Hi guys,
i use clamav together with postfix on my internal mailserver to check
all incoming and outgoing mails. Generally the virus detection works
really well i also installed some of the unofficial signatures which
even more so boosted the accuracy.
Last week we got a mail which contained a scr file inside a rar
clamav-milter let it through and saying it's clean. After that the
windows security essentials software on one of our clients detected the
virus inside the rar package.
I then went to try out why it hasn't been dected (The unrared scr file
get's detected easyly by clamav). So i went and tried out some more
test-rar files, which were provided by clamav and other sources. All got
detected and handled the way we wanted to.
I checked the mime-type if it really was a rar file but it was. Also
checked if maybe the file was packed in a really new rar version but
that also wasn't the case.
Using clamav 0.100.1.
I reinstalled clamav from the base package and set up everything again,
still not able to detect that one specific scr in the rar file.
Maybe someone stumbled across a similar i could also provide the
infected rar file if wanted.
Kind Regards
Drees
_______________________________________________
clamav-users mailing list
[email protected]
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
