Hi,
I upgraded my clamav (0.85 > 0.86.1) on a mail server yesterday and I'm
having a problem with a particular virus getting through the system.
I received the message as a bounce from an unknown address, so I assumed it
must be a new variant and submitted the sample, which returned:
This virus is already recognized by ClamAV 0.86.1/987/Thu Jul 21 16:57:41
2005 (timezone: +0200 ) as Worm.Mytob.GP . Be careful when submitting
samples and remember to run freshclam!
I'm definitely running this version, as from the freshclam.log:
daily.cvd updated (version: 987, sigs: 423, f-level: 5, builder: diego)
>From my maillog, sending the infected mail to myself:
Jul 22 13:13:39 mail sendmail[15253]:
j6MCDXPG015253:from=<[EMAIL PROTECTED]>,
size=155580, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>,
proto=ESMTP, daemon=MTA, relay=[000.000.000.000]
Jul 22 13:13:39 mail sendmail[15253]: j6MCDXPG015253: Milter add: header:
X-Virus-Scanned: ClamAV version 0.86.1, clamav-milter version 0.86 on
mail.igeek.co.uk
Jul 22 13:13:39 mail sendmail[15253]: j6MCDXPG015253: Milter add: header:
X-Virus-Status: Clean
Jul 22 13:13:41 mail sendmail[15259]: j6MCDXPG015253: to=<[EMAIL PROTECTED]>,
ctladdr=<[EMAIL PROTECTED]> (510/510), delay=00:00:08, xdelay=00:00:01,
mailer=local, pri=185865, dsn=2.0.0, stat=Sent
I've done the obvious things, restarted clamd, clamav-milter. Checked that
the database is indeed up to date. The doesn't appear to be any problems
with the upgrade that I performed. As far as I can see no other virus has
got through, indeed I'm still catching approx 50 an hour which seems to be
about average for my system which is an x86 RH9 box, if that helps working
out what's wrong.
Can anyone shed any light on this problem?
TIA
Regards,
Mark.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
