Many viruses not being detected :-(

Matt Kettler mkettler at EVI-INC.COM
Tue Aug 3 15:54:55 IST 2004 

<x-flowed>
At 01:46 AM 8/3/2004, BG Mahesh wrote:

>I installed MS 4.32.5-1 yesterday. It uses clamav-0.75.1 and SA 2.63.
>After upgrading to 4.32.5-1 many infected emails are not being deleted.
>When I download my email Norton Anti Virus 2004 is deleting those emails
>
>The viruses that are not being detected are,
>
>W32.Netsky.Z at mm

That's strange. I'm using a similar setup and my copy of clamav seems to
get them just fine.

I currently run commandAV 4.90.2, clamAV 0.75, and SA 2.63 under
MailScanner 4.30.3-2 (plus some patches off the list)

Admittedly my version of ClamAv and MailScanner are both a bit older than
yours, but my copy of Clam does catch Netsky.Z, although it calls it
Worm.SomeFool.Z.

Here's the logs of both scanners firing off on the same message:

   Aug  2 12:28:47 xanadu MailScanner[2498]: Virus and Content Scanning:
Starting
   Aug  2 12:28:47 xanadu MailScanner[2498]:
./i72GSgFB020228/Textfile.zip->Textfile.txt
.exe  Infection: W32/Netsky.Z at mm
   Aug  2 12:28:47 xanadu MailScanner[2498]: Virus Scanning: Command found
1 infections
   Aug  2 12:28:49 xanadu MailScanner[2498]:
/var/spool/MailScanner/incoming/2498/./i72GSgFB020228/Textfile.zip:
Worm.SomeFool.Z FOUND
   Aug  2 12:28:49 xanadu MailScanner[2498]: Virus Scanning: ClamAV found 1
infections
   Aug  2 12:28:49 xanadu MailScanner[2498]: Infected message
i72GSgFB020228 came from 63.205.51.178
   Aug  2 12:28:49 xanadu MailScanner[2498]: Virus Scanning: Found 1 viruses


Is your clamav catching any viruses at all? Does the eicar test match?

Have you tried manually scanning some of the infected files with clamscan?

Have you tried running freshclam manually? Perhaps there's problems
downloading the AV database that might be obvious if you run manually.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

More information about the MailScanner mailing list