Sample Submitted.
thanks
David
>
> Please submit a sample at http://www.clamav.org/sendvirus/
>
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
David Shrimpton wrote:
> Hi,
>
> Some viruses eg WScr.Unsafe.D for which a hexdump signature exists and
> which used to be detected by 0.91.2 are no
> longer detected by 0.93 .
Hi,
Please submit a sample at http://www.clamav.org/sendvirus/
> Thanks,
>
> This quote from the bugzilla posts is qui
A signature that detects WScr.Unsafe.D under 0.93 is below
HTML.WScr.Unsafe.D:3:*:22293b7362663d666c2e737562666f6c646572733b666f72287661726d79653d6e6577656e756d657261746f7228736266293b216d79652e6174656e6428293b6d79652e6d6f76656e6578742829296964643d6d79652e6974656d28293b6964733d6e65
create by:
0
Thanks,
This quote from the bugzilla posts is quite amusing:
"As for the official clamav signatures, please stand assured that when the new
code will be in the stable release, all the broken signatures will be properly
fixed."
--
David Shrimpton
On Fri, 2 May 2008, Steve Basford wrote:
>
>
> The implication of the above is that clamav 0.93 would now
> no longer detect many once prevalent viruses for which it
> only has hexdump signatures.
The whitespace change will cause slightly lower detection rates on some
Third Party sigs too (depending on the sig type)... unless the old sigs
a
Hi,
Some viruses eg WScr.Unsafe.D for which a hexdump signature exists and
which used to be detected by 0.91.2 are no
longer detected by 0.93 .
WScr.Unsafe.D arrives in email embedded in
a "HTML comment tag" enclosed by HTML script tags.
eg