[Mimedefang] uvscan catching MyDoom that clamav missing
Jon R. Kibler
Jon.Kibler at aset.com
Sat Jan 31 14:10:43 EST 2004
Greetings:
We are having a problem where clamav is missing MyDoom viruses that uvscan catches. It seems that clamav is missing about 1/3 to 1/2 of the MyDooms we are seeing. (The only MyDooms we are getting are bounces to bogus email addresses.)
I don't think this is a MD problem, but I was wondering if anyone else was having similar problems?
I captured one of these messages (action_quaratine_entire_message) to double check the problem and I have included the results below.
Anyone have any ideas what is going on here?
Oh, yeah... environment: sendmail 8.12.10, MD 2.36, Sol 9 SPARC
TIA for your help!
jk
--
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC USA
(843) 849-8214
# uvscan ENTIRE_MESSAGE
/var/spool/MIMEDefang/quarantine/qdir-2004-01-30-18.24.10-001/ENTIRE_MESSAGE
Found the W32/Mydoom.eml!exe virus !!!
# clamscan ENTIRE_MESSAGE
ENTIRE_MESSAGE: OK
----------- SCAN SUMMARY -----------
Known viruses: 20606
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.03 MB
I/O buffer size: 131072 bytes
Time: 2.552 sec (0 m 2 s)
# clamscan --mbox ENTIRE_MESSAGE
ENTIRE_MESSAGE: OK
----------- SCAN SUMMARY -----------
Known viruses: 20606
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.05 MB
I/O buffer size: 131072 bytes
Time: 2.687 sec (0 m 2 s)
==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
More information about the MIMEDefang
mailing list