On Thu, 29 Jan 2004, Matt Sergeant wrote: > On 28 Jan 2004, at 16:10, Guillaume Filion wrote: > > > Do any of you has been able to make the clamav plugin stop Worm.SCO.A? > > It > > seems to me there's something broken with the plugin... > > Are you sure your virus signatures are up to date? Does your viruses.db > contain Worm.SCO (or Mydoom, which is the wildlist name).
Our clam sigs are updated every hour and clamd has been detecting it as that since this entry in qmail-scanner-1.20 quarantine.log: 26/01/2004 21:38:52 [EMAIL PROTECTED] Returned mail: see transcript for details Worm.SCO.A clamuko: 0.65. uvscan: v4.2.40/v4318. spamassassin: 2.61. Clam is not detecting the new variant, but this is being picked up by uvscan. Our 1st occurance was: 27/01/2004 11:05:02 [EMAIL PROTECTED] [EMAIL PROTECTED] HI the W32/[EMAIL PROTECTED] virus !!! clamuko: 0.65. uvscan: v4.2.40/v4319. spamassassin: 2.61. Which seems now to be detected as: 29/01/2004 11:10:17 [EMAIL PROTECTED] Returned mail: User unknown the W32/[EMAIL PROTECTED] virus !!! clamuko: 0.65. uvscan: v4.2.40/v4320. spamassassin: 2.61. Cheers. -- Mark Powell - UNIX System Administrator - The University of Salford Information Services Division, Clifford Whitworth Building, Salford University, Manchester, M5 4WT, UK. Tel: +44 161 295 4837 Fax: +44 161 295 5888 www.pgp.com for PGP key
