Hello all,
Just wondering if anyone else noticed something strange recently with
Worm.Bagle.Gen-3 viruses. Using exim+exiscan-acl+clamav, we have been
seeing several of these viruses sneak thru. Decided to test out 0.87
(upgrading from 0.86.2) on one of the servers where the virus has been
coming thru, we ./configure, make, make install, restart clamd, run a
freshclam --daemon-notify, then do the following:
$ clamdscan price_09.zip
/price_09.zip: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.200 sec (0 m 0 s)
$ unzip price_09.zip
Archive: price_09.zip
inflating: 03.exe
$ clamdscan 03.exe
/03.exe: Worm.Bagle.Gen-3 FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.036 sec (0 m 0 s)
$ clamdscan price_09.zip
/price_09.zip: Worm.Bagle.Gen-3 FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.039 sec (0 m 0 s)
These commands were issued over the course of 30-45 seconds, after a fresh
upgrade and after a freshclam sync. So, first time thru it's fine, next
time not?
-F
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
