ng at qogo
Mar 23, 2004, 10:11 AM
Post #7 of 7
In article <1080032793.26687.4.camel [at] synta>, trog [at] uncon says...
Re: Re: Worm.SomeFool.D not detected in a message
[In reply to]
> On Tue, 2004-03-23 at 01:45, Burt wrote:
> > In article <1078325332.713.22.camel [at] synta>, trog [at] uncon says...
> > > On Wed, 2004-03-03 at 14:37, fx wrote:
> > > >
> > > > have you tried to scan this file :
> > > > http://fxbois.free.fr/virus/virus.html ?
> > >
> > > Yes...
> > > $ clamdscan virus.html
> > > /tmp/virus.html: Worm.SomeFool.D FOUND
> > >
> > > $ clamscan --mbox virus.html
> > > virus.html: Worm.SomeFool.D FOUND
> > >
> > > you probably need to upgrade your version of clamav to the latest CVS
> > > snapshot.
> > I pulled down the above URL to a local file and ran it, as is, through
> > both clamscan and clamdscan. Regardless of whether I specified --mbox or
> > turned ScanMail on in the clamav.conf file, the worm was not detected. I
> > tried this on 0.68, 0.70-rc and on the 20040322 snapshot.
> You did, of course, remove the HTML code that the web server added to
> the file before scanning it.
Yes, sir, I did.