I just checked the submitted sample sent to the list and ClamAV detects the virus as Worm.Sobig.C using the current DB. Some other scanners don't detect the virus since it's a broken sample.
The reason that ClamAV don't detect it with the option --mbox is that the mail is a NDR from "AOL Postmaster"? This means that the virus is located in the transcript of the original mail. To get ClamAV to detect the virus I had to extract the original mail and then extract the attactment. The newest ClamAV snapshot should be able to scan MIME formatted e-mails, but I've not tested this yet... Best regards, Diego d'Ambra -----Original Message----- From: Thomas Lamy [mailto:[EMAIL PROTECTED] Sent: 14. juli 2003 10:26 To: [EMAIL PROTECTED] Subject: Re: [clamav-users] CAN DETECT THIS VIRUS??? Antony Stone wrote: > On Monday 14 July 2003 8:44 am, Jordi Escolá (Desarrollo) ENVIO > DIRECTO wrote: >> >>Anybody can detect this virus using clamscan command line????? > > > My MailScanner system picked it up using Antivir and F-Prot (but not > ClamAV, > which is also installed). > Huh? My copy of AntiVir didn't find it: AntiVir / Linux Version 2.0.7-39 Copyright (C) 1994-2003 by H+BEDV Datentechnik GmbH. All rights reserved. Loading /usr/lib/AntiVir/antivir.vdf ... VDF version: 6.20.0.37 created 11 Jul 2003 For private, non-commercial use only. AntiVir license: 1001015783 for Thomas Lamy, Waidhofen ----- scan results ----- directories: 0 files: 1 alerts: 0 scan time: 00:00:01 ------------------------ Thank you for using AntiVir. So it seems only FProt finds it --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
