That is perfectly as it should work :)
there is infact 2 "viruses", one a dangerous exploit and the other a virus
in the mails you scanning. it should pick both up, cause the mail is infected
with both IFrame exploit is also used with alot of the NEW NEW viruses,
so this protects you if a ne
On Fri, 14 Feb 2003, Nigel Kukard wrote:
> most klez infections use the IFrame exploit, so infact the IFrame Exploit
> will match before the klez one. what we do is break up the email into all
> the mime peices, decode them and scan the individual portions, most of the
> time clamscan picks up both
most klez infections use the IFrame exploit, so infact the IFrame Exploit
will match before the klez one. what we do is break up the email into all
the mime peices, decode them and scan the individual portions, most of the
time clamscan picks up both iframe & klez, iframe being the first mime part
clamd usually catches between 100-160 klez infections per day on e-mail to
our domain.
The day the Exploit.IFrame and Exploit.IFrame.HTML rules were added, only
64 were caught (our rules update at 11am, and 11pm EST).
Today, only 26 klez were caught.
I highly doubt all those klez infections magic
