Hello,
I have an exe file which is detected by clamscan
(ClamAV 0.83/737) as Trojan.Small-57-3, but it's not stopped by
clamav-milter.
I've received this
file as an attachement ...in a zip file.
The email was
marked by ClamAV as Clean.
Return-Path: <[EMAIL PROTECTED]>
Received: from norma.com (rrcs-24-173-199-154.sw.biz.rr.com [24.173.199.154])
by bit-soft.ro (8.13.1/8.13.1) with SMTP id j216StNJ017682
for <[EMAIL PROTECTED]>; Tue, 1 Mar 2005 08:28:56 +0200
Date: Tue, 01 Mar 2005 00:25:15 -0600
To: "Catalin" <[EMAIL PROTECTED]>
From: "Catalin" <[EMAIL PROTECTED]>
Subject:
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------dunzjqltkebrnpduvvmx"
X-Spam-Flag: YES
X-Spam-Status: Yes, score=6.6 required=5.0 tests=FORGED_RCVD_HELO,
HTML_MESSAGE,HTML_SHORT_LENGTH,MIME_HTML_ONLY,MISSING_SUBJECT,
MSGID_SPAM_LETTERS autolearn=no version=3.0.1
X-Spam-Report:
* 3.2 MSGID_SPAM_LETTERS Spam tool Message-Id: (letters variant)
* 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
* 0.7 HTML_SHORT_LENGTH BODY: HTML is extremely short
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 1.6 MISSING_SUBJECT Missing Subject: header
X-Spam-Level: ******
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on pluto.bit-soft.ro
X-Virus-Scanned: ClamAV version 0.83, clamav-milter version 0.83 on localhost
X-Virus-Status: Clean
Status: O
X-UID: 2565
Content-Length: 21844
X-Keywords:
When I scanned
this file with clamscan was showed as infected:
[EMAIL PROTECTED] carantina]# clamscan -V
ClamAV 0.83/737/Tue Mar 1 08:22:18 2005
[EMAIL PROTECTED] carantina]# clamscan
/home/catalin/carantina/new_price.zip: Trojan.Small-57-3 FOUND----------- SCAN SUMMARY -----------
Known viruses: 31315
Scanned directories: 1
Scanned files: 1
Infected files: 1
Data scanned: 0.03 MB
I/O buffer size: 131072 bytes
Time: 0.489 sec (0 m 0 s)
[EMAIL PROTECTED] carantina]#
Even if is sent
without being archived it is not detected by milter.
My filter stops
eicar.com and other viruses, but not this one.
Task 'pluto WAN - Sending and Receiving' reported error (0x800CCC6F) : 'Your outgoing (SMTP) e-mail server has reported an internal error. If you continue to receive this message, contact your server administrator or Internet service provider (ISP). The server responded: ?4 5.7.1 virus Eicar-Test-Signature detected by ClamAV - http://www.clamav.net'
Task 'pluto WAN - Sending and Receiving' reported error (0x800CCC6F) : 'Your outgoing (SMTP) e-mail server has reported an internal error. If you continue to receive this message, contact your server administrator or Internet service provider (ISP). The server responded: ??4 5.7.1 virus Worm.Klez.H detected by ClamAV - http://www.clamav.net'
Thanks,
Catalin
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html