On Wed, Nov 12, 2003 at 01:43:58PM +0100, Tomasz Papszun wrote:
> On Wed, 12 Nov 2003 at 13:53:28 +0500, Serge Sivkov wrote:
> >
> > Can clamav detect Win32.HLLM.Foo virus? Currently, i must detect this
> virus by DrWeb.
> >
>
> The best solution: check it yourself :-) .
> For instance at "clamav online specimen scanner"
> http://www.gietl.com/test-clamav/
I tested it. My courier-mta checks messages with helps of amavisd-ng
(with CLAMD option),
which uses "ClamAV version 20030226".
The problem seems to be in both clamd and amavisd-ng:
ssp!jormungand% unzip -l photos.zip
Archive: photos.zip
warning [photos.zip]: 2 extra bytes at beginning or within zipfile
(attempting to process anyway)
Length Date Time Name
-------- ---- ---- ----
12832 11-11-03 04:30 photos.jpg.exe
-------- -------
12832 1 file
ssp!jormungand% clamdscan photos.zip
/home/ssp/photos.zip: File size limit exceeded. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
ssp!jormungand% clamscan photos.zip
photos.zip: File size limit exceeded.
photos.zip: Worm.Mimail.C FOUND
----------- SCAN SUMMARY -----------
Known viruses: 10131
Scanned directories: 0
Scanned files: 2
Infected files: 1
So, currently i has switched amavisd to use CLAM option, and all seems
to be Ok.
WBR, ssp
-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
