f-prot / aves detects this as a virus !! I think

Rishi Gangoly rishi at THEARGONCOMPANY.COM
Tue Jun 18 11:58:29 IST 2002 

Francois

Can you give me the sum values of the files in /usr/local/f-prot ?

Here is what mine are

[root f-prot]# sum /usr/local/f-prot/*
49258     1 /usr/local/f-prot/CHANGES
54451    21 /usr/local/f-prot/ENGLISH.TX0
46493     3 /usr/local/f-prot/INSTALL
38393     3 /usr/local/f-prot/LICENSE
13115   455 /usr/local/f-prot/MACRO.DEF
25947     1 /usr/local/f-prot/README
28940     1 /usr/local/f-prot/SIGN.ASC
16736  1038 /usr/local/f-prot/SIGN.DEF
47624     1 /usr/local/f-prot/SIGN2.ASC
24019   381 /usr/local/f-prot/SIGN2.DEF
30967    12 /usr/local/f-prot/check-updates.sh
43536     7 /usr/local/f-prot/checksum
52218   932 /usr/local/f-prot/f-prot
53109     5 /usr/local/f-prot/f-prot.8
41567     1 /usr/local/f-prot/f-prot.sh
23276     3 /usr/local/f-prot/f-protwrapper




----- Original Message -----
From: "Francois Caen" <FCaen at CI.LAKEWOOD.WA.US>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Monday, June 17, 2002 9:13 PM
Subject: Re: f-prot / aves detects this as a virus !! I think


> -----Original Message-----
> From: rishi at THEARGONCOMPANY.COM
>
> > I just checked... f-prot does not detect it as a virus so it's their
problem.
> > They need to check it out.... Mailscanner is fine .. I guess..
> > [root /tmp]# f-prot /tmp/decrypt-password.exe
> > Virus scanning report  -  17. June 2002   13:48
> > F-PROT 3.12a
> > SIGN.DEF created 14. June 2002
> > SIGN2.DEF created 14. June 2002
> > MACRO.DEF created 11. June 2002
>
> That's weird. I had the same problem until somewhere around the 12th or
13th. On that day, they finally added W32.Frethem to their definition, at
least as suspicious:
>
>
> # f-prot decrypt-password.exe
> Virus scanning report  -  17. June 2002   8:39
>
> F-PROT 3.12a
> SIGN.DEF created 14. June 2002
> SIGN2.DEF created 14. June 2002
> MACRO.DEF created 11. June 2002
>
> Search: decrypt-password.exe
> Action: Report only
> Files: Attempt to identify files
> Switches: <none>
>
> /tmp/decrypt-password.exe  is a security risk or a "backdoor" program
>
> Results of virus scanning:
>
> Files: 1
> MBRs: 0
> Boot sectors: 0
> Objects scanned: 1
> Infected: 0
> Suspicious: 1
> Disinfected: 0
> Deleted: 0
> Renamed: 0
>
> Time: 0:00
>
> ------------------------------------------------
> Francois Caen
> Network Information Systems Engineer - Webmaster
> City of Lakewood, WA
> (253) 512-2269
>

More information about the MailScanner mailing list