From: James B. <jl...@bo...> - 2007-01-21 00:06:33
|
I have just had two of these emails get through ASSP 1.2.7.1 (54) and it's ClamAV. Perhaps ClamAV has not had its virus defs updated to include this virus? Also, it has allowed this .exe file pass through, even though I am using External Attachment Blocking level 1, so no .exe files should be allowed. James. On 21/01/2007, at 10:55 AM, Doug Traylor wrote: >> I am not talking "ASSP integrated ClamAV", i am talking about using >> full ClamAV from ASSP with the help from File::Scan::ClamAV, which >> was introduced with some problems in 1.2.6 and is now rewritten >> nicely >> in 1.2.7. >> >> No virus or worm came through my 3 ASSP installations the last days. > > That is great news! I was of course referring to the recent > integration > with clamd, not the old ASSP builtin ClamAV scanner, but I admit I > have not > tried the latest upgrades you have added 1.2.7 to improve ASSP/Clamd's > performance. > > If you read your clamd.log file, do you see any entries for > Trojan.Downloader-647 or Trojan.Downloader-648? Those are from the > recent > "Storm Worm" which should be called the "Recent News Worm" since it > has a > subject line from recent news items, or false news items. > > If you configure Clamd to ban encrypted zip files and then send a > password > protected zip file in a Uuencoded plain text email to yourself, does > ASSP/Clamd catch it and reject it as a virus as it should? > > So far today (17 hours) ASSP 1.2.7(36) has blocked 400 emails with bad > attachments, and missed 300 Uuencoded files which were then found > to be > viral by my SMTP AV scanner. Granted I am not using Clamd with > ASSP due to > the prior performance degredation, but... it would be nice for ASSP to > reject all those Uuencoded emails containing EXE viruses too > without the > overhead of having to scan them. > > Does ASSP send an email to Clamd if it does not think there is an > attachment? > > Thanks, > > Doug Traylor |