On Thu, 22 Sep 2005 at 11:53:55 +0200, Marco Berizzi wrote: > Tomasz Papszun wrote: > > On Thu, 22 Sep 2005 at 11:09:07 +0200, Marco Berizzi wrote: > > > > Marco Berizzi wrote: > > > > >I'm using clam 0.87 with mimedefang. > > > > > > > > > >This moring a virus has been slipped through. > > > > >This is the output from clamdscan: > > > > > > > > > >/tmp/photo.zip: OK > > > > > > > > > >----------- SCAN SUMMARY ----------- > > > > >Infected files: 0 > > > > >Time: 0.143 sec (0 m 0 s) > > > > > > > > > >and this is the output from clamscan: > > > > > > > > > >photo.zip: Trojan.W32.PWS.Prostor.A FOUND > > > > > > > > > >----------- SCAN SUMMARY ----------- > > > > >Known viruses: 40212 > > > > >Engine version: 0.87 [...] > > > > >Clearly clamd doesn't recognize it as a virus. > > > > >Hints? [...] > > Trojan.W32.PWS.Prostor.A signature was added to the database in April > > 2005, so it's not the matter of delaying in "noticing" the updated > > database. Unless you have some very old database somewhere and clamd > > using it. > > Recent virus are catched (see clamd.log below). > > > But you may want to verify that there are no some "forgotten" > clamd.conf > > files in the system and, generally, files from old clamav > installation. > > no. Only one /etc/clamd.conf > > As you can see clamd is *working* and it is cacthing viruses. Only > that stupid zip is slipping throught. Running clamdscan with eicar > test file is fine as you can see in the follwing clamd.log file: [...]
I don't know what can be the reason. Please send me that zipfile - in a zipfile protected with password "virus". -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
