>> -----Original Message----- >> From: clamav-users-boun...@lists.clamav.net >> [mailto:clamav-users- boun...@lists.clamav.net] On >> Behalf Of Jari Fredriksson >> Sent: Wednesday, September 23, 2009 9:14 AM >> To: ClamAV Users >> Subject: [Clamav-users] DHL invoices >> >> >> I get lots of 'invoices' from DHL containing a zipped >> trojan. F-Prot recognizes them as Win32/Bredolab!Generic >> but ClamAV does not. >> >> I tried to post one to ClamAV site, but it was said to >> be recognized already. >> > > Have you tried using a site like virustotal to see if > _their_ version of ClamAV detects it? I've run into > problems before where the glue between e-mail and clam > caused detection to fail. I've also seen an instance > where clamav-milter failed detection but clamscan did > not. I now have both clamav-milter and my glue run > separate scans and haven't seen the problem since. >
I have not tried virustotal. I have the zip file and the extracted exe as well on disk, and clamscan does NOT detect it. I have F-Prot and BitDefender in my amavisd-new as well, and I have no problems detecting these. The point in this post is that ClamAV website claims ClamAV detects them, but it does not. It should be added to the signatures. I think this is a new variant of some older trojan, which ClamAV detects. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
