Not detected here either, nor by ClamAV at http://virusscan.jotti.org
Scan taken on 23 Jan 2007 14:57:25 (GMT)
AntiVir Found nothing
ArcaVir Found Trojan.Door.Mirc-based
Avast Found Win32:Trojan-gen. {VC}
AVG Antivirus Found HideExec.G, IRC/BackDoor.Flood
BitDefender Found Trojan.Hidewindows.C, Backdoor.IRC.Zapchast.GJ,
Backdoor.IRC.Zapchast.LK
ClamAV Found nothing
Dr.Web Found Tool.HideApp, Program.mIRC.603
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Backdoor.IRC.Zapchast,
Backdoor.Win32.mIRC-based
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.IRC.Zapchast,
Backdoor.Win32.mIRC-based
NOD32 Found IRC/Flood.CP, probably a variant of IRC/Zapchast.J
(probable variant)
Norman Virus Control Found Zapchast.ACA
VirusBuster Found IRC.Flood.BU
VBA32 Found Backdoor.IRC.Zapchast#13, BackDoor.IRC.based,
Backdoor.IRC.Zapchast#36
Yet over at http://www.virustotal.com:
AntiVir 7.3.0.26 01.23.2007 no virus found
Authentium 4.93.8 01.22.2007 no virus found
Avast 4.7.936.0 01.23.2007 Win32:Trojan-gen. {VC}
AVG 386 01.23.2007 IRC/BackDoor.Flood
BitDefender 7.2 01.23.2007 Trojan.Hidewindows.C
CAT-QuickHeal 9.00 01.22.2007 no virus found
ClamAV devel-20060426 01.23.2007 Trojan.IRC.Zapchast-11
DrWeb 4.33 01.23.2007 no virus found
eSafe 7.0.14.0 01.23.2007 VBS.Chode911.2
eTrust-InoculateIT 23.73.120 01.23.2007 no virus found
eTrust-Vet 30.3.3344 01.23.2007 no virus found
Ewido 4.0 01.23.2007 no virus found
Fortinet 2.82.0.0 01.23.2007 Misc/Hidewindow
F-Prot 3.16f 01.22.2007 no virus found
F-Prot4 4.2.1.29 01.22.2007 no virus found
Ikarus T3.1.0.27 01.23.2007 Backdoor.IRC.Zapchast
Kaspersky 4.0.2.24 01.23.2007 Backdoor.IRC.Zapchast
McAfee 4946 01.22.2007 no virus found
Microsoft 1.1904 01.23.2007 Trojan:Win32/HideWindows.C
NOD32v2 1999 01.23.2007 IRC/Flood.CP
Norman 5.80.02 01.23.2007 Zapchast.ACA
Panda 9.0.0.4 01.23.2007 no virus found
Prevx1 V2 01.23.2007 Covert.Sys.Exec
Sophos 4.13.0 01.20.2007 no virus found
Sunbelt 2.2.907.0 01.22.2007 IRC.Backdoor.Trojan
TheHacker 6.0.3.154 01.22.2007 no virus found
UNA 1.83 01.22.2007 Trojan.Win32.Hidewindows.E2AC
VBA32 3.11.2 01.22.2007 Backdoor.IRC.Zapchast#13
VirusBuster 4.3.19:9 01.23.2007 IRC.Flood.BU
Strange...
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Roy Carin
> Sent: 23 January 2007 13:15
> To: ClamAV users ML
> Subject: Re: [Clamav-users] libclamav saying DB is old, can't
> detect virus
>
> On 01/23/2007 05:00 AM, Andy wrote:
> > Andy ([EMAIL PROTECTED]) wrote:
> >> Hey,
> >>
> >> I'm having some trouble with a virus that got past clamav.
> >>
> >> Log is pasted below, but I seem to have two problems:
> >>
> >> 1) libclamav is saying my database is old when it isn't
> >
> > update...
> >
> > I didn't want to stop clamav on a production system but on comparing
> > the filesizes to another clamav installation I noticed they were
> > different.
> >
> > So even though it shows it reading the right files:
> >
> >> LibClamAV debug: Loading databases from /var/lib/clamav
> >> LibClamAV debug: Loading /var/lib/clamav/daily.cvd
> >
> > And even though I restarted freshclam and it looked like it
> had updated:
> >
> >> mx tmp # ls -l /var/lib/clamav/daily.cvd
> >> -rw-rw-r-- 1 clamav clamav 752606 Jan 23 09:41
> /var/lib/clamav/daily.cvd
> >
> > ... it obviously hadn't. I deleted the current database
> and restarted
> > freshclam. It got a new set of files which were different
> to old ones,
> > and had no problem detecting the virus.
> >
> > I'm still confused to what caused this though so I can stop
> it happening
> > again. I'm also still worried it couldn't scan that .exe
> file, yet by just
> > upgrading the DB it can somehow magically do it now?
> >
> > Andy.
> >
>
> I'm afraid that I don't have any advice for you, but I can
> say that I'm
> having a similar problem.
>
> I received a link to a postcard.exe file in a spam message:
> Size: 678849
> MD5sum: 8372e0dcd2ccf5e5247f098e818c5e46
> Site: http://www.newfriendsonline.com/videos/postcard.exe
>
> Virustotal.com says this about the file:
> ClamAV devel-20060426/20070123 found [Trojan.IRC.Zapchast-11]
>
> So someone's version of clamav can detect the trojan; however, my
> installation of clamav (0.88.7) always says the file is clean--even
> after I've just run freshclam.
>
> I even submitted the file to clamav.net a couple of days ago, but my
> clamscan still doesn't detect the file.
>
> --
>
>
> Send instant messages to your online friends
> http://au.messenger.yahoo.com
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit
> http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
