clamav and RAR..(update and feature request)

Steen, Glenn Glenn.Steen at AP1.SE
Mon Mar 7 13:01:02 GMT 2005


> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Martin Hepworth
> Sent: den 7 mars 2005 10:29
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: clamav and RAR..(update and feature request)
> 
(snip)
> I caught two RAR viruses over the w/end, Sophos also picked 
> them up. But
(snip)
> Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR
>          SophosSAVI: 075466.rar was infected by Troj/BagleDl-M
Isn't that just a ClamAV signature for the entire RAR file?
We saw a few more than 2, the first couple or so found by mcafee and
bitdefender, and after a while by that exact clam sig.

I don't use any version 3 capable unrar, except what bdc and uvscan
might be able to do (If any slip through, the second level filename
checks get them... And those were quiet:).

-- Glenn (who will need look into using the new unrar features:)

(snip)
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> <br 
> />************************************************************
> **********
> <br />
> <br />This email and any files transmitted with it are 
> confidential and
> <br />intended solely for the use of the individual or entity 
> to whom they
> <br />are addressed. If you have received this email in error 
> please notify
> <br />the system manager.
> <br />
> <br />This footnote confirms that this email message has been swept
> <br />for the presence of computer viruses and is believed to 
> be clean.
> <br />
> <br 
> />************************************************************
> **********
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list