[Clamav-users] clamav 0.65 not detecting Worm.Bagle.F

Mon, 01 Mar 2004 23:16:10 -0800

Sorry, might not be the correct mailing list to post but any comments are greatly appreciated.

I have successfully configured MailScanner with ClamAV-0.65. Tested it with some of the known viruses like Mydoom and it was indeed detecting it. Unfortunately, the new variant of virus (Worm.Bagle) was not being detected by ClamAV. Don't have any idea why but here are some of the logs that might help debug the problem:

##############################################################
Mar 2 15:13:15 MTI-MAIL MailScanner[19945]: New Batch: Scanning 1 messages, 32592 bytes
Mar 2 15:13:16 MTI-MAIL MailScanner[19945]: Saved archive copies of i227DEb5020160
Mar 2 15:13:16 MTI-MAIL MailScanner[19945]: Spam Checks: Starting
Mar 2 15:13:27 MTI-MAIL MailScanner[19945]: Virus and Content Scanning: Starting
Mar 2 15:13:27 MTI-MAIL MailScanner[19945]: Uninfected: Delivered 1 messages
Mar 2 15:13:27 MTI-MAIL sendmail[20171]: i227DEb5020160: to=<[EMAIL PROTECTED]>, delay=00:00:13, xdelay=00:00:00, mailer=local, pri=152011, dsn=2.0.0, stat=Sent
##############################################################

The log above came from the sendmail maillog through MailScanner. I tried to send an e-mail with Worm.Bagle virus but it went through my tester account.


So, what I did was to invoke the command line of clamscan and scanned the mailbox itself. Below are the result:

###############################################################
[EMAIL PROTECTED] mail]# clamscan --mbox tester
tester: Worm.Bagle.F-zippwd FOUND

----------- SCAN SUMMARY -----------
Known viruses: 20350
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.07 MB
I/O buffer size: 131072 bytes
Time: 0.998 sec (0 m 0 s)
###############################################################

clamscan had successfully detected the virus.

Any help of pointers are greatly appreciated.

Cheers!

Joey Esquibal


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to