Virus being missed. (assumed)

Scott Silva ssilva at SGVWATER.COM
Mon Mar 7 19:26:58 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt Kettler wrote:
> At 01:30 PM 3/4/2005, David Curtis wrote:
>
>> I think I have a virus that is being missed by mailscanner/clamav.
>> Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam,
>> SpamAssassin (score=7.065, required 3.75,
>>  BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00,
>>  HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23,
>>  MSGID_SPAM_LETTERS 2.71)
>>
>> The attachment has a rar file seams to be a randomly generated number
>> with
>> a file dddd.exe in it.
>
>
> Do you have the external unrar utility installed? (note: the latest version
> of rar costs, but there is a freeware command-line unrar for *nix)
>
> See:
> http://www.rarlab.com/rar_add.htm
>
>
> ClamAV's built-in rar support doesn't support the newer rar3 format, so you
> need to install the external unrar utility and then
> edit  /usr/lib/MailScanner/clamav-wrapper to enable the --unrar parameter.
>
> You can use this site to send a rared eicar file.. It wasn't caught by
> clamav until I added external unrar support.
>
> http://www.info-techs.com/eicar.shtml
>

I guess this is another plug for having multiple virus scanners installed.
The above test from info-techs gets stopped by McAfee and BitDefender.



--
"If you have ever eaten crow,
It don't taste like chicken!!"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list