On Mon, 3 Nov 2003, Antony Stone wrote:
> On Monday 03 November 2003 5:07 pm, Tomasz Kojm wrote:
>
> > On Mon, 3 Nov 2003 16:54:56 +0000
> >
> > Antony Stone <[EMAIL PROTECTED]> wrote:
> > > I've had a look at this sample and ClamAV is indeed detecting that the
> > > zip file contains Worm.Mimail.C, however clamscan also reports "File
> > > size limit exceeded", which confuses MailScanner and results in no
> > > virus being reported by that application.
> >
> > That may be also considered as a bug in MailScanner.
>
> Indeed it could, however I can't see a good reason for clamscan to report
> this message, and therefore I think it's an example of erroneous output from
> clamscan rather than inadequate parsing of the output by MailScanner.
>
> Any idea why this message is being output in this instance?
The ZIP header is corrupted (on purpose, to defeat scanners)... the
"photos.zip" files containing the new virus are broken. Clam is doing the
right thing by reporting the error with the ZIP file. It's a good way to
flag it as "suspect"...
Cheers,
Ed
Ed Phillips <[EMAIL PROTECTED]> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
