Noel Jones wrote: > Rick Macdougall wrote: >> Hi, >> >> I have another example where clamdscan fails to find a virus but >> clamscan does. >> >> [EMAIL PROTECTED] aeiadm]# clamdscan /tmp/180334 >> /tmp/180334: OK >> >> ----------- SCAN SUMMARY ----------- >> Infected files: 0 >> Time: 0.033 sec (0 m 0 s) >> >> >> [EMAIL PROTECTED] aeiadm]# clamscan /tmp/180334 >> /tmp/180334: Phishing.Heuristics.Email.SSL-Spoof FOUND >> >> ----------- SCAN SUMMARY ----------- >> Known viruses: 224289 >> Engine version: 0.92 >> Scanned directories: 0 >> Scanned files: 1 >> Infected files: 1 >> Data scanned: 0.04 MB >> Time: 2.207 sec (0 m 2 s) >> >> Dell 850 hardware >> Latest CentOS 4 software >> clamav 0.92 installed from scratch with ./configure >> --disable-zlib-vcheck --sysconfdir=/etc >> >> I have a copy of the message in question if one of the devs would like a >> copy. >> > > Two questions just to clarify... > > Does output of the "clamconf" command contain: > PhishingScanURLs = yes > > > If you stop/restart clamd does it still miss the sample? >
Interesting. PhishingScanURLs was no (hard coded), changing it to yes makes clamdscan see it. How ever the reason I saw it was because a message came in on mail server 3 last night and was not caught, but the message was then forwarded to a user on mail server 2 where it was rejected by clamdscan. Now, mail server 2 did not see the virus this morning when I checked it again but it obviously did last night when PhishingScanURLs = no. Any reason for that that you can see ? Rick _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
