I know F-Secure is experiencing problems with the new family of malware.
They've had at least two "mis-fires" on legitimate system files and
things like the googletoolbarinstall.exe file. I bet ClamAV is also
aware of the potential for misfires on legitimate files which is making
them slow on the update.
With the recent "wide open" crack for Vista I figure the AV people have
their hands full trying to block those exploits. (The new exploit happens
to exploit the security measures in Vista. Oops!)
So as you notice the files generate rules to block them. I often put a
score over 100 on such things with the plan to someday direct such to a
severe pig-pen or perhaps /dev/null.
{^_^}
----- Original Message -----
From: "Bob Pierce" <[EMAIL PROTECTED]>
Sent: Wednesday, 2008, August 20 14:53
We've been seeing lots of messages with contents similar to this:
"Unfortunately we were not able to deliver postal package you
sent on July the 25 in time because the recipient's address is not
correct.
Please print out the invoice copy attached and collect the package at
our office."
Of course the zip attachment contains a virus, and ClamAV does not seem
to be catching that either.
Has anyone else been getting lots of these? If so, what are you doing to
block them?
Bob
