Many viruses not being detected :-(

Wed Aug 4 17:41:11 IST 2004

Pete <> wrote:
> How do you match up the popular/common name of the viruses with the
> clamav obscure name?

MailScanner does this for me.  I have the virus reports
sent to me (so I can easily forward to abuse at respective.isp
on certain offenders) and since I'm running both Sophos
and Clamav I get:
Report: SophosSAVI: mp3music.pif was infected by W32/Netsky-D
            ClamAV Module: mp3music.pif was infected: Worm.SomeFool.Gen-1
            MailScanner: Shortcuts to MS-Dos programs are very dangerous in
email (mp3music.pif)

So, I'm reasonably certain that W32/Netsky-D (as named by Sophos) is
the same as Worm.SomeFool.Gen-1 as named by ClamAV.

If you need help setting your MailScanner.conf up to send you
these reports, feel free to ask, but the easy thing is to search
the .conf for "report".

BTW: As soon as I start getting a lot of messages from a particular
IP I block them at the MTA (usually with a 550: Infected Idiot) so
these reports aren't too overwhelming.  Plus, I like sending them
to abuse at isp -- it actually seems to get something done for the
most part.


-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at
Before posting, please see the Most Asked Questions at     and the archives at

More information about the MailScanner mailing list