kdeugau at vianet
May 13, 2011, 8:17 AM
Post #1 of 1
I tried twice yesterday, but the submission was refused as "not detected
Can't submit FP on Exploit.HTML.MHTRedir.4n
by Clamav" both times, likely since I haven't managed to extract a
suitable fragment of the document that's triggering the FP.
I have not received an OK from the customer to release the complete
attachment that triggered on our outbound mail system.
Clam version is 0.97 from Debian Squeeze; freshclam is running as a
daemon and signature database is up to date.
Testing the attachment on another system (CentOS, ClamAV packages from
RPMForge; freshclam run right before checking) showed a hit on the same
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net