[Mimedefang] netsky.c passing MD-2.40 with clamav+uvscan
Lucas Albers
admin at cs.montana.edu
Tue Mar 16 13:58:55 EST 2004
Alan Lehman said:
> I'm seeing a fair number of netsky.c infected zip files pass my system
> (MD-2.40) with clamav and uvscan configured. Most are caught by MD, but
> the misses are being caught at a downstream eggchange box running
> Mcafee groupshield. The default filter section "look inside zip files"
> is enabled. I tried blocking specific zip file names. That helped, but
> new ones kept showing up, so I gave up and started blocking all zip
> files today. That stopped the occurances at the exchange box. Any ideas?
>
> It seems curious that groupshield catches stuff that gets past uvscan.
>
> Also, since I started blocking zip files, I'm still seeing
> W32/Netsky.c at MM!zip viruses being reported by MD. Does it scan for
> viruses in files that are rejected based on filename extension?
What version of mcafee/clam are you using?
are you using clamscan or clamd or clamdscan?
what are the scan switches you are using for them?
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
More information about the MIMEDefang
mailing list