Viruses getting through

Randal, Phil prandal at
Thu Sep 18 10:17:50 IST 2008

Even the ClamAV team have been "slow" in getting out patterns for these.

There's about three or four mass-mailed trojans doing the rounds, and
the dropped trojans get changed daily or more regularly.

I'm dealing with them by rigorously training Bayes, writing custom SA
rules based on the email content, and attachment-blocking.

Every little bit helps.



Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: mailscanner-bounces at
[mailto:mailscanner-bounces at] On Behalf Of Paul
Sent: 17 September 2008 21:53
To: mailscanner at
Subject: Viruses getting through

For the past few weeks I've had viruses getting through - the pesky ones
that claim to be flight confirmations, bank statements or some such with
small .zip files attached.  I'm sure you know about them.  Some are
tagged as spam but not all.

The headers of a recent one show that the message is classed as clean:

Received: from [] by; Wed, 17 Sep
09:17:36 +0000
Message-ID: <01c918a6$39323800$0ba22dd9 at ghw>
From: "Lindsey Avila" <ghw at>
Subject: Statement of fees 2008/09
Date: Wed, 17 Sep 2008 09:17:36 +0000
MIME-Version: 1.0
X-welshfamily-MailScanner: Found to be clean
X-welshfamily-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=0.407, required 6, autolearn=disabled,
X-welshfamily-MailScanner-From: ghw at
X-Spam-Status: No

I'm using clamav and bitdefender but although updated with the latest
definitions, it's probably ineffective because it's the free version
Running freshclam yields this:

# freshclam
ClamAV update process started at Wed Sep 17 21:41:04 2008 main.cld is up
to date (version: 48, sigs: 399264, f-level: 35, builder:
daily.cld is up to date (version: 8272, sigs: 28579, f-level: 35,

Here's the version of clam:
# clamscan -V
ClamAV 0.94/8272/Wed Sep 17 21:16:02 2008

I'm running MailScanner version 4.71.10.

I did browse the archive of this list but couldn't find the answer.  Any
help appreciated.

MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 

More information about the MailScanner mailing list