[Mimedefang] New .zip virus?
Tony Nugent
tony at linuxworks.com.au
Tue Jan 27 07:43:26 EST 2004
I've just had a hellava day cleaning up after this virus
(mydoom/novarg), uvscan was simply _not_ detecting it at all (the
.zip, .scr, .exe and other executable forms of it).
I've just downloaded DAT 4319 (after downloading v4318 earlier
today) and it is now finally correctly detecting this virus -- but
NOT in its .zip form unless at least --mime and --unzip are included
in the command line options.
(I'm now cleaning up several dozen mailbox files removing messages
with the .zip form of the virus, painful :) But thank goodness at
least that several hundred copies got blocked as "bad extensions").
On Tue Jan 27 2004 at 19:00, "Kevin Withnall" wrote:
> Ive looked into the mimedefang.pl file and found that it does not call
> uvscan (NAI) with the --unzip flag
>
> Should I modify the source or is there a better way (configure script
> arguments etc ) to do this.
>
> Im a perl newbie so please be kind :-)
>
> Regards
> Kevin
If you check mimedefang.pl then you'll find where you should add the
--unzip option (two places). Pity to have to do this, but otherwise
it won't get detected in its zip form by uvscan.
> > To: mimedefang at lists.roaringpenguin.com
> > Subject: Re: [Mimedefang] New .zip virus?
> >
> > Make sure you have the settings on to scan through zip files, and you
> > are running freshclam frequently.
> >
> > Elders Real Estate Ballina wrote:
> >
> > > I just had one in my Inbox as well...except mine was body.zip. It
> > > wasn't blocked or detected by clam av & mimedefang.
> > >
> > > What would cause the file to drop through the filter/scanner?
Cheers
Tony
More information about the MIMEDefang
mailing list