efa-project.org

Hi, everyone

We have EFA helping to catch many viruses not caught by clamav, but some such as this Win32:Malware-gen is not caught.

Any suggestions how to catch it?

Details: https://www.virustotal.com/pt/file/dfe0 ... /analysis/

I attached the VIRUS to this post.

Thanks.

(attachment removed by moderator)

Hehe...don't think we want a virus floating around in the forums

I'll suspend my scans and download. I'll have to remove the above link from the post or the post itself.

Ok, it appears this is an exe inside a zip.

Testing further...

Yeah, clam sure isn't hitting this one. Hence the ever evolving landscape of viruses...

Solutions:

1) You can submit it to clam and see if they make a signature for it

http://cgi.clamav.net/sendvirus.cgi

2) Consider adding a second virus scanner to EFA. EFA (mailscanner) supports many commercial scanners as well. If you have access to them you may be able to enhance your scanning this way.

Check out /etc/MailScanner/virus.scanners.conf for a list

Oh yeah, you can also enable MailScanner to scan for exe's inside of zips too and just block them unconditionally.

Thanks, guys, for super fast reply!

I already submitted to ClamAV, but no response.

Cant EFA detect this also as it does with many viruses?

I know theres also a setting in ClamAV to make it detect viruses/malware in a harsher way, but I believe my sysadmin prefers to not enable such setting due to other issues and false positives. Will check with sysadmin about scanning exe inside zip, etc. I believe he has plans to let us do that.

If anyone is using some good open source alternative that catches this virus I sent, pls inform me, or even any commercial solutions that have competitive pricing, etc.

Thanks!

Update: after a bit of insistance and contacting them via facebook, ClamAV did publish update to catch this virus.

But others are popping up and its a bit of work trying to report to them and follow up.

Any recommendations of really good antivirus and a competitive costs that catches these malwares?

Thanks!

Actually, ClamAV doesnt detect this virus, as many other viruses.