Back to the original problem. Is Simon's answer the cause (only
broken PE headers are detected not broken somewhere else executables)?
Hopefully Arnaud will be able to catch one soon so we can clear up the
mystery!.
I catched two diffrent samples (NetSky.Y and Sober.gen) not catched by
Arnaud Huret [EMAIL PROTECTED] wrote:
I catched two diffrent samples (NetSky.Y and Sober.gen) not catched
by ClamAV but well by TrendMicro VirusWall. I submitted them through
the site but I get a message saying 'already recognized'.
What should I do to submit them to the team for further
Arnaud Huret [EMAIL PROTECTED] wrote:
Here you are.
Many thanks,
Arnaud
Thanks for the samples Arnaud, they are both viable and run on my test kit -
and they are both detected using ClamAV devel-20050413/840/Tue Apr 19 02:42:09
2005.
mail.document.Datex-packed.exe: Worm.Sober.N FOUND
On Tue, 19 Apr 2005 08:44:45 +0200 (CEST)
Arnaud Huret [EMAIL PROTECTED] wrote:
Back to the original problem. Is Simon's answer the cause (only
broken PE headers are detected not broken somewhere else
executables)?
Hopefully Arnaud will be able to catch one soon so we can clear up
Arnaud Huret wrote:
If detecting broken executables is the problem, then:
[snip]
#DisableDefaultScanOptions
##
## Executable files
##
ScanPE
DetectBrokenExecutables
[snip]
does not enable detecting them. Why? because you have to uncomment
DisableDefaultScanOptions to enable or
On Mon, 18 Apr 2005 14:10:35 -0500
René Berber [EMAIL PROTECTED] wrote:
does not enable detecting them. Why? because you have to uncomment
DisableDefaultScanOptions to enable or disable the other options; even
if you have DetectBrokenExecutables uncommented the default value of
disabled is
Tomasz Kojm wrote:
On Mon, 18 Apr 2005 14:10:35 -0500
René Berber [EMAIL PROTECTED] wrote:
does not enable detecting them. Why? because you have to uncomment
DisableDefaultScanOptions to enable or disable the other options; even
if you have DetectBrokenExecutables uncommented the default
SNIP
As we are experimenting ClamAV, we still maintain during evaluation period
a second (and historic) defense line with TrendMicro VirusWall which we
plan to abandon shortly. I observed that VirusWall (the second line
defense) reported 8 hits on (SomeFool) Worm.Netsky.P .Y .and .W.
I used to
René Berber wrote:
Tomasz Kojm wrote:
On Mon, 18 Apr 2005 14:10:35 -0500
René Berber [EMAIL PROTECTED] wrote:
does not enable detecting them. Why? because you have to uncomment
DisableDefaultScanOptions to enable or disable the other options; even
if you have DetectBrokenExecutables uncommented
On Mon, 18 Apr 2005 14:39:02 -0500
René Berber [EMAIL PROTECTED] wrote:
Tomasz Kojm wrote:
On Mon, 18 Apr 2005 14:10:35 -0500
René Berber [EMAIL PROTECTED] wrote:
does not enable detecting them. Why? because you have to uncomment
DisableDefaultScanOptions to enable or disable the
On Tue, 19 Apr 2005 06:22:31 +1000
Owen [EMAIL PROTECTED] wrote:
I used to get the same thing when I set up Clamav. I will point out
that I run Clamav for Windows and call clamscan.exe, not clamdscan.
I have a pretty low volume mail server so the overhead is ot a
concern to me. The
On Mon, Apr 18, 2005 at 02:39:02PM -0500, René Berber said:
Tomasz Kojm wrote:
On Mon, 18 Apr 2005 14:10:35 -0500
René Berber [EMAIL PROTECTED] wrote:
does not enable detecting them. Why? because you have to uncomment
DisableDefaultScanOptions to enable or disable the other options;
Stephen Gran wrote:
[snip]
This option is by default disabled, and is not part of the set
DefaultScanOptions. If you see Default: enabled, it is a member of
the set. Does that make it more clear?
So the OP has a correct configuration but his setup seems to not detect broken
executables...
So the OP has a correct configuration but his setup seems to not detect broken
executables...
Back to the original problem. Is Simon's answer the cause (only broken PE
headers are detected not broken somewhere else executables)?
--
René Berber
As the config seems to be OK (or at least
René Berber [EMAIL PROTECTED] wrote:
So the OP has a correct configuration but his setup seems to not
detect broken executables...
Back to the original problem. Is Simon's answer the cause (only
broken PE headers are detected not broken somewhere else executables)?
It really depends on
15 matches
Mail list logo