Hello, we got reports that several emails carrying the Mytob virus (W32/[EMAIL PROTECTED] as reported by F-Prot) slipped through our ClamAV installation (0.87.1, latest virus database 34/1197). We managed to get a copy of an infected message and submitted it to the ClamAV Virus Database where it was recognised as Broken.Executable.
We are using the default values, more or less, for the scanning options in our clamav-milter/clamd installation and thus DetectBrokenExecutables was disabled by default. Any opinions regarding the DetectBrokenExecutables option? Could we or should we enable it? And if so, why is it disabled by default? The infected message can be found at: http://noc.ntua.gr/~christia/tmp/message Regards, Panagiotis http://noc.ntua.gr/ _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
