Re: [Clamav-users] ClamAV missing 100% of "Worm.SomeFool.Gen-1" on (clamav-users: addressed to exclusive sender for this address) (clamav-users: addressed to exclusive sender for this address) OSX

Wed, 24 Mar 2004 16:34:27 -0800

-- On Wednesday, March 24, 2004 11:58 PM +0100 Tomasz Kojm <[EMAIL PROTECTED]> wrote:

i've had no problems logged re: freshclam updates ... just in case I
did a manual update:

        ClamAV update process started at Wed Mar 24 12:32:55 2004
        Reading CVD header (main.cvd): OK
        main.cvd is up to date (version: 21, sigs: 20094, f-level: 1,
        builder: tkojm) Reading CVD header (daily.cvd): OK
        daily.cvd is up to date (version: 212, sigs: 601, f-level: 1,
        builder: diego)


waited a bit, and another "Worm.SomeFool.Gen-1" snuck thru ... 

Worm.SomeFool.Gen-1 is our name. How does McAffee call it ? Is that
really ClamAV missing that worms ?

well that's a very interesting point ...

so, i checked my clamd.log, only to find:

       <snip>
       -> /tmp/cgpavTzii27: Worm.SomeFool.B-petite FOUND
       -> /tmp/cgpavEgnra7: Worm.SomeFool.I FOUND
       -> /tmp/cgpavE94P3U: Worm.SomeFool.I FOUND
       -> /tmp/cgpavVg2WS9: Worm.SomeFool.Gen-1 FOUND
       -> /tmp/cgpavgEi5iV: Worm.SomeFool.Gen-1 FOUND
       -> /tmp/cgpavNbC6zN: Worm.SomeFool.Gen-1 FOUND
       -> /tmp/cgpavrQf4n0: Worm.SomeFool.Gen-1 FOUND
       -> /tmp/cgpavqIWML2: Worm.SomeFool.Gen-1 FOUND
       <snip>

which means to me cgpav *is* processing the messages, and per your comment abt the name, it IS ClamAV that's catching them ...

yet, i'm receiving notices FROM my *mcafee* filter that *IT* is catching them ... and the message refers the "Worm.SomeFool.*" that you say is ClamAV's name.

the only way that can happen is if the cgpav+clamav+CGPro combination does NOT discard the virus-containing-message in the first place, and passes it on for further processing ...

so, i'm a bit confused at the moment!

maybe "wires are getting crossed" somehow? doesn't make much sense to me, but i'll reboot and watch for awhile ...

richard


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to