I have an email attachment that uvscan is detecting as: (When zipped) Found the W32/[EMAIL PROTECTED] virus !!!
(When unzipped using password in email text)
Found the W32/[EMAIL PROTECTED] virus !!!
Clamscan detects it as:
(When unzipped using password in email text)
gyadu.exe: Worm.Bagle.Gen-1 FOUND
(Original zip file that is password protected
MoreInfo.zip: OK
My basic question is why will clamscan not detect this Bagle , and if its because the password has changed how can I either update the main.cvd or extract the similar signature and put that into the local.db with the correct password. This is all assuming that the typically used password is stored in the main.cvd.
Clamav needs the original rfc822 message text to detect it as a password protected virus I think. If you're trying to scan the password protected zip file itself, then I don't think it will work.
Ryan Moore ---------- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
