On Thu, Oct 28, 2004 at 12:36:06PM +0100, Trog wrote: >On Thu, 2004-10-28 at 12:32, Tomasz Papszun wrote: >> On Wed, 27 Oct 2004 at 19:14:04 +0200, Jacek Politowski wrote:
>>> We have one client, who was trying to send some MS Word (doc) file >>> from Outlook Express. [...] >>> Unfortunately I can't get this suspicious file from our client, so I >>> only want to verify if it's possible to have MS Word file infected by >>> SomeFool.P. >> So, without examining the sample, one can't say if it contained a >> malware or whether it was a false positive. > >... or if it's even a MS Word file. It definitely was a file, that MS Word rendered correctly as its own document. File was created by our customer and he was trying to e-mail it using Outlook Express. ClamAV found SomeFool.P in this file. OE displayed Exim's 550 response (SomeFool.P found). Customer called us. Nothing else is certain about that file ;-) At the moment it's not a really big deal (for us). We didn't have any other reports of possible false positives from other users. ClamAV works great. Thanx for that. Eventually it has replaced Kaspersky AV on our machines. -- Jacek Politowski [EMAIL PROTECTED] _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
