When I click those links, my Watchguard 700 reports: WatchGuard firewall: Response denied from http://208.254.57.135:80/activescan/as5free/motor.cab: Unsafe content type "application/octet-stream"
On 9/10/05, Christoph Cordes <[EMAIL PROTECTED]> wrote: > > BitFuzzy wrote: > > Odhiambo Washington wrote: > > > >> * On 10/09/05 13:47 -0500, Pablo Chamorro C. wrote: > >> > >> > >>> I managed to deploy squid + havp + clamav for antivirus control of > >>> web pages/files, and for my surprise this morning I found: > >>> > >>> 10/09/2005 13:08:36 > >>> http://www.pandasoftware.com/activescan/as5free/motor.cab Virus: > >>> Sirius.Annihilator.272 > >>> 10/09/2005 13:09:22 > >>> http://www.pandasoftware.com/activescan/as5free/motor.cab Virus: > >>> Sirius.Annihilator.272 > >>> 10/09/2005 13:10:09 > >>> http://www.pandasoftware.com/activescan/as5free/motor.cab Virus: > >>> Sirius.Annihilator.272 > >>> 10/09/2005 13:15:06 > >>> http://www.pandasoftware.com/activescan/as5free/motor.cab Virus: > >>> Sirius.Annihilator.272 > >>> > >>> Some comment? > >>> > >> > >> > >> ClamAv is right about the virus! At least it tells me the same when I > >> try to download that file. Funnily, I use DansGuardian, not HAVP. We > >> get the same results. So if anyting is 'wrong', it is clamav. > >> > >> > >> > > The file scan'd fine with PcCillin as well. > > > > However, after sending test emails containing the contents of the .cab I > > was able to identify "pskavs.dll" as being the file that's being tagged > > as being infected. > > The problem is that Panda still ships files that contain "plain > viruscode", other vendors encrypt such files to avoid such false > positives. So Clam is right somehow, it found the bytesequence of the > virus in the file. > > Not as an excuse but to prove the fact, i tested the file with some > other scanners, and got the following: > > Scanner 1: Win32:CTX > Scanner 2: Frisk #2 > Scanner 3: W95/Sledge-A > > So you can see it´s not only a problem of ClamAV. We have similar > problems with some vulnerability scanners, that contain plain > exploitcode - it wouldn´t be hard to encrypt the code.... > > However, i will include the file in my update. > > Maybe you want to report the problem to Panda too - imho it´s a problem > that can be solved by them - and be sure they know about it already - if > they read the mails that people send to their support. > > -- > Best regards, > Christoph mailto:[EMAIL PROTECTED] > _______________________________________________ > http://lurker.clamav.net/list/clamav-users.html > _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
