ClamAV misses this!
Gerry Doris
gerry at DORFAM.CA
Mon Sep 1 20:04:19 IST 2003
On Mon, 1 Sep 2003, Antony Stone wrote:
> On Monday 01 September 2003 7:15 pm, Gerry Doris wrote:
>
> > OK, I got another round of those virii that ClamAV is missing. they are
> > picked up by both F-Prot and Trend. I don't think that F-Prot was
> > catching it earlier but my system was updated today at 1:00pm EST and
> > F-Prot now finds it.
> >
> > I had to disable both F-Prot and Trend to get this out. ClamAV is still
> > running.
>
> Hm. Interesting. I gues that since this was Sobig, and that's on my list
> of silent viruses, you haven't received anything back from my system?
>
> It got picked up as Sobig.F by Bitdefender, F-Prot, Inoculan and McAfee,
> which on my system means that it got missed by ClamAV, Kaspersky and NOD32 (I
> run several antivirus engines on a single machine for exactly this sort of
> comparison!).
>
> I can pull the file you sent me out of my quarantine directory, and see if it
> seems to be a complete virus file (none of my A-V scanners said it was a
> damaged or broken sample, so I'm assuming for now that it's real).
>
> I'll submit it to the ClamAV people anyway - I don't know if you're on their
> mailing list, but I've just posted a proposal to maintain an independent list
> of damaged or broken virus samples (which they seem reluctant to include in
> the main signatures list) so that ClamAV doesn't become perceived as being
> behind all the other A-V products, even though that may be because it only
> identifies real viruses, and ignores broken or ineffective ones.
>
> Thanks for sending it, anyway.
>
> Antony.
Thanks for your help on this Antony. I was beginning to think something
had gone very wrong on my system. I've temporarily dropped off the
mailing list that is sending all these virii to me (as well a ton of virus
notifications from other subscribers many of whom are running
MailScanner!).
That mailing list depends solely on MimeDefang/ClamAV. Obviously, that is
proving not to be a good idea.
--
Gerry
"The lyfe so short, the craft so long to learne" Chaucer
More information about the MailScanner
mailing list