At 3:09 PM +0100 9/23/09, Steve Basford wrote:
>
I get lots of 'invoices' from DHL containing a zipped trojan. F-Prot
recognizes them as Win32/Bredolab!Generic but ClamAV does not.
Hi,
Just in case this helps block them... I've been detecting these for a
while if its the same sort of fake invoices I've been receiving here,
using the Sanesecurity signatures:
I also have malware detection for these in winnow_malware.hdb. See
http://www.oitc.com/winnow/clamsigs/MalwareSignatures.html
Tom
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
