ClamAV version : clamscan / ClamAV version devel-20040203
OS : FreeBSD 4.9-STABLE #35: Wed Jan 28
It seems clamscan is having trouble finding SCO.a in a multiply-attached
file.
I have the following files:
vir1: multiply-attached message with SCO.a
On Wednesday 04 Feb 2004 1:26 pm, James F. Hranicky wrote:
The files can be found here
http://www.cise.ufl.edu/~jfh/sco-examples
But they can't be accessed:
www.cise.ufl.edu/~jfh/sco-examples/vir1
Either you are not authorized to access the requested page on the CISE Web Server, or
On Wed, 4 Feb 2004 14:16:07 +
Nigel Horne [EMAIL PROTECTED] wrote:
On Wednesday 04 Feb 2004 1:26 pm, James F. Hranicky wrote:
The files can be found here
http://www.cise.ufl.edu/~jfh/sco-examples
But they can't be accessed:
Sorry, fixed.
As usual, the best method is to
This is another post about the problems that some people have been
having with sco.a seemingly making it past clam due to doggy mime
structure in bounce messages.
I noticed that Symantec on our exchange servers (which are behind a
mailscanner box running clam and sophos) is picking up a few Sco's
Try the --mbox option on clamscan. I was having this problem too.
Jim
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of McKeever
Chris
Sent: Monday, February 02, 2004 10:42 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] sco.a+clamav+qmailscan
I
I am able to quarantine files based on attachments using qmail-scanner. However, when
they are in the quarantine,
clamscan (not clamdscan) is not picking the sco.a virus. It finds the sco.a when it
is just a regular file, it picks up other viruses when they
are in the quarantine, I am just
On Sat, 31 Jan 2004 08:37:09 - Nigel Horne [EMAIL PROTECTED]
exclaimed:
Already in CVS. It's not a fix though, it's a new feature.
Of course it is!
Shawn
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open
You were absolutely right, the msgs I was refering to were all bounces, my
mistake. Is there a fix in the works for this?
Already in CVS. It's not a fix though, it's a new feature.
Shawn
-Nigel
---
The SF.Net email is sponsored by
On Sat, 31 Jan 2004 09:00:21 + (GMT)
Andy Fiddaman [EMAIL PROTECTED] wrote:
I wouldn't normally suggest changing the signature name for a virus
because it is very common for different virus scanners to call the
same virus by different names, and sometimes it's nice just to be
diferent
Ok Nigel,
You were absolutely right, the msgs I was refering to were all bounces, my
mistake. Is there a fix in the works for this?
Shawn
On Tue, 27 Jan 2004 16:59:08 + Nigel Horne [EMAIL PROTECTED]
exclaimed:
On Tuesday 27 Jan 2004 2:31 pm, Shawn Tayler wrote:
Nigel,
I have
On Wed, 28 Jan 2004 17:34:33 + Nigel Horne [EMAIL PROTECTED]
exclaimed:
This comment has been obseleted by the changes to today's CVS snapshot.
Shawn
-Nigel
Excellent Thanks
---
The SF.Net email is sponsored by EclipseCon
Nigel - thanks for the reply - I didnt have an original, because they do get caught by
the second filter...
I will play around with it and see if I can..however, I sent you an attached file
witht the virus that does get through clam
On Tue, 27 Jan 2004 06:31 , Shawn Tayler [EMAIL PROTECTED]
On Tuesday 27 Jan 2004 2:31 pm, Shawn Tayler wrote:
Nigel,
I have several examples of this. Even with older virii.
Would you be interested in them as well?
Yes but please send me the original. Many people send me the bounce
message which contains the virus. This is no help to the parser, I
On Mon, 26 Jan 2004, Rick Macdougall wrote:
I've blocked over 1000 of them in the last hour or so since I forced a
freshclam.
Oddly enough, Spam Assassin picked one up for me at 4:45 PM EST here. at
4:50, my hourly cron job ran, updated the DB, and I've been filtering them
ever since.
Seem to
I am curious,
It appears that I have missed something very important in my Clamav setup,
0.65, in that I have several examples of Maildir files that contain a
known, detectable virus, that will not show as conatining such unless the
file is converted to binary from mime.
