Re: [Clamav-users] clamd & clamav-milter - detected by clamscan (ClamAV 0.83/737) as Trojan.Small-57-3, but it's not stopped by clamav-milter (and clamav-milter works)

Tue, 01 Mar 2005 08:32:38 -0800 

On Tue, 1 Mar 2005, Catalin Pantilimonescu wrote:

I have an exe file which is detected by clamscan (ClamAV 0.83/737) as
Trojan.Small-57-3, but  it's not stopped by clamav-milter.
I've received this file as an attachement ...in a zip file.
The email  was marked by ClamAV as Clean.

Received: from norma.com (rrcs-24-173-199-154.sw.biz.rr.com
[24.173.199.154])
by bit-soft.ro (8.13.1/8.13.1) with SMTP id j216StNJ017682
for < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >; Tue, 1 Mar
2005 08:28:56 +0200
Date: Tue, 01 Mar 2005 00:25:15 -0600

When I scanned this file with clamscan was showed as infected:

[EMAIL PROTECTED] carantina]# clamscan -V
ClamAV 0.83/737/Tue Mar  1 08:22:18 2005
[EMAIL PROTECTED] carantina]# clamscan
/home/catalin/carantina/new_price.zip: Trojan.Small-57-3 FOUND

Even if is sent without being archived it is not detected by milter.
My filter stops eicar.com and other viruses, but not this one.

That virus was added to the database at 00:22:18 -0600. Your email arrived at 08:28:56 +0200. Depending on when you update your database, it's quite likely that this arrived before your server had the update.

Try checking the result of clamdscan, which uses clamd like your milter does in --external mode. You'll find that clamdscan also was unable to detect it immediately. If clamscan detects it, and clamdscan does not, then you probably neglected to enable the NotifyClamd option in your freshclam.conf. That will make it notice the virus updates immediately, rather than waiting for the next selfcheck (every 10 minutes, as I recall). Similarly, you could run the milter without the --external flag, in which case it checks for updates on (nearly) every message.

Sorry I wasn't more helpful in #clamav last night, but it was nearly 4am here in -0600.

Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html

Reply via email to