On Wed, 04 Feb 2004 at 19:12:27 +0100, Przemyslaw Holowczyc wrote: > > Today morning, I installed the Windows XP on some machine. After that, I > downloaded a latest virus databases and I checked the C:\WINDOWS directory > with a clamscan.exe (windows port). Results are below. > > windows XP > C:\WINDOWS/system32/dllcache/rpcrt4.dll: Exploit.DCOM.Gen FOUND > C:\WINDOWS/system32/dllcache/rpcss.dll: Exploit.DCOM.Gen FOUND > C:\WINDOWS/system32/dllcache/rsvp.exe: Exploit.DCOM.Gen FOUND > C:\WINDOWS/system32/rsvp.exe: Exploit.DCOM.Gen FOUND > C:\WINDOWS/system32/rpcrt4.dll: Exploit.DCOM.Gen FOUND > C:\WINDOWS/system32/rpcss.dll: Exploit.DCOM.Gen FOUND > -- summary -- > Known viruses: 20621 > Scanned directories: 414 > Scanned files: 9015 > Infected files: 6 [...] > Is this correct result? It was a fresh installation :-) [...]
The "normal" way of reporting viruses not yet detected by ClamAV or false positives, is: 1. Scan samples at "clamav online specimen scanner" < http://www.gietl.com/test-clamav/ > and if this doesn't detect a virus go to point 2. (when you believe it's a false one - the opposite - if "COSS" _does_ detect a virus go to point 2.). 2. Submit them at http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi Thank you -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
