You should be able to stand down from the alert a bit: > ClamAV by default reports known standard phish emails as "viruses", > using this "Email.Phishing" format, to protect unsuspecting users from > getting all their money stolen. No other AV vendors do that, so far as > I know. If you don't want this behavior, ISTR you can disable those > signatures in current versions of ClamAV. > -- Clifton I inquired about this on the ClamAV list. It contains the Nuwar virus but there are extenuating circumstances. http://lurker.clamav.net/thread/20070425.232237.811c419f.en.html Gary V ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
