When an email comes in that is infected with Worm.Mimail.G, clamscan isn't catching it, so I did some manual testing:
Scan of the zip file: ------------------------------------------------------------ clamscan readnow.zip readnow.zip: OK ------------------------------------------------------------ Responds that the zip file is fine.
Unzip the zip file: ------------------------------------------------------------ unzip readnow.zip Archive: readnow.zip warning [readnow.zip]: 3 extra bytes at beginning or within zipfile (attempting to process anyway) file #1: bad zipfile offset (local header sig): 3 (attempting to re-compensate) extracting: readnow.doc.scr ----------------------------------------------------------- Strange zip file.. but unzip handled it.
Scan the extracted file: ------------------------------------------------------------ clamscan readnow.doc.scr readnow.doc.scr: Worm.Mimail.G FOUND ------------------------------------------------------------ Clamscan finds the contents to be a virus.
Anyone have any suggestions / fixes for this behavior?.. Clamscan has been great at catching everything else.
-Russell
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
