On 5/23/06, Jan Pieter Cornet <[EMAIL PROTECTED]> wrote:
On Tue, May 23, 2006 at 02:06:05PM -0600, Alex Georgopoulos wrote: > Tons maybe a little exaggerated but like Kelson said the users keep retrying > cause they don't get any notification that it is getting blocked so the send > it again. Removing the def from the cvd file is an option but would be They don't get any notification that it is blocked? That sounds like a problem on their end. Or does your mailserver generate a tempfail (4xx error code) when it finds a virus? > anoying to maintain over time. I would really like to know why this is > happening and get it fixed from the source and not a work around that we'll > have to maintain. (Trend, Symantic and Mcafee all said there wasn't > anything wrong with the file) I even took the file converted it to ODF > format then back to Excel and it still gave me a false positvie. I stripped > out he macros too and it still doesn't like it. My hunch is that there is a > problem with the way that particular def works. And you might be right. Please recall that ClamAV comes with a full money back guarantee if it's not performing the way God intended it. Seriously, though: the workaround (removing the sig by extracting the .cvd) might only be necessary once or for a single day. Your customer would be happy, file would get sent (unless the receiving end also uses clamav!), and the problematic sig might be removed/updated from the distribution by one of the next database updates. It's likely however your customer won't hit the same FP twice in short succession (at least - in my experience. FPs are still quite rare). -- Jan-Pieter Cornet <[EMAIL PROTECTED]> !! Disc lamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
Well as peachy as that sounds I wish it were true, I submitted the FP over 5 days ago and it is still listed in the def files. (actually I submitted it again to be sure ) I was hoping too that it would go away after the devs found the issue but it seems to be slipping through the cracks. I know it's free software and I for the most part have been very happy with it, this is the first problem we have had that is causing pain to our customers users. Just trying to get something fixed here for everybody :) The problem with only inbound virus scanning is that the user on the internet they are sharing the file can't get it back to them so that isn't an option either. For the record it's still there Scan started: Tue May 23 14:23:49 2006 C:\Documents and Settings\georgopo\Desktop\<file>.XLS: XF.Sic.L FOUND -- summary -- Known viruses: 56380 Engine version: 0.88.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.23 MB Time: 1.142 sec (0 m 1 s) -------------------------------------- Completed _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
