Tomasz Papszun wrote: > On Thu, 22 Sep 2005 at 11:09:07 +0200, Marco Berizzi wrote: > > David Filion wrote: > > > > > Marco Berizzi wrote: > > > > > > >Hello everybody. > > > >I'm using clam 0.87 with mimedefang. > > > > > > > >This moring a virus has been slipped through. > > > >This is the output from clamdscan: > > > > > > > >/tmp/photo.zip: OK > > > > > > > >----------- SCAN SUMMARY ----------- > > > >Infected files: 0 > > > >Time: 0.143 sec (0 m 0 s) > > > > > > > >and this is the output from clamscan: > > > > > > > >photo.zip: Trojan.W32.PWS.Prostor.A FOUND > > > > > > > >----------- SCAN SUMMARY ----------- > > > >Known viruses: 40212 > > > >Engine version: 0.87 > > > >Scanned directories: 0 > > > >Scanned files: 1 > > > >Infected files: 1 > > > >Data scanned: 0.20 MB > > > >Time: 5.939 sec (0 m 5 s) > > > > > > > >Clearly clamd doesn't recognize it as a virus. > > > >Hints? > > > > > > Did you specify --daemon-notify when you ran/run freshclam? Waiting > > for > > > the daemon to notice the change and update itself seems to take a > > while. > > > > Yes, I run freshclam --daemon-notify. > > I have also restarted both freshclam and clamd. > > > > Trojan.W32.PWS.Prostor.A signature was added to the database in April > 2005, so it's not the matter of delaying in "noticing" the updated > database. Unless you have some very old database somewhere and clamd > using it.
Recent virus are catched (see clamd.log below). > But you may want to verify that there are no some "forgotten" clamd.conf > files in the system and, generally, files from old clamav installation. no. Only one /etc/clamd.conf As you can see clamd is *working* and it is cacthing viruses. Only that stupid zip is slipping throught. Running clamdscan with eicar test file is fine as you can see in the follwing clamd.log file: +++ Started at Thu Sep 22 10:56:33 2005 clamd daemon 0.87 (OS: linux-gnu, ARCH: i386, CPU: i686) Log file size limited to 1048576 bytes. Verbose logging activated. Running as user defang (UID 500, GID 500) Reading databases from /usr/share/clamav Protecting against 40343 viruses. Unix socket file /var/spool/MIMEDefang/clamd.sock Setting connection queue length to 15 Listening daemon: PID: 8037 Archive: Archived file size limit set to 512000 bytes. Archive: Recursion level limit set to 8. Archive: Files limit set to 10. Archive: Compression ratio limit set to 200. Archive support enabled. Archive: RAR support disabled. Portable Executable support enabled. Mail files support enabled. OLE2 support enabled. HTML support enabled. Self checking every 1800 seconds. /var/spool/MIMEDefang/mdefang-j8M98Fd3008197/Work/msg-7825-12.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M98Mn6008199/Work/msg-7825-14.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M995lv008204/Work/msg-7825-16.scr: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9BFkL008217/Work/msg-7825-23.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9CZLc008253/Work/msg-7825-38.cmd: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9FN12008260/Work/msg-7825-41.bat: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9J8Dk008276/Work/msg-7825-46.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9KNa8008280/Work/msg-7825-48.pif: Worm.Mytob.AU FOUND /tmp/CLAM/eicar.com.vir: Eicar-Test-Signature FOUND /var/spool/MIMEDefang/mdefang-j8M9NpAb008309/Work/msg-7825-53.zip: Worm.Mytob.AU FOUND No stats for Database check - forcing reload Reading databases from /usr/share/clamav Database correctly reloaded (40343 viruses) /var/spool/MIMEDefang/mdefang-j8M9XjFV008390/Work/msg-7825-72.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9afUc008439/Work/msg-7825-89.pif: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9cgd3008473/Work/msg-7825-99.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9dUfP008481/Work/msg-7825-102.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9dVFC008482/Work/msg-7825-104.pif: Worm.Mytob.AU FOUND /tmp/CLAM/eicar.com.vir: Eicar-Test-Signature FOUND _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
