donald.dawson at bakerbotts
Apr 13, 2012, 12:00 PM
Post #1 of 2
(234 views)
Permalink
|
|
FW: Virus/worm detection missed
|
|
Hi,
I am new to the mail list. We have used Clamav for many years via MailScanner.
Today we have received 172 emails from various addresses and relays with subject line examples:
Subject: Your order N13340 for helicopter for the weekend
Subject: Your order N14776 for rotorcraft for the weekend
Subject: Your order N16400 for chopper for the weekend
The emails contain one of the two following virus/worms:
Virus name: "Trojan:JS/BlacoleRef.AS"
Worm name: "JS/Agent.PX.gen"
We have 5 MX servers - Linux running clamav version .97.4 (although clamd -V says 97.3).
The virus and worm were not caught by Clamav. Should I just submit the problem email bodies to clamav to review?
-----------------------------------------------------
Review /tmp/ClamAV.update.log
Fri Apr 13 12:17:29 2012 -> Current working dir is /var/clamav
Fri Apr 13 12:17:29 2012 -> Max retries == 5
Fri Apr 13 12:17:29 2012 -> ClamAV update process started at Fri Apr 13 12:17:29 2012
Fri Apr 13 12:17:29 2012 -> Using IPv6 aware code
Fri Apr 13 12:17:29 2012 -> Querying current.cvd.clamav.net
Fri Apr 13 12:17:29 2012 -> TTL: 900
Fri Apr 13 12:17:29 2012 -> Software version from DNS: 0.97.4
Fri Apr 13 12:17:29 2012 -> main.cvd version from DNS: 54
Fri Apr 13 12:17:29 2012 -> main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Fri Apr 13 12:17:29 2012 -> daily.cvd version from DNS: 14790
Fri Apr 13 12:17:29 2012 -> daily.cld is up to date (version: 14790, sigs: 149343, f-level: 63, builder: ccordes)
Fri Apr 13 12:17:29 2012 -> bytecode.cvd version from DNS: 168
Fri Apr 13 12:17:29 2012 -> bytecode.cld is up to date (version: 168, sigs: 38, f-level: 63, builder: edwin)
Fri Apr 13 12:17:30 2012 -> SubmitDetectionStats: Not enough recent data for submission
clamd -V
ClamAV 0.97.3/14790/Fri Apr 13 10:07:30 2012
Donald Dawson
Security Administrator
Baker Botts L.L.P.
One Shell Plaza
910 Louisiana
Houston, TX 77002
W: 713-229-2183
Confidentiality Notice: The information contained in this email and any attachments is intended only for the recipient[s] listed above and may be privileged and confidential. Any dissemination, copying, or use of or reliance upon such information by or to anyone other than the recipient[s] listed above is prohibited. If you have received this message in error, please notify the sender immediately at the email address above and destroy any and all copies of this message.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
|
