On Mon, 26 Jul 2004, Mitch (WebCob) wrote:
For one thing, the web interface for uploading could be A LOT MORE USEFUL by stating it's current clamscan version, what it detects the upload as, selected options/config, and signature database - just allowing easier confirmation of relavent settings.
I've downloaded the 0.75, and upgraded, ensured my freshclam is running and current, and manually unpacked the zip archive containing the file.
Still don't get a positive scan on my end, though.
Help? Don't want to post the virus publicly of course... what now?
If it makes you feel any better, I'm in the same situation.
I *THINK* it *MIGHT* be because mydoom.o has uneven linelengths in the uuencoding. I know that bug was fixed recently, but there's no note in the ChangeLog of _when_. So maybe only a CVS version will catch these? Who knows?
Frustrated,
Damian Menscher
I think that is the problem I was worrying about frantically a few minutes ago (when I wrote my previous email to the list that hasn't shown up yet). After writing the email I looked again at the virus source, and noticed a really nasty looking base64 section (that matched the base64_illegal SA rule even). So the payload is benign since it can't be executed as far as I can tell, since the attachment is mangled.
Ryan Moore ---------- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
