> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of John Rudd > Sent: Thursday, July 19, 2007 11:19 AM > To: ClamAV users ML > Subject: Re: [Clamav-users] Greeting Card virus > > Jeff Thurston wrote: > >> Jeff Thurston wrote: > >>> I thought ClamAV was able to catch these "Greeting Cards from family > >>> member", our domain keeps getting these emails in large quantities > even > >>> after upgrading to ClamAV 0.90.3 recently. > >>> > >>> Do I need to upgrade again to .91?? I'm hesitant to do this so soon as > >> it > >>> was a bit of a hassle going from 0.88.4 to 0.90.3, not to mention at > the > >>> time I did the upgrade the website front page said that ClamAV was one > >> of 4 > >>> scanners able to detect the virus. > >>> > >>> Did I misunderstand that statement thinking it meant both the > downloaded > >>> payload as well as the email its self? What can I do with ClamAV to > stop > >> the > >>> emails in the first place? > >>> > >>> Thanks. > >> > >> Get the highly regarded sane signatures: > >> > >> http://sanesecurity.co.uk/clamav/ > >> > >> Look under Usage for download scripts. > >> > >> MrC > >> _______________________________________________ > >> Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > >> http://lurker.clamav.net/list/clamav-users.html > > > > Thanks, done this, tested it, still getting greeting cards, enabled URL > > scanning, still getting them, checked my main database version, it's > > reporting > > > > ClamAV 0.90.3/3700/Thu Jul 19 06:13:47 2007 > > > > main.cvd is up to date (version: 43, sigs: 104500, f-level: 14, builder: > > sven) > > daily.inc is up to date (version: 3700, sigs: 34427, f-level: 16, > builder: > > ccordes) main.cvd is up to date (version: 43, sigs: 104500, f-level: 14, > > builder: sven) > > daily.inc is up to date (version: 3700, sigs: 34427, f-level: 16, > builder: > > ccordes) > > That report doesn't include the sane security files. > > Where did you put phish.ndb and scam.ndb? > > You didn't leave them gzipped, did you? > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html
No, they are not gzipped, I used the #2 download script and they are stored in /usr/local/share/clamav/sanesecurity.inc/ >From my clamav.log: Thu Jul 19 10:31:14 2007 -> Database correctly reloaded (156058 signatures) Thu Jul 19 10:32:03 2007 -> /var/lib/amavis/tmp/amavis-20070719T102627-11606/parts/p002: Html.Phishing.Sanesecurity.TestSig FOUND Thu Jul 19 10:42:19 2007 -> Reading databases from /usr/local/share/clamav Thu Jul 19 10:42:26 2007 -> Database correctly reloaded (158975 signatures) Thu Jul 19 10:46:43 2007 -> /var/lib/amavis/tmp/amavis-20070719T104137-14452/parts/p003: MSRBL-Images/1-0-wsv6 FOUND So the signatures are loaded and presumably working. That report was simply from clamd --version and freshclam log output. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
