-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I have an updated database, however trashscan failed to detect an exe as the Worm.Gibe.F (which I verified clamav could see it using http://www.gietl.com/test-clamav/ (see below results)
"File is valid, and was successfully uploaded.
clamav scans the file ...
Clamav-Output:
/tmp/phpq0LapZ: Worm.Gibe.F FOUND
And found something:
Worm.Gibe.F
Since clamav already recognizes the content you submitted there is no reason to resubmit it."
Also see the attached header info from the infected email... You can see the X-Virus-Scan: header showing the scanner did run.
My scanner has detected Gibe.F before as well, which adds to my confusion...
% cat /var/log/clamav.log |grep -i gibe
/home/thrawn/tmp/TrashScan-18891/attach/INSTALLATION26.exe: Worm.Gibe.F FOUND
/home/thrawn/tmp/TrashScan-18935/attach/Update.exe: Worm.Gibe.F FOUND
/home/thrawn/tmp/TrashScan-20309/attach/installer169.exe: Worm.Gibe.F FOUND
/home/thrawn/tmp/TrashScan-25614/attach/Upgrade49.exe: Worm.Gibe.F FOUND
/home/thrawn/tmp/TrashScan-26054/attach/Installation.exe: Worm.Gibe.F FOUND
Ray Slakinski
Begin forwarded message:
From: "MS Internet System" <[EMAIL PROTECTED]>
Date: Mon Sep 22, 2003 3:52:40 PM Canada/Eastern
To: " " <[EMAIL PROTECTED]>
Subject: Message
Return-Path: <[EMAIL PROTECTED]>
Received: from ia-rad.interall.com.br (ia-rad.interall.com.br [200.246.5.21]) by core.sdf1.net (8.12.9/8.12.9) with ESMTP id h8MK9ZMs027865 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for <[EMAIL PROTECTED]>; Mon, 22 Sep 2003 16:09:38 > -0400
Received: from vohujqiy (server.novacki.com.br [200.246.5.146]) by ia-rad.interall.com.br (8.12.8/8.12.8) with SMTP id h8MJqenL022845; Mon, 22 Sep 2003 16:52:42 -0300
Message-Id: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="huxfevza"
X-Virus-Scan: Scanned by TrashScan v0.08 running on core.sdf1.net
X-Spam-Status: No, hits=3.3 required=6.0 tests=FRIEND_AT_PUBLIC,HTML_50_60,MICROSOFT_EXECUTABLE, MIME_HTML_ONLY,MIME_SUSPECT_NAME,RCVD_IN_OSIRUSOFT_COM version=2.55
X-Spam-Level: ***
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
Status:
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin)
iD8DBQE/b1uHA8nDipmVlmkRAvSsAJsGhv+US/Ti+OGOrC6g4ZdGLdHFOQCguPR/ an90zWUNeWgaNSaTz5SBmcE= =Gfb2 -----END PGP SIGNATURE-----
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
