On Sun, Mar 25, 2018 at 08:51 PM, Nicholas Chua wrote: > <snip> >>> [root@fantastic Test]# clamscan ../Virus/Purchase\ Order123.iso >>> ../Virus/Purchase Order123.iso: Purchase Order123.com.UNOFFICIAL FOUND >> >> You are using some unofficial signatures, and this one has already >> detected that file as infected, so no additional signatures will be checked. >> If you disabled that unofficial database, it should show up again >> with the original detection signature. > > I was the one submitted the virus. Before the official signature is being > generated, I used sigtool to create a temporary one. Also, if an official > signature is in the database, the file should be detected officially and not > my unofficial signature.
I don't believe that to be true. As I recall, I've seen multiple instances of a file being found first by an unofficial signature. > It was detected official some days ago and suddenly it got only detected by > my unofficial sig. How come? I've just updated my official database and the Win.Trojan.Agent-6480597-0 signature is still active. Did you use sigtool to find it in your database yet? Have you tried disabling your unofficial signature to see if the official one detects it yet? If not, then I don't see how you can say the sig is actually missing for you. -Al-
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
