Tomasz Papszun wrote:
On Thu, 04 Nov 2004 at 11:48:35 +0300, George Chelidze wrote:
Hello,
I have just found a message which was trapped with sanitizer because of dangerous attachment (message.scr) and I thought it was a new worm. I checked it against clamav online scanner which reported the following:
ClamAV 0.80/572/Wed Nov 3 11:48:18 2004
ClamAV scans the file ...
Clamav-Output:
/tmp/php7TNJzC: OK
Clamav DID NOT identify your sample as malicious content
If you really think your sample is a virus or any other harmful thing clamav should detect please go to
http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
and submit the virus.
I submited the sample but got the following output:
Result:
This virus is already recognized by ClamAV 0.80/572/Wed Nov 3 05:48:18 2004 as Broken.Executable . Be careful when submitting samples and remember to run freshclam!
Please correct the above errors and retry.
I though I missed something and repeated the process but got the same result. Any ideas?
Seems that the scanner at sendvirus.cgi uses the DetectBrokenExecutables option while "clamav online scanner" - not.
So is it a bad idea to enable the same in online scanner? It will save a little bandwidth...
Best Regards, -- George Chelidze _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
