Dumaru again

Spicer, Kevin Kevin.Spicer at BMRB.CO.UK
Fri Mar 26 08:59:01 GMT 2004


Stephan Ilaender wrote:
> am 25.03.2004 schrieb Raymond Dijkxhoorn zum Thema
>  ## Re: Dumaru again ##
> 
>> Hi!
>> 
>>> I don't think this will work, cause MailScanner detects
>>> every kind of Netsky etc. also Dumaru.A, but not Y and Z
>> 
>>> Perhaps new beta will fix it ?!?
>>> I don't want to upgrade cause it's a production server.
>> 
>> Uhm:
>> 
>> Todays logs:
>> 
>> 500     (first @ 00:07:58, last = 19:24:59)     W32/Dumaru.Y at mm
>> 509     (first @ 00:01:08, last = 19:24:02)     W32/Dumaru.Z at mm
>> 
>> Even the Dumaru.AA is now popping up:
>> 
>> 252     (first @ 04:14:29, last = 19:28:53)     W32/Dumaru.AA at mm
>> 
>> Bye,
>> Raymond.
>> 
>> 
> 
> my question would still be: What could I possibly be doing wrong,
> when clamav and the clamav-wrapper are able to detect Dumaru.Y (when
> working on myphoto.zip directly) but not when it's passed through
> Mailscanner - whatever Mailscanner parses the myphoto.zip attachment
> to - the clamav-wrapper will not detect it as a virus (at least in my
> setup / I use --disable-archive because libclamav has a few false
> positives otherwise).

If you are using disable-archive then clam won't look inside archives.  Your other scanner is detecting it either because a) it is configured to unpack archives b) Its signatures are based on the zip file, rather than its contents.  I suggest you turn disable-archive off, and when you get a false positive submit it to the clamav folks (through their web site) in order to get the signature corrected.  They are usually very good at correcting these kind of things.



BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.




More information about the MailScanner mailing list