Re: [AMaViS-user] Someone missed a virus..
This is a discussion on Re: [AMaViS-user] Someone missed a virus.. within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; > -----Original Message----- > From: amavis-user-bounces@lists.sourceforge.net > [mailto:amavis-user-bounces@lists.sourceforge.net] On ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-15-2007
|
|||
|
|||
Re: [AMaViS-user] Someone missed a virus..
> -----Original Message----- > From: amavis-user-bounces@lists.sourceforge.net > [mailto:amavis-user-bounces@lists.sourceforge.net] On Behalf > Of Bill Landry > Sent: Friday, June 15, 2007 3:51 PM > To: amavis-user@lists.sourceforge.net > Subject: Re: [AMaViS-user] Someone missed a virus.. > > Michael Scheidell wrote the following on 6/15/2007 12:27 PM -0800: > Thanks for reporting this one Michael, malware distributors > are getting more creative all the time. Just as an FYI, > since I am using the recent "$bypass_decode_parts = 1" > feature that disables all decoding by amavisd-new and instead > passes the raw messages to the virus scanner(s) and relies on > the decoding supported by the virus scanner itself. In this > case I run both clamd and f-prot, and both were able to > detect the trojan inside the .doc file, without any decoding > on the part of > amavisd-new: > > F-Prot: > /var/quarantine/virus/virus-TO4HclB5j1Sz->Proforma_Invoice.doc ->Proforma_Invoice.exe > is a security risk named W32/Dropper.ESR > > ClamD: > /var/quarantine/virus/virus-TO4HclB5j1Sz: Trojan.Dropper-1047 FOUND > > Thanks again, Mark, for adding the ability to bypass all > decoding in amavisd-new, it seems to be working fine for me thus far. Yes, but you only got that because I reported it to clamav at CA: (I use clamav, and at the time, it wasn't in the file: If you had checked that earlier (before daily/3430) you would have missed it. -------- Original Message -------- Subject: Your submission to ClamAV Date: Fri, 15 Jun 2007 19:22:27 +0000 (GMT) From: ClamAV <mailer-daemon@clamav.net> To: scheidell@secnap.net Dear ClamAV user, The following submissions have been processed and published: - 1213966 Trojan.Dropper-1046 See http://cvdpedia.clamav.net/daily/3430 -- Best regards, The ClamAV team __________________________________________________ _______________________ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com __________________________________________________ _______________________ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ 
|
Linear Mode
