At 03:34 AM 3/3/04, Tomasz Papszun wrote:
On Wed, 03 Mar 2004 at 2:47:50 -0500, jef moskot wrote:
> On Tue, 2 Mar 2004, jef moskot wrote:
> > For some reason, my system is allowing Worm.Bagle.F-zippwd files
> > through...
>
> For what it's worth, this seems to be an issue with amavis. By default,
On Wed, 03 Mar 2004 at 7:50:34 -0500, jef moskot wrote:
> On Wed, 3 Mar 2004, Tomasz Papszun wrote:
> > Our signatures Worm.Bagle.F-zippwd* are based on the "real" contents of
> > mail messages (stream of characters as they are), while amavisd-new (and
> > probably amavis) "divide" messages to par
On Wed, 3 Mar 2004, Tomasz Papszun wrote:
> Our signatures Worm.Bagle.F-zippwd* are based on the "real" contents of
> mail messages (stream of characters as they are), while amavisd-new (and
> probably amavis) "divide" messages to parts and decode them separately,
> hence ClamAV doesn't get the ori
On Wed, 03 Mar 2004 at 2:47:50 -0500, jef moskot wrote:
> On Tue, 2 Mar 2004, jef moskot wrote:
> > For some reason, my system is allowing Worm.Bagle.F-zippwd files
> > through...
>
> For what it's worth, this seems to be an issue with amavis. By default,
> it doesn't scan the body of the messag
On Tue, 2 Mar 2004, jef moskot wrote:
> For some reason, my system is allowing Worm.Bagle.F-zippwd files
> through...
For what it's worth, this seems to be an issue with amavis. By default,
it doesn't scan the body of the message. If/when I get I fix, I'll post
it here so all other dinosaurs can
For some reason, my system is allowing Worm.Bagle.F-zippwd files through,
but can detect them once they've arrived. I haven't had a single capture
of one of these passworded files.
Example:
> clamscan -V
clamscan / ClamAV version 0.67-1
> clamscan passworded.sample
passworded.sample: Worm.Bagle
