Virus being missed. (assumed)
ssilva at SGVWATER.COM
Mon Mar 7 19:26:58 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Matt Kettler wrote:
> At 01:30 PM 3/4/2005, David Curtis wrote:
>> I think I have a virus that is being missed by mailscanner/clamav.
>> Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam,
>> SpamAssassin (score=7.065, required 3.75,
>> BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00,
>> HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23,
>> MSGID_SPAM_LETTERS 2.71)
>> The attachment has a rar file seams to be a randomly generated number
>> a file dddd.exe in it.
> Do you have the external unrar utility installed? (note: the latest version
> of rar costs, but there is a freeware command-line unrar for *nix)
> ClamAV's built-in rar support doesn't support the newer rar3 format, so you
> need to install the external unrar utility and then
> edit /usr/lib/MailScanner/clamav-wrapper to enable the --unrar parameter.
> You can use this site to send a rared eicar file.. It wasn't caught by
> clamav until I added external unrar support.
I guess this is another plug for having multiple virus scanners installed.
The above test from info-techs gets stopped by McAfee and BitDefender.
"If you have ever eaten crow,
It don't taste like chicken!!"
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner