Thomas von Hassel wrote:
>>
>> You need the 4139 DAT. I had to download their daily untested yesterday
>> in order to "catch" the virus. 4139 was released last night, which
>> appears to be catching it.
>>
>> Fortunately, SpamAssassin's baysean filter caught on soon enough, and at
>> least flagged a good portion as spam which should help deter any users
>> which got the attachment before I was able to update my DAT's myself.
>>
>
> hmm, wierd, i've got 4139 and a couple of *.zip files i fed through
> uvscan came back negative ...
Make sure you scan with the --secure flag to have it force opening of
archives.
Within sanitizer, I hand-off to a wrapper script which calls:
/usr/local/bin/uvscan --clean --noexpire --secure - $1
My sanitizer line looks like:
file_list_X_scanner = 0:19:12,13:/usr/local/bin/uvscan.sh %FILENAME
Exit codes: 0 is clean, 19 is the "found but cleaned", 12 Tried to
clean, but still infected, and 13 is one or more hostile objects found,
not cleaned.
man uvscan for more info.
HTH,
-Rick
-- Rick Johnson, RHCE #807302311706007 - 111744@xyz.molar.is Linux/Network Administrator - Medata, Inc. PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc