I am not quite sure how to notify you guys of this responsibly outside of the mail list. Unfortunately, attempting to submit this via the virus submit channel says it is already recognized by clamav. clamscan --mbox picks up the virus and clamdscan --mbox does not. This is running 0.74 and clamd was killed completely and restarted forcing a reload of the sigs. Below is the dump showing the problem. The raw mbox is available at www.nsci.us/~ewheeler/new-vs . Note that 0.73 exhibits the same behavior. My first attempt was to upgrade to 0.74 before continuing.
Ideas? -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 [EMAIL PROTECTED] root]$ ls -l /tmp/new-vs -rw-r--r-- 1 root root 36834 Jul 20 17:54 /tmp/new-vs [EMAIL PROTECTED] root]# killall clamd [EMAIL PROTECTED] root]# killall clamd clamd: no process killed [EMAIL PROTECTED] root]# clamd [EMAIL PROTECTED] root]# clamdscan --version clamdscan / ClamAV version 0.74 [EMAIL PROTECTED] root]# clamdscan --mbox /tmp/new-vs /tmp/new-vs: OK ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 0.009 sec (0 m 0 s) [EMAIL PROTECTED] root]# clamscan --mbox /tmp/new-vs /tmp/new-vs: Worm.Bagle.AF.2 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 43583 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.02 MB I/O buffer size: 131072 bytes Time: 0.433 sec (0 m 0 s) ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
