Dumaru again

Stephan Ilaender mailscanner at LAYLINE.DE
Fri Mar 26 07:16:21 GMT 2004


am 25.03.2004 schrieb Raymond Dijkxhoorn zum Thema
 ## Re: Dumaru again ##

> Hi!
>
> > I don't think this will work, cause MailScanner detects
> > every kind of Netsky etc. also Dumaru.A, but not Y and Z
>
> > Perhaps new beta will fix it ?!?
> > I don't want to upgrade cause it's a production server.
>
> Uhm:
>
> Todays logs:
>
> 500     (first @ 00:07:58, last = 19:24:59)     W32/Dumaru.Y at mm
> 509     (first @ 00:01:08, last = 19:24:02)     W32/Dumaru.Z at mm
>
> Even the Dumaru.AA is now popping up:
>
> 252     (first @ 04:14:29, last = 19:28:53)     W32/Dumaru.AA at mm
>
> Bye,
> Raymond.
>
>

my question would still be: What could I possibly be doing wrong, when clamav
and the clamav-wrapper are able to detect Dumaru.Y (when working on myphoto.zip
directly) but not when it's passed through Mailscanner - whatever Mailscanner
parses the myphoto.zip attachment to - the clamav-wrapper will not detect it as
a virus (at least in my setup / I use --disable-archive because libclamav has a
few false positives otherwise). The Virus itself however is of course spotted by
my other scanner (AntiVir), so yes, the virus is detected. But not by clamav
invoked by Mailscanner. This is not a "not detected" issue but an issue with
clamav and Mailscanner.
clamav detects Dumaru, so does Mailscanner - but Mailscanner is configured to
run with clamav and antivir and only antivir hits. If I attach just the
myphoto.zip to a mail clamav AND antivir hit. If the Virus comes in from the
wild ONLY antivir hits ... strange problem, I know. It's probably a matter of
how the Virus is attached in the real viral message ...
anyone any ideas on this? What could I possibly be doing wrong?

regards,
Stephan



More information about the MailScanner mailing list