I just don't get it. I've been beating my head all week, thinking I got our Red Hat 5 server protected when the same dag-gum virus gets through the clamav-milter. I'm not sure where else to check so I'm hoping someone one this list can direct me to the right place. I've done some tests with the test virus found here: http://eicar.org/86-0-Intended-use.html - and clamav-milter does block it, but I don't understand why it is not blocking this older virus. Here is what we have:
Freshclam is run each morning to update definitions. Here's the freshclam.log: ClamAV update process started at Wed Aug 15 04:02:04 2012 main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) daily.cld is up to date (version: 15249, sigs: 255727, f-level: 63, builder: guitar) bytecode.cld is up to date (version: 188, sigs: 38, f-level: 63, builder: neo) Virus: File name: "Intuit_Order-N13440.htm" Malware name: "JS/Iframe.V" /etc/clamav-milter.conf: MilterSocket unix:/var/clamav/clmilter.socket MilterSocketGroup clamav MilterSocketMode 660 FixStaleSocket yes User clamav AllowSupplementaryGroups yes TemporaryDirectory /var/tmp ClamdSocket unix:/var/run/clamav/clamd.sock OnClean Accept OnInfected Reject OnFail Defer AddHeader Add LogFile /var/log/clamav/clamav-milter.log LogFileMaxSize 0 LogTime yes LogSyslog yes LogVerbose yes LogInfected Basic Jamen McGranahan _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
