> OK, I'm stumped as to why clamav-milter did not catch this virus. It was > from this address, being masked as from UPS: > > > File: Invoices-14-2012.htm" > Hi Jamen,
I've been seeing these java/htm combos over the last few days and been adding detection to phish.ndb. The other bad stuff coming in should be detected with: phish.ndb, rogue.hdb and blurl.ndb OITC's sigs are also recommended. More details here: http://www.sanesecurity.com/clamav/databases.htm Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
