Meni Shapiro wrote:
Hello List,
I just installed the latest stable clamav 0.80.
My main.db and daily.db are also the latest.
I run clamav on a debian machine (for test purpose - before installing
it on the main mail server which runs crux (yet another dist!))
anyway - back to the problem...
Installation went good.
When i test it with the jpeg.zip, which i got from this list earlier
today, IT did NOT find anything ?!?
i tried unziping (the file contains 2 jpg files) and nothing!
I tried scanning it online in the mentioned site
(http://www.virustotal.com) and most AV software did detect a malware....
Clamav did NOT!
Is that a problem??? or what?
should i go for another AV (i don't want to - but can i trust ClamAV??)
I guess it is a problem of how that 'exploit' is being detected, and the
different mutations of that jpeg exploiting archives are appearing. I've
seen that problem of not detecting different 'mutations' of the MS04-028
vulnerability with other AV products, not only with the version of Clam
we're using on VirusTotal (in my humble opinion I think it is basically
a matter of how signature files are made).
--
Regards,
Julio Canto
Hispasec Sistemas
http://www.hispasec.com
(+34) 902 161 025
Parque Tecnologico de Andalucia
Avda Juan Lopez Pe�alver, 21
M�laga, Espa�a
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
