Galactic wrote:
Seems it is already in the DB as something else, Trojan.Downloader-6xx.
Norton was stripping the file from my email so I couldn't read the headers
on it. Not sure why it was slipping past ClamAV however. When I tried to
upload these 3 files postcard.exe, Full Clip.exe, and Greeting Card.exe the
submission engine said that they exist in the DB as the
Trojan.downloader-6xx..
Norton is seeing them as [EMAIL PROTECTED] and Trojan.Peacomm. As far as
running freshclam, had been doing that manually ever couple of hours for the
past two days to be sure that this little bugger wouldn't get through.
Franklyn
Coupla possibilities: Norton and Clam look in different places in the
file to ID it. This allows a situation where a broken attachment
(incomplete) may be identified by one product, but because pieces are
missing, not identified by the other. Unless you execute it you probably
can know if you got the whole thing or not.
Having virtual machines running on your system is a great way to test
these things without damaging your system. Or a stand-alone system
works, too. Regardless, any virus that slips past your system is worth
submitting to ClamAV, and allow them sort out it's pedigree.
Don't get too hung up on names - they are arbitrary and there is little
agreement as to what the vendors choose to call them. Whomever finds it
first gets to call it anything they wish. Whomever finds it second also
gets to call it whatever they wish. And so on. The sexier the name the
more attention the bestower receives so there's financial rewards to not
joining the pack.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
