I'm seeing a number of false positives on Worm.Gibe.F using clamav-0.70
fully up to date (on FreeBSD 5.2-CURRENT). I've scanned the apparent
hits using up to date Kaspersky, F-Prot and Sophos and none find
anything. This is probably because they've already been cleaned along
the way :)
If I unpack the email (using munpack) then clamav doesn't find anything
in the 2 text, one HTML and 2 GIF files (both appear legit). I assume
it's triggering on something other than an actual signature of malicious
code, but the signature of the mail itself (particularly as clamscan
detects it WITHOUT --mbox).
I can stick a sample of the email in question somewhere if people want,
but I doubt that my results are unique. I've got 77 samples from the
last 2 weeks :)
TIA
--
Rob MacGregor (BOFH) [PGP key ID 0x1E51BF5A]
If I cannot bend Heaven, I shall move Hell.
-- Publius Vergilius Maro (Virgil).
-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
