Many viruses not being detected :-(
Jason Balicki
kodak at FRONTIERHOMEMORTGAGE.COM
Wed Aug 4 17:41:11 IST 2004
Pete <> wrote:
> How do you match up the popular/common name of the viruses with the
> clamav obscure name?
MailScanner does this for me. I have the virus reports
sent to me (so I can easily forward to abuse at respective.isp
on certain offenders) and since I'm running both Sophos
and Clamav I get:
[snip]
Report: SophosSAVI: mp3music.pif was infected by W32/Netsky-D
ClamAV Module: mp3music.pif was infected: Worm.SomeFool.Gen-1
MailScanner: Shortcuts to MS-Dos programs are very dangerous in
email (mp3music.pif)
[snip]
So, I'm reasonably certain that W32/Netsky-D (as named by Sophos) is
the same as Worm.SomeFool.Gen-1 as named by ClamAV.
If you need help setting your MailScanner.conf up to send you
these reports, feel free to ask, but the easy thing is to search
the .conf for "report".
BTW: As soon as I start getting a lot of messages from a particular
IP I block them at the MTA (usually with a 550: Infected Idiot) so
these reports aren't too overwhelming. Plus, I like sending them
to abuse at isp -- it actually seems to get something done for the
most part.
HTH,
--J(K)
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list