Two scanners, two different virus names, which one is chosen?
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Fri May 25 15:09:35 CEST 2012
>From my log:
============
May 25 14:56:47 mail2 amavis[25873]: (25873-14) virus_scan: (W32.Trojan.Inject-8), detected by 2 scanners: ClamAV-clamd, AVG Anti-Virus
I then scanned the file with both clam & avg on the box:
# clamscan Lieferschein.exe
Lieferschein.exe: W32.Trojan.Inject-8 FOUND
# avgscan Lieferschein.exe
...
Lieferschein.exe Trojan horse Delf.AEJO
So the two scanners are recognizing the same virus under different
names. That's to be expected.
But: If I were to create an exception (maybe due to a false positive in clamav
-- which has happened quite a bit recently! -- I'd be hard pressed to
find out WHICH virus(name) was recognized by WHICH scanner!
Wouldn't something like:
virus_scan: [W32.Trojan.Inject-8, Trojan horse Delf.AEJO], detected by 2 scanners: [ClamAV-clamd, AVG Anti-Virus]
be better (the 1st name in the list first list corresponds to the
first scanner in the second list)?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebrandt at charite.de Campus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
More information about the amavis-users
mailing list