This really looks like a freshclam problem. When you run freshclam do you get an output like:
I have been running freshclam without any trouble, via cron every 24 hours
(and more often than that by hand). So that wasn't the problem, so far as I can tell.
Until a few minutes ago, I was running clamav 0.67. I just upgraded to 0.70-rc, and re-ran my test. Nothing more was detected. clamscan and clamdscan returned the same results.
As I told Eric in private e-mail, I believe that I have solved the
the problem (albeit in the "wrong" way) by changing my SpamAssassin definitions such that MICROSOFT_EXECUTABLE gets 5 points. I was also considering
writing a small plugin that rejects certain encoded virus signatures.
But it would definitely be better to simply get clamav working correctly...
Reuven
