Daniel wrote: > Kiril Todorov wrote: > >> Hello list, >> >> Just a quick warning to the ones still running 0.83. >> There seems to be a variation of Bagle which is being catched only by >> the devel versions of clamav 0.84rc1 for example. >> >> Online scanners showed that only Macaffee, nod32 and clam catch those >> new bagle variations. >> >> So, admins - time to upgrade again. > > > Well, I have 0.83 stopping them with amavisd-new. > > Virus scanner output: > /var/spool/amavis/tmp/amavis-20050415T100519-03172/parts/part-00000: > Worm.Bagle.BB-rar FOUND > /var/spool/amavis/tmp/amavis-20050415T100519-03172/parts/part-00003: > Worm.Bagle.BB FOUND > > [EMAIL PROTECTED] virusmails]# clamscan --version > ClamAV 0.83/830/Fri Apr 15 08:44:31 2005 > > [EMAIL PROTECTED] virusmails]# clamscan virus-20050415-101925-03054-03 > virus-20050415-101925-03054-03: Worm.Bagle.BB-rar FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 32854 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.02 MB > I/O buffer size: 131072 bytes > Time: 0.518 sec (0 m 0 s) > > > The definitions for this variant were only recently released. Are you > sure you just hadn't missed the update to daily 830? > > Regards > > Daniel
Hi Daniel, One of the samples wasn't catch by the online scanner, the second one only by the -dev version. Of course I did db update before rescanning them. After upgrading to the rc1 version they were both marked. Maybe... there was a db update meanwhile, can't remember the exact times. Anyway, good news for Mark, who replied earlier that he will not have to upgrade to 0.84rc1 :-)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
