Re: [Clamav-users] Totally Confused

Fri, 07 May 2004 13:39:22 -0700 

On Friday 07 May 2004 8:52 pm, Phil Ershler wrote:

> Hi,
>       I am attempting to replace our e-mail virus scanner (RAV) with clamav.
> I am running it under OS X 10.3. I have about 250 e-mail messages that
> RAV has quarantined as being virus infected. If I use clamscan to scan
> these files, it only finds a few files that are infected (with
> I.Frame). If I use McAfee Virex, it finds no infected files. Yet RAV
> steadfastly insists that most of these files are infected thusly:

Trust RAV - they have viruses.   Throw them away.

The reason ClamAV and McAfee do not find viruses in the quarantined files is 
almost certainly because RAV has encoded them in some way which renders them 
harmless, rather than leaving virus samples lying around your hard disk.

>       All of the messages in question seem like bogus e-mails with spoofed
> addresses.

In that case, throw them away whether they contain viruses or not.

> I'm really confused as to whether i can trust clamav or not.
> I have downloaded the latest definitions with freshclam and run clamd
> in debug mode to make sure it's using the newly updated databases. Any
> suggestions?

1. Send yourself an Eicar test virus string and make sure it gets detected.

2. Try running it for a while on fresh incoming email (ie: files which haven't 
been mangled by RAV) - if possible, scan your incoming email with ClamAV 
first, then RAV, and see if RAV picks up any infected files.

Regards,

Antony.

-- 
Late in 1972 President Richard Nixon announced that the rate of increase of 
inflation was decreasing.   This was the first time a sitting president used 
a third derivative to advance his case for re-election.

 - Hugo Rossi, Notices of the American Mathematical Society

                                                     Please reply to the list;
                                                           please don't CC me.



-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to