Salut, un server de mail (postfix+clamav+amavis), permite unor fisiere virusate sa treaca prin el. Atat freshclam cat si clamd cauta "DatabaseDirectory" in acelasi loc, iar update-ul se face cu notificare clamd corecta. La un client al acestui server am "Avast Antivitus" care identifica fisierul virusat cu: --- avast! Antivirus: Inbound message INFECTED: \body.zip#1314120256 (Win32:Mytob-QI [Wrm]) was deleted from the message.
Virus Database (VPS): 0620-1, 17.05.2006 logul facut de amavis: May 18 08:51:45 mailb /usr/local/sbin/amavisd[14130]: (14130-03) ESMTP::10024 /var/amavis/amavis-20060518T085006-14130: <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> Received: SIZE=181481 from u.ro ([127.0.0.1]) by localhost (mailb [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14130-03; Thu, 18 May 2006 08:51:45 +0300 (EEST) May 18 08:51:45 mailb /usr/local/sbin/amavisd[14130]: (14130-03) body hash: 71575b83b0d07faa31d86262efc1a903 May 18 08:51:45 mailb /usr/local/sbin/amavisd[14130]: (14130-03) Checking: <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) p003 1 Content-Type: multipart/mixed May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) p001 1/1 Content-Type: text/plain, size: 83 B, name: May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) p002 1/2 Content-Type: application/octet-stream, size: 131914 B, name: file.zip May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) Checking for banned types and filenames May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) p.path: "P=p003,L=1,M=multipart/mixed | P=p001,L=1/1,M=text/plain" May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) p.path: "P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=application/octet-stream,N=file.zip" May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) Using Clam Antivirus-clamd: (built-in interface) May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) Using (Clam Antivirus-clamd) on dir: CONTSCAN /var/amavis/amavis-20060518T085006-14130/parts\n May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) Clam Antivirus-clamd: Connecting to socket /var/amavis/clamd.sock May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) Clam Antivirus-clamd: Sending CONTSCAN /var/amavis/amavis-20060518T085006-14130/parts\n to UNIX socket /var/amavis/clamd.sock May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) ask_av (Clam Antivirus-clamd): /var/amavis/amavis-20060518T085006-14130/parts CLEAN May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) Clam Antivirus-clamd result: clean May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) spam_scan: not wasting time on SA, message longer than 65536 bytes: 431+178699 May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) spam_scan: hits= May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) FWD via SMTP: [127.0.0.1]:10025 <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) AUTH not needed, user='', MTA offers '' May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) mail_via_smtp: 250 2.6.0 Ok, id=14130-03, from MTA: 250 Ok: queued as 3329C2490D4 May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) Passed, <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID: <[EMAIL PROTECTED]>, Hits: - May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) Passed CLEAN, <[EMAIL PROTECTED]>, Hits: -, tag=3, tag2=6.3, kill=6.3, L/0/0/0 May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) Passed CLEAN, <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Hits: -, tag=3, tag2=6.3, kill=6.3, L/0/0/0 May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) TIMING [total 648 ms] - SMTP EHLO: 3 (1%), SMTP pre-MAIL: 1 (0%), SMTP pre-DATA-flush: 4 (1%), SMTP DATA: 59 (9%), body_hash: 2 (0%), mime_decode: 41 (6%), AV-scan-1: 154 (24%), spam-wb-list: 3 (0%), update_cache: 1 (0%), fwd-connect: 9 (1%), fwd-mail-from: 3 (0%), fwd-rcpt-to: 10 (2%), write-header: 3 (0%), fwd-data: 16 (3%), fwd-data-end: 318 (49%), fwd-rundown: 4 (1%), main_log_entry: 17 (3%), update_snmp: 0 (0%), unlink-2-files: 1 (0%), rundown: 0 (0%) May 18 08:51:46 mailb /usr/local/sbin/amavisd[14130]: (14130-03) load: 2 %, total idle 97.911 s, busy 1.868 s logul freshclam: ClamAV update process started at Wed May 17 02:00:00 2006 main.cvd is up to date (version: 38, sigs: 51206, f-level: 7, builder: tkojm) Downloading daily.cvd [|]Downloading daily.cvd [/]Downloading daily.cvd [-]Downloading daily.cvd [\]Downloading daily.cvd [|]Downloading daily.cvd [/] Downloading daily.cvd [*] daily.cvd updated (version: 1467, sigs: 4415, f-level: 8, builder: acab) Database updated (55621 signatures) from database.clamav.net (IP: 193.219.149.170) Clamd successfully notified about the update. Stiu ca fiecare antivirus isi defineste diferit fiecare inregistrare a denumirilor, dar ceea ca ma intereseaza este: un virus mai nou care inca nu exista in baza clamav-ului, sau am eu ceva belele prin configuratii? Mai exista o astfel de "victima" pe lista? _______________________________________________ RLUG mailing list RLUG@lists.lug.ro http://lists.lug.ro/mailman/listinfo/rlug
