On Tue, 2 Mar 2004, jef moskot wrote:
For some reason, my system is allowing Worm.Bagle.F-zippwd files
through...
For what it's worth, this seems to be an issue with amavis. By default,
it doesn't scan the body of the message. If/when I get I fix, I'll post
it here so all other dinosaurs can
On Wed, 03 Mar 2004 at 2:47:50 -0500, jef moskot wrote:
On Tue, 2 Mar 2004, jef moskot wrote:
For some reason, my system is allowing Worm.Bagle.F-zippwd files
through...
For what it's worth, this seems to be an issue with amavis. By default,
it doesn't scan the body of the message.
On Wed, 3 Mar 2004, Tomasz Papszun wrote:
Our signatures Worm.Bagle.F-zippwd* are based on the real contents of
mail messages (stream of characters as they are), while amavisd-new (and
probably amavis) divide messages to parts and decode them separately,
hence ClamAV doesn't get the original
On Wed, 03 Mar 2004 at 7:50:34 -0500, jef moskot wrote:
On Wed, 3 Mar 2004, Tomasz Papszun wrote:
Our signatures Worm.Bagle.F-zippwd* are based on the real contents of
mail messages (stream of characters as they are), while amavisd-new (and
probably amavis) divide messages to parts and
For some reason, my system is allowing Worm.Bagle.F-zippwd files through,
but can detect them once they've arrived. I haven't had a single capture
of one of these passworded files.
Example:
clamscan -V
clamscan / ClamAV version 0.67-1
clamscan passworded.sample
passworded.sample: