 |
 | ClamWin cannot W32.Autoit.Obfus |  |
|
ocavid
|
|
Hi there,
We have a very bad situation. ClamAV for linux can detect this W32.Autoit.Obfus, but no the latest ClamWin Our Transcript ClamAV update process started at Mon Feb 04 09:14:03 2008 main.inc is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven) daily.inc is up to date (version: 5677, sigs: 33981, f-level: 21, builder: ccordes) -------------------------------------- Completed -------------------------------------- File scanned in windows Scan Started Mon Feb 04 09:29:48 2008 ------------------------------------------------------------------------------- ----------- SCAN SUMMARY ----------- Known viruses: 203657 Engine version: 0.91.2 Scanned directories: 0 Scanned files: 1 Skipped non-executable files: 0 Infected files: 0 Data scanned: 0.78 MB Time: 28.422 sec (0 m 28 s) -------------------------------------- Completed -------------------------------------- Using Linux [john@local ~]# clamscan SCVHOST.exe SCVHOST.exe: W32.Autoit.Obfus FOUND ----------- SCAN SUMMARY ----------- Known viruses: 373333 Engine version: 0.92 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.29 MB Time: 7.188 sec (0 m 7 s) the virus file is named SCVHOST.exe Please help! Thanks, Ocavid |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
It doesn't look like you are using the same signature database for ClamWin as you are for ClamAV on Linux. According to your scan reports, the total signatues in ClamWin are 203,657, but they are 373,333 in Linux. The virus in question might not be in your Clamwin signature database but is in your ClamAV's. According to ClamAV's website, their database has 203,664 viruse/malwares in it, so your ClamWin 203,657 figure looks correct. I wonder how you got 373,333 signatures in your ClamAV--are you using some additional signatures that aren't "official" signatures from Clam that ClamWin doesn't have?
In addition, you are using ClamWin version .91.2. The latest version is now .92, but that shouldn't affect the database or virus recognition, however. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
ocavid
|
|
I scanned that file from one of our SME servers (e-smith from www.contribs.org). i wonder where did they get their signatures.
(I thought they where from the same repos) |
|||||||||||
|
|||||||||||||
|
| |
|
ocavid
|
|
At last clamwin found it!
Scan Started Mon Feb 04 20:32:35 2008 ------------------------------------------------------------------------------- C:\Documents and Settings\All Users\Documents\VIRUS\SCVHOST.exe: Removed C:\Documents and Settings\All Users\Documents\VIRUS\SCVHOST.exe: W32.Autoit.Obfus FOUND ----------- SCAN SUMMARY ----------- Known viruses: 200985 Engine version: 0.92 Scanned directories: 0 Scanned files: 1 Skipped non-executable files: 0 Infected files: 1 Data scanned: 0.29 MB Time: 6.953 sec (0 m 6 s) -------------------------------------- Completed -------------------------------------- |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Good! I see you have upgraded to version .92. If you look at the total signatures, however, they are just a little over 200,000, which is less than last time. Are you scanning from the same machine? Keep all of them updated!
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
ocavid
|
|
Yes, it is on the same machine.
havea great day! |
|||||||||||
|
|||||||||||||
|
 | ClamWin cannot W32.Autoit.Obfus | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.