[EMAIL PROTECTED] wrote:
Does anyone have a signature that will catch
the current version of this virus?
Did you check your logs? Here, Sobig is detected:
binky:~# grep -i sobig /var/clamav/*log
/var/clamav/clamav.log:Fri Aug 22 10:47:54 2003 -> stream: Worm.Sobig.F FOUND
Olaf
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> After I changed your sample into mbox format (by inserting 1 line
> beginning with "From [EMAIL PROTECTED]"), '
Adding a "From" line isn't enough. You also need to change the file so that
all subsequent lines starting with "From" have a ">" prepend
On Tue, 26 Aug 2003 at 8:24:41 -0700, [EMAIL PROTECTED] wrote:
> Quoting Tomasz Papszun <[EMAIL PROTECTED]>:
> >
> > About the sample you sent to me: this is a message in Maildir format,
> > not Mailbox. As it has been already written a couple of times here
> > lately, clamscan does not (yet) rec
Quoting Tomasz Papszun <[EMAIL PROTECTED]>:
> On Mon, 25 Aug 2003 at 20:12:46 -0700, [EMAIL PROTECTED] wrote:
> > Jay,
> >
> > This one doesn't seem to match either. I am literally getting
> > hundreds of these every day. Thanks for the details.
> >
> > Mike
>
> Mr Smith, could you please sto
On Mon, 25 Aug 2003 at 20:12:46 -0700, [EMAIL PROTECTED] wrote:
> Jay,
>
> This one doesn't seem to match either. I am literally getting
> hundreds of these every day. Thanks for the details.
>
> Mike
Mr Smith, could you please stop doing "top-posting"? Answering should be
done _under_ the pre
There're so many different copies of damaged Sobig.F that a new
signature will only detect a portion of them.
Some mail-scanners strip the offending portion of the e-mail and send
the rest through. In Sobig.F' case the only thing left is an almost
empty e-mail with a subject and some text in the b
On Tuesday 26 August 2003 4:12 am, [EMAIL PROTECTED] wrote:
> Jay,
>
> This one doesn't seem to match either. I am literally getting
> hundreds of these every day. Thanks for the details.
Well, please send at least one of us a copy of one of these files which is
not being recognised, and we ca
Jay,
This one doesn't seem to match either. I am literally getting
hundreds of these every day. Thanks for the details.
Mike
Quoting Jay Swackhamer <[EMAIL PROTECTED]>:
> On Monday, August 25, 2003 8:57 PM, Butch Evans wrote:
> > I am not sure if this is the same one, but my uvscan has detecte
On Tuesday 26 August 2003 1:57 am, Butch Evans wrote:
> On Tue, 26 Aug 2003, Antony Stone wrote:
> >Which other antivirus engine/s tell you the file contains Sobig.F?
>
> I am not sure if this is the same one, but my uvscan has detected
> what it calls "Sobig.f.dam" and this is missed by clamav.
On Monday, August 25, 2003 8:57 PM, Butch Evans wrote:
> I am not sure if this is the same one, but my uvscan has detected
> what it calls "Sobig.f.dam" and this is missed by clamav. I will
> try to get a sample of the file, but do not have one at this time.
I submitted a new Sobig-f signature a
On Tue, 26 Aug 2003, Antony Stone wrote:
>Which other antivirus engine/s tell you the file contains Sobig.F?
I am not sure if this is the same one, but my uvscan has detected
what it calls "Sobig.f.dam" and this is missed by clamav. I will
try to get a sample of the file, but do not have one at
On Tuesday 26 August 2003 12:14 am, [EMAIL PROTECTED] wrote:
> Hello John
> Thanks for the quick response.
>
> Yes I have run the fresh clam multiple times
> to ensure that I have the current release of the
> database.
>
> I have manually checked the file as well by hexdumping
> it and then lookin
Hello John
Thanks for the quick response.
Yes I have run the fresh clam multiple times
to ensure that I have the current release of the
database.
I have manually checked the file as well by hexdumping
it and then looking for the signature string.
The signature is not found in the file.
Mike
Qu
On Monday 25 August 2003 11:27 pm, [EMAIL PROTECTED] wrote:
> Does anyone have a signature that will catch
> the current version of this virus?
Please send me a copy of the "current version" so I can check it and create a
signature if needed.
Thanks,
Antony.
--
90% of network problems are r
The signatures updated last week seem to detect this virus fine for me.
Have you done a "freshclam"?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Monday, August 25, 2003 3:27 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] [EMAIL PROTECTED] Undetected by cu
Does anyone have a signature that will catch
the current version of this virus?
Mike
-
This mail sent through IMP: http://horde.org/imp/
---
This SF.net email is sponsored by: VM Ware
With VMw
16 matches
Mail list logo
