26.10.2009 19:45, Török Edwin kirjoitti: > On 2009-10-23 19:46, Jari Fredriksson wrote: >> 23.10.2009 17:25, Jari Fredriksson kirjoitti: >> >>> This may or may not be an amavisd-new question, but I start here. >>> >>> >> >> Now things changed a bit. That was detected, but with a MIME error. >> > > Did you change anything, or did it change with a signature update?
No. But *that* happened only once, so it might have been some kind of malfunction in amavis or in the email itself. > >> Scanner detecting a virus: ClamAV-clamd >> >> Content type: Virus >> Internal reference code for the message is 16851-07/Zh1IxQou4Qc0 >> >> First upstream SMTP client IP address: [10.123.29.115] >> According to a 'Received:' trace, the message originated at: >> [93.83.198.166], >> 93.83.198.166 >> >> Return-Path: <deliv...@dhl-usa.com> >> From: "Manager Collin Escobar" <deliv...@dhl-usa.com> >> Message-ID: <000d01ca53fe$a0163910$6400a...@chowderedh> >> Subject: DHL Express Services. Please get your parcel NR.25483 >> The message has been quarantined as: Z/virus-Zh1IxQou4Qc0 >> >> Notification to sender will not be mailed. >> >> The message WAS NOT relayed to: >> <s...@wellington.fredriksson.dy.fi>: >> 250 2.7.0 Ok, discarded, id=16851-07 - INFECTED: >> >> Virus scanner output: >> p004: Suspect.Bredozip-zippwd-2 FOUND >> p002: Suspect.Bredozip-zippwd-2 FOUND >> > > Looks like ClamAV is working properly, right? > Indeed. But again the latest of that breed: A virus was found: W32/Bredolab!Generic Banned name: .exe,.exe-ms,DHL_package_label_295aa.exe Scanners detecting a virus: F-PROT Antivirus for UNIX, BitDefender Content type: Virus Internal reference code for the message is 11679-19/A5+k6kl3BppJ First upstream SMTP client IP address: [10.123.29.115] According to a 'Received:' trace, the message originated at: [207.253.37.144], 207.253.37.144 Return-Path: <servi...@dhl-usa.com> From: "Manager Tami Mcgee" <servi...@dhl-usa.com> Message-ID: <000d01ca55d0$f97d56e0$6400a...@cadaverousw> Subject: DHL Delivery Services. You should get the parcel NR.92234 The message has been quarantined as: A/virus-A5+k6kl3BppJ Notification to sender will not be mailed. The message WAS NOT relayed to: <s...@wellington.fredriksson.dy.fi>: 250 2.7.0 Ok, discarded, id=11679-19 - INFECTED: W32/Bredolab!Generic Virus scanner output: [Found virus] <W32/Bredolab!Generic> p004 [Found worm] <EML/Bredolab.gen (exact)> p001 Detected by F-Prot and BitDefender, but not ClamAV. But then manually scanning the attachement, clamscan detects it. This is strange. It happens only with these DHL postings.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
