Alex wrote:
Hi,
We had a user report that their email was tagged with
winnow.botnets.zu.zeus.4637.UNOFFICIAL, according to the logs. How can
I track this, and determine which database it was that contains this
pattern, and why it considered this email to contain this virus?
Hi Alex,
As other posts have indicated, this signature is a Third-Party ClamAV
signature, mainly downloaded
with one of the download scripts, used with the Sanesecurity signatures.
For further reference, there are the Third-Party databases:
http://www.sanesecurity.com/clamav/databases.htm
And this explains who to contact regarding a FP:
http://www.sanesecurity.com/clamav/fps.htm
In addition, there a brilliant Third-Party signature decoder here, which
will easily show you the content of the Third-Party signature,
just cut/paste or type in the signature name and it'll decode it:
http://www.sanesecurity.com/clamav/decodesigs.htm
Cheers,
Steve
Sanesecurity
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
