On Sun, May 30, 2004 at 03:36:05PM -0400, Stephen Gran wrote: > On Sun, May 30, 2004 at 10:07:32AM +0800, Jerry Chiu [Net Workshop] said: > > A email contain Bagle.AB pass thru my Amavisd-New+Clamd filter. The > > lastest clamav(0.71) and db file (333) is installed. I aslo try Clamwin > > and online scanner to scan the attachment file, all have negative > > result. But when I submitt the virus, it said clamav already detect the > > virus. Is there any problem happening? > > Not here: > [EMAIL PROTECTED]:~$ wget http://www.networkshop.com.hk/~lung/virus/Notification > [EMAIL PROTECTED]:~$ clamscan -m Notification > Notification: Worm.Bagle.Z FOUND > [...] > > Stale files left around? > --
Yes, the full mail is detected as Bagle.Z. I think the point is that if you extract the Info.scr attachment, clamscan doesn't detect any virus in it. The attachment appears to extract correctly, and file(1) reports it is an MS-DOS executable (EXE). So either it's a broken executable and harmless, or it's some variant that isn't properly recognized. The question is, which is it. I can't tell. -- Noel Jones ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
