Not detected here either, nor by ClamAV at http://virusscan.jotti.org
Scan taken on 23 Jan 2007 14:57:25 (GMT) AntiVir Found nothing ArcaVir Found Trojan.Door.Mirc-based Avast Found Win32:Trojan-gen. {VC} AVG Antivirus Found HideExec.G, IRC/BackDoor.Flood BitDefender Found Trojan.Hidewindows.C, Backdoor.IRC.Zapchast.GJ, Backdoor.IRC.Zapchast.LK ClamAV Found nothing Dr.Web Found Tool.HideApp, Program.mIRC.603 F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Backdoor.IRC.Zapchast, Backdoor.Win32.mIRC-based Fortinet Found nothing Kaspersky Anti-Virus Found Backdoor.IRC.Zapchast, Backdoor.Win32.mIRC-based NOD32 Found IRC/Flood.CP, probably a variant of IRC/Zapchast.J (probable variant) Norman Virus Control Found Zapchast.ACA VirusBuster Found IRC.Flood.BU VBA32 Found Backdoor.IRC.Zapchast#13, BackDoor.IRC.based, Backdoor.IRC.Zapchast#36 Yet over at http://www.virustotal.com: AntiVir 7.3.0.26 01.23.2007 no virus found Authentium 4.93.8 01.22.2007 no virus found Avast 4.7.936.0 01.23.2007 Win32:Trojan-gen. {VC} AVG 386 01.23.2007 IRC/BackDoor.Flood BitDefender 7.2 01.23.2007 Trojan.Hidewindows.C CAT-QuickHeal 9.00 01.22.2007 no virus found ClamAV devel-20060426 01.23.2007 Trojan.IRC.Zapchast-11 DrWeb 4.33 01.23.2007 no virus found eSafe 7.0.14.0 01.23.2007 VBS.Chode911.2 eTrust-InoculateIT 23.73.120 01.23.2007 no virus found eTrust-Vet 30.3.3344 01.23.2007 no virus found Ewido 4.0 01.23.2007 no virus found Fortinet 2.82.0.0 01.23.2007 Misc/Hidewindow F-Prot 3.16f 01.22.2007 no virus found F-Prot4 4.2.1.29 01.22.2007 no virus found Ikarus T3.1.0.27 01.23.2007 Backdoor.IRC.Zapchast Kaspersky 4.0.2.24 01.23.2007 Backdoor.IRC.Zapchast McAfee 4946 01.22.2007 no virus found Microsoft 1.1904 01.23.2007 Trojan:Win32/HideWindows.C NOD32v2 1999 01.23.2007 IRC/Flood.CP Norman 5.80.02 01.23.2007 Zapchast.ACA Panda 9.0.0.4 01.23.2007 no virus found Prevx1 V2 01.23.2007 Covert.Sys.Exec Sophos 4.13.0 01.20.2007 no virus found Sunbelt 2.2.907.0 01.22.2007 IRC.Backdoor.Trojan TheHacker 6.0.3.154 01.22.2007 no virus found UNA 1.83 01.22.2007 Trojan.Win32.Hidewindows.E2AC VBA32 3.11.2 01.22.2007 Backdoor.IRC.Zapchast#13 VirusBuster 4.3.19:9 01.23.2007 IRC.Flood.BU Strange... Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Roy Carin > Sent: 23 January 2007 13:15 > To: ClamAV users ML > Subject: Re: [Clamav-users] libclamav saying DB is old, can't > detect virus > > On 01/23/2007 05:00 AM, Andy wrote: > > Andy ([EMAIL PROTECTED]) wrote: > >> Hey, > >> > >> I'm having some trouble with a virus that got past clamav. > >> > >> Log is pasted below, but I seem to have two problems: > >> > >> 1) libclamav is saying my database is old when it isn't > > > > update... > > > > I didn't want to stop clamav on a production system but on comparing > > the filesizes to another clamav installation I noticed they were > > different. > > > > So even though it shows it reading the right files: > > > >> LibClamAV debug: Loading databases from /var/lib/clamav > >> LibClamAV debug: Loading /var/lib/clamav/daily.cvd > > > > And even though I restarted freshclam and it looked like it > had updated: > > > >> mx tmp # ls -l /var/lib/clamav/daily.cvd > >> -rw-rw-r-- 1 clamav clamav 752606 Jan 23 09:41 > /var/lib/clamav/daily.cvd > > > > ... it obviously hadn't. I deleted the current database > and restarted > > freshclam. It got a new set of files which were different > to old ones, > > and had no problem detecting the virus. > > > > I'm still confused to what caused this though so I can stop > it happening > > again. I'm also still worried it couldn't scan that .exe > file, yet by just > > upgrading the DB it can somehow magically do it now? > > > > Andy. > > > > I'm afraid that I don't have any advice for you, but I can > say that I'm > having a similar problem. > > I received a link to a postcard.exe file in a spam message: > Size: 678849 > MD5sum: 8372e0dcd2ccf5e5247f098e818c5e46 > Site: http://www.newfriendsonline.com/videos/postcard.exe > > Virustotal.com says this about the file: > ClamAV devel-20060426/20070123 found [Trojan.IRC.Zapchast-11] > > So someone's version of clamav can detect the trojan; however, my > installation of clamav (0.88.7) always says the file is clean--even > after I've just run freshclam. > > I even submitted the file to clamav.net a couple of days ago, but my > clamscan still doesn't detect the file. > > -- > > > Send instant messages to your online friends > http://au.messenger.yahoo.com > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html