Did you do some whois'es on the domains, looks like clamav.org isn't hosted by elektrapro at all :) .. with other words: two differect locations (and clamav.org is not up-to-date)
-----Oorspronkelijk bericht----- Van: Benoît Sibaud [mailto:[EMAIL PROTECTED] Verzonden: zaterdag 14 juni 2003 12:32 Aan: [EMAIL PROTECTED] Onderwerp: [clamav-users] Web pages and first try Hi, First some remarks about the website: "GPG Keys" on clamav.org links to http://www.clamav.org/gpg/, which points to unavailable files (like http://www.clamav.org/home/host/clamav.org/html/gpg/README) Idem "Documentation" http://www.clamav.org/doc/ and http://www.clamav.org/home/host/clamav.org/html/doc/clamdoc.pdf) Idem "Support" http://www.clamav.org/support/ and http://www.clamav.org/home/host/clamav.org/html/support/milter-shar and inconsistent pages http://clamav.org/ml: 3 lists http://clamav.elektrapro.com/ml/: 4 lists Now some tests on a Debian Sid (SMP 2 proc) uptodate: ./eicar_com.zip: Eicar-Test-Signature FOUND ./eicar.com.txt: Eicar-Test-Signature FOUND ./eicar.com: Eicar-Test-Signature FOUND ./VIRUS_I-Worm.Scrapworm: VBS/LifeStages.B (clam) FOUND ./eicarcom2.zip: Eicar-Test-Signature FOUND ./VIRUS_I-Worm.Hybris.gen: W98/Hybris.E FOUND ./VIRUS_I-Worm.Hybris.d: W98/Hybris.E FOUND ./VIRUS_I-Worm.Hybris.b: W95/Hybris.PI.000 FOUND In my trash/virus MailDir mailbox (with --mbox option, the 2nd column is the number of infected mails (KAV online scanner), the 3rd the clamav report): clean (disinfection message, antivirus alerts, etc) 22 (22 OK) I-Worm.Avron.c (W32/Avril, Win32/Naith, W32/Lirva) 2 ( 2 OK) I-Worm.Gibe.b (Win32/Gibe, W32/Gibe) 5 ( 5 OK) I-Worm.Klez.damaged (Win32.Klez, W32/Klez) 8 ( 7 IFRAME 1 OK) I-Worm.Klez.e (Win32.Klez, W32/Klez) 2 ( 1 IFRAME 1 OK) I-Worm.Klez.h (Win32.Klez, W32/Klez) 33 (24 IFRAME 9 OK) I-Worm.Lentin.g (W32/Lentin, Valentin(e)) 25 (13 IFRAME 12 OK) I-Worm.Lentin.i (W32/Lentin, Valentin(e)) 9 ( 9 OK) I-Worm.Sircam.c (W32/Sircam) 1 ( 1 OK) I-Worm.Sobig.a (W32/Sobig) 25 (25 OK) I-Worm.Sobig.b (W32/Sobig) 32 (32 OK) I-Worm.Sobig.c (W32/Sobig) 3 ( 3 OK) I-Worm.Tanatos (W32.Bugbear) 2 ( 2 IFRAME) I-Worm.Tanatos.b (W32.Bugbear) 3 ( 2 IFRAME 1 OK) TrojanDropper.VBS.Inor 1 Win32.FunLove.4070 20 (14 IFRAME 6 OK) I put all these mails into one mbox file. clamscan --mbox seems to scan just the beginning of the file and finds just an IFRAME. Did I misread the doc or is there a problem with mbox and maildir? I extract one attachment in each directory (will try on all attachments if I found a way to extract all of them easily): I-Worm.Avron.c (W32/Avril, Win32/Naith, W32/Lirva) Lirva-C FOUND I-Worm.Gibe.b (Win32/Gibe, W32/Gibe) Worm.Gibe.B FOUND I-Worm.Klez.damaged (Win32.Klez, W32/Klez) Worm/Klez.H FOUND (1) I-Worm.Klez.e (Win32.Klez, W32/Klez) Worm/Klez.E FOUND I-Worm.Klez.h (Win32.Klez, W32/Klez) Worm/Klez.H FOUND I-Worm.Lentin.g (W32/Lentin, Valentin(e)) W32/Yaha.g.dam FOUND I-Worm.Lentin.i (W32/Lentin, Valentin(e)) Yaha.K FOUND I-Worm.Sircam.c (W32/Sircam) Sircam FOUND I-Worm.Sobig.a (W32/Sobig) Worm.Sobig.A FOUND I-Worm.Sobig.b (W32/Sobig) Worm.Palyh.A FOUND I-Worm.Sobig.c (W32/Sobig) Worm.Sobig.C FOUND I-Worm.Tanatos (W32.Bugbear) W32/BugBear.A FOUND I-Worm.Tanatos.b (W32.Bugbear) Worm.BugBear.B FOUND TrojanDropper.VBS.Inor VBS.Inor.D FOUND Win32.FunLove.4070 Worm/Klez.H FOUND (2) (1) dixit E. Kaspersky, PE structure is damaged and file can't be executed (2) looks like a misdetection Hope this helps, -- Benoît Sibaud Free software and world heritage http://fsfeurope.org/projects/mankind --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
