|
|
clamscan cannot detect some Mimail.xx viruses: msg#00010security.virus.clamav.virusdb
Hi, Proof of escape viruses. #1 - My clamav version. [root@ns /]# clamscan -V clamscan / ClamAV version 0.60 [root@ns /]# rpm -q clamav clamav-0.60-5ct Clamscan the infected files in my server. The infected files are paul, photos.zip and readnow.zip. The results..... [root@ns dns]# clamscan /home/virtual/site67/fst/home/dns/.bash_profile: OK /home/virtual/site67/fst/home/dns/.bash_logout: OK /home/virtual/site67/fst/home/dns/.emacs: OK /home/virtual/site67/fst/home/dns/.bashrc: OK /home/virtual/site67/fst/home/dns/paul: OK /home/virtual/site67/fst/home/dns/photos.zip: File size limit exceeded. /home/virtual/site67/fst/home/dns/photos.zip: Worm.Mimail.C FOUND /home/virtual/site67/fst/home/dns/readnow.zip: OK ----------- SCAN SUMMARY ----------- Known viruses: 9922 Scanned directories: 1 Scanned files: 8 Infected files: 1 Data scanned: 0.11 Mb I/O buffer size: 131072 bytes Time: 0.159 sec (0 m 0 s) Only photos.zip found infected but Mailscanner still pass email through without tagging infected. #2 - I test scan all infected files using http://www.gietl.com/test-clamav/, the results.... "photos.zip", the result..... File is valid, and was successfully uploaded. clamav scans the file ... Clamav-Output:/tmp/phpaiJgYQ: Worm.Mimail.C FOUND And found something: Worm.Mimail.C "readnow.zip", the result..... File is valid, and was successfully uploaded. clamav scans the file ... Clamav-Output:/tmp/phptqjVAY: Worm.Mimail.G FOUND And found something: Worm.Mimail.G "paul", the result..... File is valid, and was successfully uploaded. clamav scans the file ... Clamav-Output:/tmp/php6wmM9n: Worm.Mimail.C FOUND And found something: Worm.Mimail.C #3 - I did one last confirmation that is to check the viruses.db/db2 in my server for the virus "Mimail.xx", the result..... [root@ns clamav]# cat viruses.db | grep Mimail* Trojan.Dropper.Mimail.B (Clam)=6d737461736b732e657865223e3c2f6f626a6563743e27290a7d0a73657454696d656f757428226d616c776172652829222c313530290a3c2f7363726970743e [root@ns clamav]# cat viruses.db2 | grep Mimail* Worm.Mimail.C (Clam)=7bfb6d73670045466f72205d65385967207764f76f635e0a4b656d6c2e746d700878656d6b1ff97a697052656769b17753025bfbe6b676966562047373006b0e7f6cb4dbb16fb42e646c6c680064b96b701d5ec2dc0b7374732e9a0f7ed65a77dbdd633474201262908b74dbb66ded4e6f0d186e2b635e640e43fdffdb610a210b474554202f20485454502f312e300afb87bdbb104661d26420746f313a2027257327186d7b6b9b4e6d0b0a0a546f063c077b9fecdb3e0ab0706c792d0e5375626a2f23d7e0d6da2e0407640015d174eef0054d282920650f1b7f4c87edde2f296b7570 Trojan.Dropper.Mimail.C (Clam)=746d70203d2053706c6974286d616c776172652c20222c22290d0a70617468203d2022633a5c6d776172652e657865220d0a5365742066736f203d204372656174654f626a6563742822536372697074696e672e46696c6553797374656d4f626a65637422290d0a536574207368656c6c Worm.Mimail.F (Clam)=7073e84c7800767807a938dc0a6e3303e02a6900926b86aefb1367236a1362c66001dc5be142d4002ea5012a2e2a0fb68d2fdc5b3231be352e383681363c32fdb275df0d0033353407300335515549540de042c2ad23022e0d83060b77ff9681474441544124524350d354f6c2bbc34f3a940e4d41494c12524f4d10ee0edf1f48454c4f20fd6c9d10 Worm.Mimail.E (Clam)=5b32317ddb36bee1352e3836a4363c320d00333534b7f6cbd607300335515549540d23022e0d5b820b09830681470e2fdcfd4441544124524350d3544f3a947fd80bef0e4d41494c12524f4d1048454c4f2078bb3b7cfd6c9d103e003c9f6f686eb775c9b6692d00a5259258037ebb99f800582d50e8027479673120284869e3c212966229ed906e275e89ec85766265524e65212000870bc277a5 Worm.Mimail.G (Clam)=5b3231be352e383689b275dfb6363c320d003335340730033542c2adfd515549540d23022e0d8377ff96e00681474441544124524350c2bbc30bd3544f3a940e4d41494c120edf1ff6524f4d1048454c4f20fd6c9db22ddeee103e003c9f6f686e5f2d0026fe6d5da52592 Worm.Mimail.H (Clam)=be6d1b5fbe352e383682363c320d003335345bfb65eb07300335515549540d23022e2dc185840d8306818717eefe474441544124524350d3544f3a943fec85770e4d41494c12524f4d1048454c4fbcdd1dbe20fd6c9d103e003c9f6f686edbba645b5e2d00a525925803bfdd4cfc00582d50dd0274796731202848697161094b Worm.Mimail.gen (Clam)=C460070000000000000000000000000016610700CC60070000000000000000000000000021610700D46007000000000000000000000000002B610700DC60070000000000000000000000000038610700E460070000000000000000000000000043610700EC6007000000000000000000000000004E610700F460 Is there any idea why all the files are infected (confirmed by your online test scanner) only photos.zip is found infected and the rest escape clamscan? Rdgs jason ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Update: 00010, Tomasz Papszun |
|---|---|
| Next by Date: | Re: clamscan cannot detect some Mimail.xx viruses: 00010, Stefano Luporini |
| Previous by Thread: | Updatei: 00010, Diego d'Ambra |
| Next by Thread: | Re: clamscan cannot detect some Mimail.xx viruses: 00010, Stefano Luporini |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |