Hi, We've got a user whose files are being detected as "Worm.Mydoom.M.log". These ones all happen to be PDF files saved from Word 2007.
There is an example at the following URL: http://www.le.ac.uk/its/mcn4/clamav/incorrect_mydoom_detect.pdf I submitted the file via the clamav web page a few days ago, but have heard nothing and the "virus" is still detected. Is there some easy way I can disable the Worm.Mydoom.M.log rule (without the auto-update scripts clobbering it at each update of course ;-) ), or, better, can the signature be tweaked in the main database? The files do not detect as malware in any other scanners (checked with a couple of on-line "multi-scanner" sites - only ClamAV hits. Cheers, Matthew -- Matthew Newton, Ph.D. <[EMAIL PROTECTED]> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <[EMAIL PROTECTED]> _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
