[Clamav-users] know virus not detected

Thu, 15 Apr 2004 04:35:50 -0700 

Hello,
        I have been using amavis+SA+clamd for a few months now and I am VERY 
happy with them.

Recently I noticed some virii getting to my email. While to my standards clam has 
always been very up to date I thought my support could be useful to add new virii to 
the 
database. I got on the clamav page and submitted the files.
I later (today) discovered that there's also an online checker. I thought would have 
been smart to use that before submitting a file so I uploaded ANOTHER virus that I 
received today and the server told me it's already known as "Worm.SomeFool.D". Now 
I wonder why it didn't get caught.
I checked the amavis logs and this is what I found:
Apr 14 14:05:31 defender2 amavis[20505]: (20505-03) Checking: 
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
(20505-03) Checking for banned MIME types and names
(20505-03) Checking for banned (contents-based) file types, 2 parts
(20505-03) Using Clam Antivirus-clamd: (built-in interface)
(20505-03) Clam Antivirus-clamd: Connecting to socket  /var/amavisd/clamd
(20505-03) Clam Antivirus-clamd: Sending CONTSCAN /var/run/amavis/amavis-
20040414T1
25940-20505/parts\n to UNIX socket /var/amavisd/clamd (20505-03) Clam Antivirus-
clamd result: /var/run/amavis/amavis-20040414T125940-20505/parts: OK\n


I cut off servername and date and times, but all this happened in about 1 second. Now 
I wonder why my local clam says it's unknown and the remote (on clamav.net) knows 
it.
I update my virii DB once everyday this is my latest update status:
ClamAV update process started at Thu Apr 15 02:00:00 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm)
daily.cvd updated (version: 263, sigs: 844, f-level: 1, builder: ccordes)
Database updated (21073 signatures) from database.clamav.net (212.31.160.239).


I'm running gentoo, if this matters in any way. I'm referring to the security warning.

Thanks,
        Andrea


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to