Galactic wrote: > Seems it is already in the DB as something else, > Trojan.Downloader-6xx. > Norton was stripping the file from my email so I couldn't > read the headers > on it. Not sure why it was slipping past ClamAV however. When > I tried to > upload these 3 files postcard.exe, Full Clip.exe, and > Greeting Card.exe the > submission engine said that they exist in the DB as the > Trojan.downloader-6xx.. > > Norton is seeing them as [EMAIL PROTECTED] and Trojan.Peacomm. As far as > running freshclam, had been doing that manually ever couple > of hours for the > past two days to be sure that this little bugger wouldn't get through. > > Franklyn
It's worth checking http://cme.mitre.org/ in cases like this, and http://isc.sans.org/ , which is pretty good at following outbreaks. This particular trojan is CME-711. If you have a virus sample you're not detecting locally, try submitting it to http://virusscan.jotti.org and http://www.virustotal.com . Those sites will tell you who is detecting it as what, and will forward samples to the vendors of the antivirus tools they use. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
