Hi,
I'm getting a run of what appear to be false positives
on W97M.Static in word docs, since this signature was updated on 18/10/2008.
We get no hits with sophos or any other virus scanner we try
on the .doc file.
The current signature extracted from daily.ndb from daily.cld is:
W97M.Static:2:*:4f7074696f6e73{-12}566972757350726f74656374696f6e{-29}536176654e6f726d616c50726f6d7074
The 3 hex runs decode as follows:
echo 4f7074696f6e73 | perl -ne 'chomp ;print pack("H*",$_),"\n"'
Options
echo 566972757350726f74656374696f6e | perl -ne 'chomp ;print pack("H*",$_),"\n"'
VirusProtection
echo 536176654e6f726d616c50726f6d7074 | perl -ne 'chomp ;print
pack("H*",$_),"\n"'
SaveNormalPrompt
Surely this signature is incorrect .
Is there a way of disabling it ?
--
David Shrimpton Systems Programmer
Software Infrastructure, Information Technology Services
University of Qld 4072 [EMAIL PROTECTED]
Brisbane Australia Phone 61 7 3346 6850
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
