On Sat, 11 Dec 2010 13:21:05 -0800 Al Varnell <[email protected]> wrote:
> On 12/11/10 20:01, schrieb TAN BUI wrote: > > > We are running ClamAV 96.5 on Slamd64 machines with freshclam > > running every hour to update the virus database; Besides the > > official ClamAV database, we also download those from > > Sanesecurity, SecurityInfo, MalwarePatrol once a day.The > > servers run sendmail 8.14.3 with mimedefang 2.66 calling ClamAV. > > All messages are scanned and delivered if they are virus-free; > > if detected as virus-laden, the messages will be quarantined in > > a specific sub-directory on the same mail servers where we can > > retrieve to examine, if necessary. > > > > Some users have their mail forwarded to an account on another > > system where Sophos is being used. Since October 28, we have > > been notified by the mail administrator of that system some > > messages forwarded from our mail servers are detected by > > Sophos (running on their mail server) as infected with > > Mal/Phish-A . Unfortunately, we do not have the infected > > messages since they are considered "clean" by ClamAV on > > our mail servers and their mail server does not keep a copy > > of infected messages. > > > > We are wondering if anyone else also experience this kind of > > problem. As ClamAV et al. name viruses differently from Sophos, > > we don`t know for sue if ClamAV is detecting Mal/Phish-A . > > > The Sophos site gives three aliases for Mal/Phish-A: Mal/Phish-A looks like a generic/heuristic detection. These kinds of detections will be different from AV to AV, so constructing a list of aliases is not trivial (one AV may detect it via heuristics, another one via multiple signatures with a more specific name, etc.). Easiest would be if you could ask the admin of the site running Sophos to log at least the 'From:' and 'Subject:' fields, then look those up in your logs, and keep a copy of those next time. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
