Andy ([EMAIL PROTECTED]) wrote: > Hey, > > I'm having some trouble with a virus that got past clamav. > > Log is pasted below, but I seem to have two problems: > > 1) libclamav is saying my database is old when it isn't
update... I didn't want to stop clamav on a production system but on comparing the filesizes to another clamav installation I noticed they were different. So even though it shows it reading the right files: > LibClamAV debug: Loading databases from /var/lib/clamav > LibClamAV debug: Loading /var/lib/clamav/daily.cvd And even though I restarted freshclam and it looked like it had updated: > mx tmp # ls -l /var/lib/clamav/daily.cvd > -rw-rw-r-- 1 clamav clamav 752606 Jan 23 09:41 /var/lib/clamav/daily.cvd ... it obviously hadn't. I deleted the current database and restarted freshclam. It got a new set of files which were different to old ones, and had no problem detecting the virus. I'm still confused to what caused this though so I can stop it happening again. I'm also still worried it couldn't scan that .exe file, yet by just upgrading the DB it can somehow magically do it now? Andy. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
