On Tue, 19 Apr 2005 08:44:45 +0200 (CEST)
Arnaud Huret <[EMAIL PROTECTED]> wrote:
> > > Back to the original problem. Is Simon's answer the cause (only
> > > broken PE headers are detected not broken somewhere else
> > > executables)?
> >
> > Hopefully Arnaud will be able to catch one soon so we
Arnaud Huret <[EMAIL PROTECTED]> wrote:
> Here you are.
>
> Many thanks,
> Arnaud
Thanks for the samples Arnaud, they are both viable and run on my test kit -
and they are both detected using ClamAV devel-20050413/840/Tue Apr 19 02:42:09
2005.
mail.document.Datex-packed.exe: Worm.Sober.N FOUND
W
Arnaud Huret <[EMAIL PROTECTED]> wrote:
> I catched two diffrent samples (NetSky.Y and Sober.gen) not catched
> by ClamAV but well by TrendMicro VirusWall. I submitted them through
> the site but I get a message saying 'already recognized'.
>
> What should I do to submit them to the team for fur
> > Back to the original problem. Is Simon's answer the cause (only
> > broken PE headers are detected not broken somewhere else executables)?
>
> Hopefully Arnaud will be able to catch one soon so we can clear up the
> mystery!.
>
I catched two diffrent samples (NetSky.Y and Sober.gen) not cat
René Berber <[EMAIL PROTECTED]> wrote:
> So the OP has a correct configuration but his setup seems to not
> detect broken executables...
>
> Back to the original problem. Is Simon's answer the cause (only
> broken PE headers are detected not broken somewhere else executables)?
It really depend
> So the OP has a correct configuration but his setup seems to not detect broken
> executables...
>
> Back to the original problem. Is Simon's answer the cause (only broken PE
> headers are detected not broken somewhere else executables)?
> --
> René Berber
As the config seems to be OK (or at l
Stephen Gran wrote:
[snip]
> This option is by default disabled, and is not part of the set
> DefaultScanOptions. If you see Default: enabled, it is a member of
> the set. Does that make it more clear?
So the OP has a correct configuration but his setup seems to not detect broken
executables...
On Mon, Apr 18, 2005 at 02:39:02PM -0500, René Berber said:
> Tomasz Kojm wrote:
> > On Mon, 18 Apr 2005 14:10:35 -0500
> > René Berber <[EMAIL PROTECTED]> wrote:
> >
> >
> >>does not enable detecting them. Why? because you have to uncomment
> >>DisableDefaultScanOptions to enable or disable the
On Tue, 19 Apr 2005 06:22:31 +1000
"Owen" <[EMAIL PROTECTED]> wrote:
> I used to get the same thing when I set up Clamav. I will point out
> that I run Clamav for Windows and call clamscan.exe, not clamdscan.
> I have a pretty low volume mail server so the overhead is ot a
> concern to me. The
On Mon, 18 Apr 2005 14:39:02 -0500
René Berber <[EMAIL PROTECTED]> wrote:
> Tomasz Kojm wrote:
> > On Mon, 18 Apr 2005 14:10:35 -0500
> > René Berber <[EMAIL PROTECTED]> wrote:
> >
> >
> >>does not enable detecting them. Why? because you have to uncomment
> >>DisableDefaultScanOptions to enable
René Berber wrote:
Tomasz Kojm wrote:
On Mon, 18 Apr 2005 14:10:35 -0500
René Berber <[EMAIL PROTECTED]> wrote:
does not enable detecting them. Why? because you have to uncomment
DisableDefaultScanOptions to enable or disable the other options; even
if you have DetectBrokenExecutables uncommented
>As we are experimenting ClamAV, we still maintain during evaluation period
>a second (and historic) defense >line with TrendMicro VirusWall which we
>plan to abandon shortly. I observed that VirusWall (the second >line
>defense) reported 8 hits on (SomeFool) Worm.Netsky.P .Y .and .W.
I used to
Tomasz Kojm wrote:
> On Mon, 18 Apr 2005 14:10:35 -0500
> René Berber <[EMAIL PROTECTED]> wrote:
>
>
>>does not enable detecting them. Why? because you have to uncomment
>>DisableDefaultScanOptions to enable or disable the other options; even
>>if you have DetectBrokenExecutables uncommented the
On Mon, 18 Apr 2005 14:10:35 -0500
René Berber <[EMAIL PROTECTED]> wrote:
> does not enable detecting them. Why? because you have to uncomment
> DisableDefaultScanOptions to enable or disable the other options; even
> if you have DetectBrokenExecutables uncommented the default value of
> disabled
Arnaud Huret wrote:
If detecting broken executables is the problem, then:
[snip]
> #DisableDefaultScanOptions
>
> ##
> ## Executable files
> ##
>
> ScanPE
> DetectBrokenExecutables
[snip]
does not enable detecting them. Why? because you have to uncomment
DisableDefaultScanOptions to enable or
15 matches
Mail list logo
