On Tue, 28 Feb 2006 18:07:38 +0000 Steve Basford <[EMAIL PROTECTED]> wrote:
> > BitFuzzy wrote: > > > >> I decoded the hex string and it actually matches "Dear PayPal Member\n" > >> (PayPal instead of Paypal) > >> > > Yea, I caught that, it doesn't make any difference > > Hi, > > In your first post you said you'd tried these: > > Email.Phishing.Paypal.Test.0227001:0:*:446561722050617950616c204d656d6265720a > > Email.Phishing.Paypal.Test.0227001:446561722050617950616c204d656d6265720a > > Firstly, make sure you don't use the 2nd one in an ndb file... it will > cause you problems and won't match anything. > In fact, it's a bug in ClamAV. If you add in the 2nd line above... > nothing at all gets detected using any signature, > which is a bit worrying.... so... you've discovered a "feature" ;) It's not worrying at all. It would be worrying if ClamAV was silently using a broken signature somehow but it properly reports an error: [EMAIL PROTECTED]:/tmp$ echo "Email.Phishing.Paypal.Test.0227001:446561722050617950616c204d656d6265720a" > test.ndb [EMAIL PROTECTED]:/tmp$ clamscan -d test.ndb /tmp LibClamAV Error: Problem parsing database at line 1 LibClamAV Error: Can't load test.ndb: Malformed database ERROR: Malformed database -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Feb 28 19:35:33 CET 2006
signature.asc
Description: PGP signature
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
