Tomasz Papszun wrote:
On Thu, 04 Nov 2004 at 11:48:35 +0300, George Chelidze wrote:
Hello,
I have just found a message which was trapped with sanitizer because of dangerous attachment (message.scr) and I thought it was a new worm. I checked it against clamav online scanner which reported the following:
ClamAV 0.80/572/Wed Nov 3 11:48:18 2004
ClamAV scans the file ...
Clamav-Output:
/tmp/php7TNJzC: OK
Clamav DID NOT identify your sample as malicious content
If you really think your sample is a virus or any other harmful thing clamav should detect please go to
http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
and submit the virus.
I submited the sample but got the following output:
Result:
This virus is already recognized by ClamAV 0.80/572/Wed Nov 3 05:48:18 2004 as Broken.Executable . Be careful when submitting samples and remember to run freshclam!
Please correct the above errors and retry.
I though I missed something and repeated the process but got the same result. Any ideas?
Seems that the scanner at sendvirus.cgi uses the DetectBrokenExecutables option while "clamav online scanner" - not.
So is it a bad idea to enable the same in online scanner? It will save a little bandwidth...
Best Regards,
I think it's perfectly rigth to set this option on ,if - and only if - users do know what it means. Online scanner should describe this Broken.Executable as not malware or possible malware and should propose to use other scanner also to test it.Anyway Broken.Executable could eventually *broke* Your system if You use Windows 9X
Regards Bogusław Brandys _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
