[clamav-users] False negative.

G.W. Haywood clamav at jubileegroup.co.uk
Tue Aug 23 17:09:54 EDT 2016

Hi Steve,

On Mon, 22 Aug 2016, Steve Basford wrote:

> 3rd Party sigs: phish.ndb, foxhole_filename.cdb, foxhole_generic.cdb,
> foxhole_js.cdb can usually block these script type nasties.

We've been using phish.ndb for some years.  The version used to scan
the message was last updated on 18th August and didn't catch it.

Until now we haven't used the foxhole databases, so yesterday I
configured the three you mentioned and scanned the attachment:

mail5:~$ >>> clamdscan /tmp/Delivery_Notification_0000219550.zip 
/tmp/Delivery_Notification_0000219550.zip: Sanesecurity.Foxhole.Zip_fs351.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.012 sec (0 m 0 s)

Thanks once again for all your efforts Steve. :)



More information about the clamav-users mailing list