Clamav updates

[cbwass]

Does Clamav update it's db automatic?
I noticed that after running 'freshclam' it is still not stopping this new worm '[email protected]'.
Any clues?

 

[SuperBaby]

The virus signature file is updated once a day.

 

[cbwass]

Do you know where the file is that tells clam where to update. I see that my install updates from clamav.cpanel.net and I'd like it to change that.

 

[SuperBaby]

The signature file is updated from database.clamav.net. I do not know how to change that. By the way, you can see the update log at:

# pico /var/log/clam-update.log

 

[cbwass]

I checked the log it appears to make updates twice a day from clamav.cpanel.net. But it lets through the .zip attachments with the '[email protected]' virus, could it be the fact that the virus is password protected in an encrypted zip file giving the virus scanner problems?

 

[UniSol]

You can't Virus Scan encrypten files.

 

[smarcellini]

Originally posted by cbwass
could it be the fact that the virus is password protected in an encrypted zip file giving the virus scanner problems?

Yes, as Unisol stated, the fact that this worm is passworded blocks virus scanners from accessing the zipped contents thus allows the worm to slip through. The only way around this is to block *.zip files from being delivered.

 

[goodmove]

Originally posted by UniSol
You can't Virus Scan encrypten files.

Are you using the layer1 installation? If so your MS will not catch the passworded zip files. You will need to update both MS and clamav for that.