Hello, Le dimanche 5 Juin 2005 14:33, Odhiambo Washington a écrit : > Hello users, > > On my home network, all http traffic is transparently passed through > DansGuardian, which uses clamd to scan any downloads for viruses. > I am running ClamAv CVS on the home router, which is just a FreeBSD > box giving "controlled" access to all the services my neighbours would > ever want to use. Such controls involve virus scanning and content > filtering. > > Today, I received the following notification after clamd decided that > a download was a Broken Executable. This download happens to be from > Microshit servers, yes? > > I manually downloaded the file in question and as much as I can attest, > it is not broken. It ran without any problem and it's a legit M$ file. > > So I am thinking here is a case of an FP from clamd. Ideas??
As far as I know, it's not a FP. Some setup.exe or install.exe are detected as "Broken PE" by Clamav. These install programs are not using standard exe format. That's not mean they are malwares. Best regards, -- Cordialement, Arnaud Jacques Consultant Sécurité Téléphone / Fax : +33-(0)3.44.39.76.46 Portable : +33-(0)6.24.40.95.03 E-mail : [EMAIL PROTECTED] Securiteinfo.com La Sécurité Informatique - La Sécurité des Informations. 266, rue de Villers 60123 Bonneuil en Valois _______________________________ _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
