OK, I'm stumped as to why clamav-milter did not catch this virus. It was from this address, being masked as from UPS:
[email protected]<mailto:[email protected]>, masked as [email protected]<mailto:[email protected]> Nov 14 14:13:33 XXXXXX sendmail[13983]: qAEKDT7f013983: from=<[email protected]<mailto:[email protected]>>, size=3297, class=0, nrcpts=1, msgid=<ca5501cdc2ac$e6c228e0$a87b5229@customerdesk_upsdeliveryservices>, proto=ESMTP, daemon=MTA, relay=[41.82.123.168] Nov 14 14:13:33 libdig10 sendmail[13983]: qAEKDT7f013983: Milter insert (1): header: X-Virus-Scanned: clamav-milter 0.97.6 at xxxx.xxxx.edu Nov 14 14:13:33 libdig10 sendmail[13983]: qAEKDT7f013983: Milter insert (1): header: X-Virus-Status: Clean It actually missed it on two servers. Thankfully our network security caught it before it went out. Here's what they detected the virus as: "It was detected as Blacole.OZ (Blackhole rootkit stuff). Incident Name: Blacole.OZ File: Invoices-14-2012.htm" Jamen McGranahan Systems Services Librarian Vanderbilt University LIbrary Central Library Room 811 419 21st Avenue South Nashville, TN 37214 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
