[Mimedefang] netsky.c passing MD-2.40 with clamav+uvscan
Alan Lehman
alehman at gbutler.com
Tue Mar 16 21:17:52 EST 2004
Lucas Albers wrote:
> Alan Lehman said:
>
>>I'm seeing a fair number of netsky.c infected zip files pass my system
>>(MD-2.40) with clamav and uvscan configured. Most are caught by MD, but
>> the misses are being caught at a downstream eggchange box running
>>Mcafee groupshield. The default filter section "look inside zip files"
>>is enabled. I tried blocking specific zip file names. That helped, but
>>new ones kept showing up, so I gave up and started blocking all zip
>>files today. That stopped the occurances at the exchange box. Any ideas?
>>
>>It seems curious that groupshield catches stuff that gets past uvscan.
>>
>>Also, since I started blocking zip files, I'm still seeing
>>W32/Netsky.c at MM!zip viruses being reported by MD. Does it scan for
>>viruses in files that are rejected based on filename extension?
>
>
> What version of mcafee/clam are you using?
vlnx 4.24.0
clam-0.67-1
> are you using clamscan or clamd or clamdscan?
clamd
> what are the scan switches you are using for them?
I'm running pretty much default settings for everything. No command line switches.
More information about the MIMEDefang
mailing list