On Sat, 15 May 2004, Tomasz Kojm wrote:
> On Fri, 14 May 2004 18:24:33 -0400 (EDT)
> James Chamberlain <[EMAIL PROTECTED]> wrote:
>
> > Martin Chan wrote:
> > > Today I found a virus passed through the clamav-milter, and I tried
> > > to manual scan it with "clamscan --mbox", but it passed too.
> > >
> > > I'm sure my virus definition is updated and I'm using
> > > clamscan / ClamAV version 0.70
> > >
> > > Scan in "Online scanner" does detect it:
> > >
> > > /tmp/phpv4Ottk: Worm.SomeFool.Q FOUND
> > >
> > > And found something:
> > > * Worm.SomeFool.Q
> >
> > I've had this same problem now a couple times. My virus definitions
> > are up to date and I'm using clamscan / ClamAV 0.70. In my case, the
> > worms in question were listed by the online scanner as Worm.Sober.G
> > and Worm.Bagle.Gen-vbs. Would you like these forwarded to you as
> > well, Nigel?
>
> Better fix your installation.
My installation now works; however, I'm still curious what was broken about
it to begin with. I tried installing in place from a fresh build. That
didn't help. I tried uninstalling and reinstalling from a fresh build. That
didn't help. What finally did the trick was replacing the clamav.conf file.
I don't see what was wrong with my original config file, though. The only
non-comment differences between the two are as follows ("diff good bad",
essentially):
< Example
> LogFile /var/log/clamd.log
> LogTime
> LogClean
> PidFile /var/run/clamd.pid
> User clamav
> ScanMail
< ClamukoScanOnOpen
< ClamukoScanOnClose
< ClamukoScanOnExec
< ClamukoIncludePath /home
< ClamukoMaxFileSize 1M
< ClamukoScanArchive
I'm calling clamscan from amavisd and am not running clamd at the moment, so
most of those options seem like they shouldn't matter to me. What am I
missing? What about this allowed some known viruses through while blocking
other known viruses? For reference, I started with 0.70-rc and upgraded to
0.70 shortly after it was released.
James
-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
