On Fri, 19 Nov 2004 14:41:13 +0100 Nicolas Joly <[EMAIL PROTECTED]> wrote:
> > Hi, > > I just made some expermients with ClamAv (0.80 and CVS) and the recent > Worm.Sober.I on my NetBSD/amd64 workstation, and noticed strange > results about UPX support. > > [EMAIL PROTECTED] [virus/xx]> clamscan -V > ClamAV devel-20041119/594/Fri Nov 19 11:06:44 2004 > [EMAIL PROTECTED] [virus/xx]> clamscan --no-summary spidernet.scr > spidernet.scr: Worm.Sober.I FOUND > > But when i try to unpack the worm with `upx', clamscan de not report > an infected file anymore : The Worm.Sober.I signature has been created against the original worm executable and not unpacked data. A generic signature will be added in one of the next updates. -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Nov 19 14:57:49 CET 2004
pgpnCVJbYef35.pgp
Description: PGP signature
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
