HTTP Anti-Virus Proxy

I am using Clamav with HAVP. I know this may sound bad. But one of our users downloaded and infected their workstation with this trojan virus. They were browsing a hentia site (I know, our url filter did not have this listed as a porn site...it is in the blacklist now) I have my HAVP logs, and nothing was found. However the workstation antivirus found it running in memory and quarantined it. I submitted the sample to virustotal.com and it said Clamav detected it as a virus (Exploit.Java.ByteVerify). So some how this bypassed HAVP? I have HAVP 0.78. I am using default config settings except for:
KEEPBACKDATA = 1000000
TRICKLING = 10
MAXSCANSIZE = 20000000

13/03/2006 16:54:05 127.0.0.1 http://game4all.biz/adv/030/count.jar 200 GET OK
13/03/2006 16:54:06 127.0.0.1 http://game4all.biz/adv/030/com/ms/secu ... ader.class 404 GET OK

These urls pass the virus to the user. Any help would be much appreciated.

Best regards,

Dayne

I'm sorry but ClamAV does not detect this.. this if from virustotal:

ClamAV devel-20060126 03.14.2006 no virus found

Also tested myself with newest clamav and clamav-devel.

This is sad, since I (and many others I suppose..) have sent count.jar sample to clamav long time ago..

Quick fix would be to make it yourself: sigtool --md5 count.jar > /usr/local/share/clamav/local.hdb

But no worries, it is not really a serious "virus". ClamAV does recognize all the bad ones.

Cheers,
Henrik

i just tested this with the avg scanner (which is free for home use)
and it had been detected!

also the mailscanner version of f-prot is able to detect it (but isn't free)

markus