Hi, For some strange reasons, I've seen some malware go past my filters on several occasions. One such case is today, where a mail containing two attachments, one a gif and the other a zip archive, skipped clamd completely and was delivered to my inbox.
However, when I extract the attachment from the file and scan it with clamd, the worm is detected. Either this is a failure of the configuration on my MTA, or in the way clamd analyzes such e-mail. I am running 0.88.7. The mail can be downloaded from here: http://www.wananchi.com/wash/undetected-malware/mail.msg Perhaps I should zip it with a password?? ...and here is what clamd says of the zip archive attached on the mail: $ clamdscan Leonard.zip /mailstore/home/wash/Leonard.zip: Worm.Bagle-14-zippwd FOUND ----------- SCAN SUMMARY ----------- Infected files: 1 Time: 0.001 sec (0 m 0 s) -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington <[EMAIL PROTECTED]> Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ ... I'm IMAGINING a sensuous GIRAFFE, CAVORTING in the BACK ROOM of a KOSHER DELI!! _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
