[Assp-user] CLAMAV catching phishing but nothing else?

Mon, 22 Jan 2007 12:02:22 -0800 

Hello,
I hope this hasn't been discussed already, I don't see that it has.

I have been able to get clamd running on my server and ASSP is accessing it.
However, all I seem to be catching are PHISHING emails.  I have sent test
EICAR messages and they don't get caught.  The ASSP log shows scanning is
occurring, but it just says "OK" for EICAR emails.

I have separately run a Perl script I found on the Web to check a text file
with EICAR code in it, as well as checking an actual message (in my
spool\virus folder) that f-prot (Imail/Declude Virus) caught (and CLAMAV
didn't) as EICAR and it is detected this way.

Is there something happening differently in the way ASSP is accessing clamd?
The clamd log shows reloading of databases (151395 signatures right now) and
logs when it finds something.

Here is a snip of the clamd.log when it finds PHISHING:

Mon Jan 22 11:18:15 2007 -> SelfCheck: Database modification detected.
Forcing reload.
Mon Jan 22 11:18:15 2007 -> Reading databases from C:\Program
Files\clamAV\data Mon Jan 22 11:18:20 2007 -> Database correctly reloaded
(151395 signatures) Mon Jan 22 11:34:04 2007 -> stream 1025:
HTML.Phishing.Pay-38 FOUND

And ASSP Maillog shows:

Jan-22-07 11:34:04 66.17.34.56 <[EMAIL PROTECTED]> to: <email
protected>
                   ClamAV: scanning WL=1:0 NP=:0 LOCAL=1: 
Jan-22-07 11:34:04 66.17.34.56 <[EMAIL PROTECTED]> to: <email
protected>                   ClamAV: scanning done FOUND
HTML.Phishing.Pay-38
Jan-22-07 11:34:04 66.17.34.56 <[EMAIL PROTECTED]> to: <email
protected>
                   virus detected 'HTML.Phishing.Pay-38'

I'm running:

Windows 2003 Server

IMail Server 8.22

ASSP 1.2.7.1(66)

File::Scan::ClamAV 1.8

clamd daemon devel-20070111 (OS: windows, ARCH: i386, CPU: i686)

Thanks for any suggestions.

Geoff

---
[This E-mail scanned for viruses by Declude Virus]


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

Reply via email to