HI,
the ClamAV does'n recognize virus Exploit-IEPageSpoof on following sites:
http://adserver.adreactor.com/servlet/view/window/javascript/zone?zid=23&pid=36&random=41414985&millis=1162382393328
or
http://adserver.adreactor.com/servlet/view/banner/javascript/zone?zid=9&pid=36&random=88260877&millis=1162382394740
This is message from /etc/messages:
Nov 1 12:59:53 otms100 SquidClamAV: Url:
http://adserver.adreactor.com/servlet/view/window/javascript/zone?zid=23&pid=36&random=41414985&millis=1162382393328
Status OKAY
Nov 1 12:59:55 otms100 SquidClamAV: Url:
http://adserver.adreactor.com/servlet/view/banner/javascript/zone?zid=9&pid=36&random=88260877&millis=1162382394740
Status OKAY
My SquidClamAV_Redirector.conf:
[SquidClamAV]
virusurl = http://virus.jackal-net.at/infected.php
Timeout = 30
cleancache = 300
ForceProtocol = http
MaxRedirection = 99
MaxRequestsize = 10Mb
log_priority = LOG_INFO
log_facility = LOG_LOCAL6
acceptredirects = 300 301 302 303
MIMETypes = all image/bmp image/gif image/jpeg image/png image/tiff
text/html text/plain text/css
ThirdPartyRedirectors = /usr/sbin/squidGuard
[Debug]
Infected = true
Clean = true
Error = true
Ignored = true
[Extensions]
pattern = all .jpg .exe .zip .rar .ar .com .bzip .gz
[Proxy]
http = http://localhost:3128
https = https://localhost:3128
McAfee on Win succefully blocked this Trojan.
Can anybody help me?
Marek
Received on Wed Nov 01 2006 - 05:40:14 MST
This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:02 MST