[clamav-users] missed virus

McGranahan, Jamen Thu, 15 Nov 2012 13:41:15 -0800

OK, I'm stumped as to why clamav-milter did not catch this virus. It was from 
this address, being masked as from UPS:


rowanhorst...@live.ca<mailto:rowanhorst...@live.ca>, masked as 
customerdesk_upsdeliveryservi...@ups.com<mailto:customerdesk_upsdeliveryservi...@ups.com>

Nov 14 14:13:33 XXXXXX sendmail[13983]: qAEKDT7f013983: 
from=<rowanhorst...@live.ca<mailto:rowanhorst...@live.ca>>, size=3297, class=0, 
nrcpts=1, 
msgid=<ca5501cdc2ac$e6c228e0$a87b5229@customerdesk_upsdeliveryservices>, 
proto=ESMTP, daemon=MTA, relay=[41.82.123.168]
Nov 14 14:13:33 libdig10 sendmail[13983]: qAEKDT7f013983: Milter insert (1): 
header: X-Virus-Scanned: clamav-milter 0.97.6 at xxxx.xxxx.edu
Nov 14 14:13:33 libdig10 sendmail[13983]: qAEKDT7f013983: Milter insert (1): 
header: X-Virus-Status: Clean

It actually missed it on two servers. Thankfully our network security caught it 
before it went out. Here's what they detected the virus as:

"It was detected as Blacole.OZ (Blackhole rootkit stuff).
Incident Name: Blacole.OZ
File: Invoices-14-2012.htm"

Jamen McGranahan
Systems Services Librarian
Vanderbilt University LIbrary
Central Library
Room 811
419 21st Avenue South
Nashville, TN 37214

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] missed virus

Reply via email to