Mark Penkower wrote:
I am using:
ClamAV 0.83/706/Sun Feb 13 19:14:02 2005, clamav-milter version 0.75c
First, that's rather out of date. Are you sure about the version numbers? Here's my current version info:
ClamAV 0.83/741/Tue Mar 1 13:26:34 2005
It's odd that you would report a DB version of 706 and yet detect Trojan.Small-57-4 below which was added today...
A user on my network received a zip file via email (from outside of our network) that looked like a virus. I asked him to forward the email (within our network) to me. The same of ClamAV would not let him, claiming that the file was infected with trojan.small-57-4.
Why Did ClamAV let the file get to my mail server in the first place. Our incoming Mail Server is the same as our outgoing mail server.
What can I do to prevent this in the future?
Run multiple AV scanners. ClamAV was a bit slow off the mark with the Trojan.Small-57 series; our second-line F-Prot scanner stopped a couple hundred emails which ClamAV now detects as Trojan.Small-57-X but let through between 8PM yesterday and around 10:30 this morning.
Note that in my experience this is rather unusual--the couple hundred stopped by F-Prot in the last 24 hours is far more than the total number stopped by F-Prot in the last two or three months. Normally the only thing F-Prot gets to flag are truncated virii that ClamAV doesn't bother to flag since they're obviously broken, a couple of HTML exploits and the occasional 'suspicious' Excel file.
Regards,
Craig. ------
Thanks,
Mark Penkower
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
