Hello, I am running clamav 0.95.2 with mimedefang 2.64 and sendmail 8.14.3 on Solaris 10. I am finding that messages with the following are not being detected by clamd, but are detected by clamscan as Trojan.Downloader-77566.
> Dear Customer! > > Thank you for ordering at our online store. > Your order: Sony VAIO A1133651A, was sent at your address. > The tracking number of your postal parcel is indicated in the document > attached to this letter. > Please, print out the postal label for receiving the parcel. > > Internet Store. > > ------=_NextPart_000_0006_01CA3AE2.80D89D20 > Content-Type: application/zip; > name="nz.zip" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="nz.zip" > > UEsDBBQAAgAIAKyZMDtCNISxYRwAAAA4AAAGAAAAbnouZXhl7XsJVFPJtvYJYwbIRJgjJCFIUEFk > UIKABBIIyBBmcSRIgEgIEBIlijIGCGFUYjuhoGKjV221tRUQBQFBG6GdbusV7RbxitLaqIA45p0T Here is what clamscan finds: # clamscan ENTIRE_MESSAGE ENTIRE_MESSAGE: Trojan.Downloader-77566 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 623506 Engine version: 0.95.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.01 MB Data read: 0.01 MB (ratio 1.50:1) Time: 4.645 sec (0 m 4 s) However, clamd (invoked from mimedefang) does not seem to pick this up at all. Other similar trojans such as Email.Trojan.GZC are being detected by clamd. Freshclam is updating the database normally. Any ideas why clamd would miss something that clamscan detects? Eric Swanson _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
