On May 16, 2005, at 10:51 AM, Rainer Zocholl wrote:
[EMAIL PROTECTED](Bart Silverstrim) 16.05.05 08:27
What is the current database version from freshclam for people out there?
It's always shown in the bottom line of http://www.clamav.net/ Latest database release is: main.cvd 31 daily.cvd 879 Latest ClamAV stable release is: 0.85
Thanks for the info. I didn't realize that was there...I knew there were recent threads about versioning problems going around, and began to suspect something was wrong with this one. Apparently not.
I've been getting a huge number of bounces with german subjects, addressed to people with usernames beginning with 3d (just starting to investigate what is going on with this...)
"3d" is "=" and originates from broken ISO interpretation.
Figured that. Knew that most bounces/address attempts with that prefix tended to come from viruses.
but the past few freshclam runs have shown nothing new.
Why should clamav point up? That are just "bounces", there is NO worm inside. They are just sent by a worm. There nothing a virus scanner can do anymore. It's to late now.
What I thought we were seeing was an attempt for a virus to propagate. I've had bounces in some mail systems that still contain the virus, or even if they didn't, I hoped that I'd see something change at the bastion server (update virus database, whatever was trying to propagate would suddenly get flagged as a virus instead of get through and become bounce fodder).
Write to the abuse account of the orignating host, and beg him ot reject all messages for unknown users, and not to bounce them.
The ones I was searching through were actually undeliverables to nonexistent accounts within our network. I was getting the error messages to follow up on.
-Bart
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
