clamav-users August 2008 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] Havp + Clamav + Email.Trojan-8

Re: [Clamav-users] Havp + Clamav + Email.Trojan-8

From: Roman V. Isaev <rm-throwaway4_at_nospam>
Date: Mon Aug 11 2008 - 08:45:51 GMT
To: clamav-users@lists.clamav.net


> > > Your virus database was updated at 9 august 2008, and a lot of sites are
> > > recognised as virus threat. For example: ixbt.com, thg.ru, overclockers.ru.
> > > Virus is:
> > > Submission-ID: 4157162
> > > Sender: Ricardo
> > > Added: Email.Trojan-8
> > > I think that this is mistake.
> >
> > Yes!!! rambler.ru and utro.ru are blocked too. That's a huge problem, we use
> > havp+clamav and my phone is ringing all the time, angry users complain about
> > blocked sites, most of russian internet is blocked. How to remove this "virus"
> > before everything is fixed?
> Have you checked HAVP configuration?

        Yes I did. I had to stop freshclam, unpack daily.cld with sigtool, remove daily.cld and remove this string:

Email.Trojan-8:3:*:696d67207372633d22687474703a2f2f61642e616472697665722e72752f6367692d62696e

After that everything works ok.

        I've downloaded one of the pages from blocked sites and will try to submit it as false positive. To many sites are affected to be a virus and I did not see anything criminal in that page (I'm not that good with javascript tho). -- Roman V. Isaev http://www.soprano-recorder.ru Moscow, Russia _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml