Two scanners, two different virus names, which one is chosen?

Ralf Hildebrandt Ralf.Hildebrandt at
Fri May 25 15:09:35 CEST 2012

>From my log:

May 25 14:56:47 mail2 amavis[25873]: (25873-14) virus_scan: (W32.Trojan.Inject-8), detected by 2 scanners: ClamAV-clamd, AVG Anti-Virus

I then scanned the file with both clam & avg on the box:

# clamscan Lieferschein.exe 
Lieferschein.exe: W32.Trojan.Inject-8 FOUND

# avgscan Lieferschein.exe
Lieferschein.exe  Trojan horse Delf.AEJO

So the two scanners are recognizing the same virus under different
names. That's to be expected.

But: If I were to create an exception (maybe due to a false positive in clamav
-- which has happened quite a bit recently! -- I'd be hard pressed to
find out WHICH virus(name) was recognized by WHICH scanner!

Wouldn't something like:

virus_scan: [W32.Trojan.Inject-8, Trojan horse Delf.AEJO], detected by 2 scanners: [ClamAV-clamd, AVG Anti-Virus]

be better (the 1st name in the list first list corresponds to the
first scanner in the second list)?

Ralf Hildebrandt                   Charite Universitätsmedizin Berlin
ralf.hildebrandt at        Campus Benjamin Franklin              Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155

More information about the amavis-users mailing list