[Mimedefang] sobig virus slipping by mcafee.
Lucas Albers
admin at cs.montana.edu
Tue Sep 2 20:05:01 EDT 2003
I was just trying to determine if their is a case of invalid mime types
that virus's could use to slip by virus scanners...
Why was this slipping by, must be invalid mime...
Just goes to show you should use multiple virus scanners.
If I change the command line scan of uvscan to use '--mime' it will
detect the virus correctly.
Joy Joy!
I will check again tommorrow and see if any sobig's slipped by the scanner
again and got tagged by fprot.
(clamscan is the last scanner in the chain...)
Uvscan will now detect this variant??? of the sobig.f virus.
Should the default scan for mcafee include the '--mime' switch?
> If anything truly does make it past clamav, send it to
> virus at clamav.elektrapro.com and we'll add a signature to clamav's virus
> db for it.
>
> Jason
More information about the MIMEDefang
mailing list