On Fri, 03 Oct 2003 at 15:58:31 -0400, Adam Williams wrote: > I have a samba fileserver, and I run clamscan every night as a cron job, > moving infected files to a quanrantine directory (to help prevent any > virii that have made it in from spreading). > > The next morning I look in quarantine and see some files. So I > disinfect them from a Win32PC with either Macafee or Solo, rescan them > and it says they are clean. Then I attempt to e-mail them back to their > owners. but clamav-milter rejects them as infected. > > If I check them with clamscan it says they are still infected, if I > check them with Solo or Macafee both applications say they are clean. > > clamav-milter and clamscan are running on the same host (file server & > mail relay). > > This seems really conflicted. Who is at fault? CLAM or both Solo & > Macafee.
Both reasons are possible: 1) ClamAV's signature may be not optimal, causing false positives, or 2) AV scanners used for disinfecting may not clean infections completely, leaving some fragment of virus in the cleaned file and clamscan finds them still. Anyway, you are encouraged to submit such samples (with a description of the problem!) to the database developers in the usual way, i.e. by http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi Oh, one more general remark: before submitting a sample please verify it using "clamav online specimen scanner" at http://www.gietl.com/test-clamav/ . Though you (Adam) may already know it, I'm writing about it as a general advice - because we sometimes (too frequently) receive samples of viruses which are already detected by ClamAV, but are thought by senders as unknown - seemingly people don't check them, but only judge from a virus name or what... -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