I use the --mbox and
I dunno but I had to restart clamd on all my servers this morning to get
it to notice them.. is that normal?
On Tue, 2004-01-27 at 10:24, Erick Ivaan Lopez Carreon wrote:
El mar, 27-01-2004 a las 02:52, Nigel Horne escribió:
On Tuesday 27 Jan 2004 3:11 am, McKeever Chris wrote:
Any
Nigel - I sent a message to you that made it through the system after I turned off the
second AV for the mail.
so that is an *original* copy of an email that got through
thanks
---
Chris McKeever
If you want to reply directly to me, please use
: Tuesday, January 27, 2004 9:31 AM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] SCO.a
Nigel,
I have several examples of this. Even with older virii.
Would you be interested in them as well?
Shawn
On Tue, 27 Jan 2004 08:52:58 + Nigel Horne [EMAIL PROTECTED]
exclaimed
On Mon, 26 Jan 2004, Kevin Spicer wrote:
On Mon, 2004-01-26 at 23:19, Rick Macdougall wrote:
McAfee has picked it up and is calling it MyDOOM.
Symantec are calling it [EMAIL PROTECTED]
And Kaspersky don't seem to have any name or even any kind of information
for it.
--
Tim Wilde
[EMAIL
On Tuesday 27 Jan 2004 3:11 am, McKeever Chris wrote:
Any suggestions? It finds other virii fine when they are still encoded,
maybe the definitions need to be added for its MIME version?
Please forward an *original* copy (hmm, that's a contradiction in terms)
of the e-mail to me at [EMAIL
Nigel,
I have several examples of this. Even with older virii.
Would you be interested in them as well?
Shawn
On Tue, 27 Jan 2004 08:52:58 + Nigel Horne [EMAIL PROTECTED]
exclaimed:
On Tuesday 27 Jan 2004 3:11 am, McKeever Chris wrote:
Any suggestions? It finds other virii fine
On Tuesday 27 Jan 2004 4:14 pm, McKeever Chris wrote:
Nigel - thanks for the reply - I didnt have an original, because they do
get caught by the second filter... I will play around with it and see if I
can..however, I sent you an attached file witht the virus that does get
through clam
I'd
it finds it fine when it is still an attachment, or after the file has been extracted
from the email?
---
Chris McKeever
If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com
http://www.prupref.com
On Tue, 27 Jan 2004 09:24 ,
El mar, 27-01-2004 a las 11:21, McKeever Chris escribió:
it finds it fine when it is still an attachment, or after the file has been
extracted from the email?
When the file is still attached
Only last night i update virus dB with freshclam, an this morning
another update.
Grettings.
On Tuesday 27 January 2004 09:16 am, Nigel Horne wrote:
On Tuesday 27 Jan 2004 4:14 pm, McKeever Chris wrote:
Nigel - thanks for the reply - I didnt have an original, because they do
get caught by the second filter... I will play around with it and see if
I can..however, I sent you an
I don't want to labour the point, but let me make this clear.
ClamAV DOES find SCO.a in attachments.
ClamAV DOES NOT find viruses in bounce message bodies, all of the examples being
posted are of bounces. Bounce messages do not have attachments, though they ofteb
look like they do. This is a
On Tuesday 27 January 2004 11:12 am, Nigel Horne wrote:
I don't want to labour the point, but let me make this clear.
ClamAV DOES find SCO.a in attachments.
ClamAV DOES NOT find viruses in bounce message bodies, all of the examples
being posted are of bounces. Bounce messages do not have
Hi,
McAfee has picked it up and is calling it MyDOOM.
Virus Information
Name: W32/[EMAIL PROTECTED]
Risk Assessment
- Home Users: High-Outbreak
- Corporate Users:High-Outbreak
Date Discovered:1/26/2004
Date Added: 1/26/2004
Origin: Unknown
Length:
clamscan is finding the SCO.a fine after the attachment has been decoded out of an
email:
/var/spool/qmailscan/quarantine/new/body.pif: Worm.SCO.A FOUND
but it will not find it while it is still in the body of the attachment mime encoded.
29 matches
Mail list logo