[Tfug] zipped versions of Mydoom getting though clamav
Sam Hart
hart at physics.arizona.edu
Tue Jul 27 14:53:21 MST 2004
I've actually heard of this the other way around (Mydoom getting detected,
Bagle getting through). They discussed it just the other day in the amavis
mailing list.
The solution was to check the setting for
$bypass_decode_parts
in amavisd.conf. Switch it to 1, if it isn't already. That solved the
original poster's problem.
This was the thread, I believe:
http://marc.theaimsgroup.com/?t=109083153400002&r=1&w=2
* On 04-07-27, elemint at theriver.com wrote:
> The new W32.Mydoom.M at mm zipped versions are getting through my
> clamav/amavisd-new/spamassassin box.
>
> It is stopping and dropping zipped versions of Bagle, but no luck with
> zipped versions of mydoom.M
>
> Any one else expereincing this?
>
>
> Jim
>
>
> _______________________________________________
> tfug mailing list
> tfug at tfug.org
> https://www.tfug.org/mailman/listinfo/tfug
>
--
Sam Hart
University/Work addr. <hart at physics.arizona.edu>
Personal addr. <sam at samhart.net>
end
More information about the tfug
mailing list