f-prot / aves detects this as a virus !! I think

Rishi Gangoly rishi at THEARGONCOMPANY.COM
Tue Jun 18 12:07:14 IST 2002


Just had another idea.

What's the sum of the infected file that yoy have?

Here is mine.


[root f-prot]# sum /tmp/decrypt-password.exe
07788    35


Regards

Rishi



----- Original Message -----
From: "Rishi Gangoly" <rishi at theargoncompany.com>
To: "MailScanner mailing list" <MAILSCANNER at JISCMAIL.AC.UK>;
<FCaen at CI.LAKEWOOD.WA.US>
Sent: Tuesday, June 18, 2002 4:28 PM
Subject: Re: Re: f-prot / aves detects this as a virus !! I think


> Francois
>
> Can you give me the sum values of the files in /usr/local/f-prot ?
>
> Here is what mine are
>
> [root f-prot]# sum /usr/local/f-prot/*
> 49258     1 /usr/local/f-prot/CHANGES
> 54451    21 /usr/local/f-prot/ENGLISH.TX0
> 46493     3 /usr/local/f-prot/INSTALL
> 38393     3 /usr/local/f-prot/LICENSE
> 13115   455 /usr/local/f-prot/MACRO.DEF
> 25947     1 /usr/local/f-prot/README
> 28940     1 /usr/local/f-prot/SIGN.ASC
> 16736  1038 /usr/local/f-prot/SIGN.DEF
> 47624     1 /usr/local/f-prot/SIGN2.ASC
> 24019   381 /usr/local/f-prot/SIGN2.DEF
> 30967    12 /usr/local/f-prot/check-updates.sh
> 43536     7 /usr/local/f-prot/checksum
> 52218   932 /usr/local/f-prot/f-prot
> 53109     5 /usr/local/f-prot/f-prot.8
> 41567     1 /usr/local/f-prot/f-prot.sh
> 23276     3 /usr/local/f-prot/f-protwrapper
>
>
>
>
> ----- Original Message -----
> From: "Francois Caen" <FCaen at CI.LAKEWOOD.WA.US>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Monday, June 17, 2002 9:13 PM
> Subject: Re: f-prot / aves detects this as a virus !! I think
>
>
> > -----Original Message-----
> > From: rishi at THEARGONCOMPANY.COM
> >
> > > I just checked... f-prot does not detect it as a virus so it's their
> problem.
> > > They need to check it out.... Mailscanner is fine .. I guess..
> > > [root /tmp]# f-prot /tmp/decrypt-password.exe
> > > Virus scanning report  -  17. June 2002   13:48
> > > F-PROT 3.12a
> > > SIGN.DEF created 14. June 2002
> > > SIGN2.DEF created 14. June 2002
> > > MACRO.DEF created 11. June 2002
> >
> > That's weird. I had the same problem until somewhere around the 12th or
> 13th. On that day, they finally added W32.Frethem to their definition, at
> least as suspicious:
> >
> >
> > # f-prot decrypt-password.exe
> > Virus scanning report  -  17. June 2002   8:39
> >
> > F-PROT 3.12a
> > SIGN.DEF created 14. June 2002
> > SIGN2.DEF created 14. June 2002
> > MACRO.DEF created 11. June 2002
> >
> > Search: decrypt-password.exe
> > Action: Report only
> > Files: Attempt to identify files
> > Switches: <none>
> >
> > /tmp/decrypt-password.exe  is a security risk or a "backdoor" program
> >
> > Results of virus scanning:
> >
> > Files: 1
> > MBRs: 0
> > Boot sectors: 0
> > Objects scanned: 1
> > Infected: 0
> > Suspicious: 1
> > Disinfected: 0
> > Deleted: 0
> > Renamed: 0
> >
> > Time: 0:00
> >
> > ------------------------------------------------
> > Francois Caen
> > Network Information Systems Engineer - Webmaster
> > City of Lakewood, WA
> > (253) 512-2269
> >
>



More information about the MailScanner mailing list