f-prot / aves detects this as a virus !! I think
Matt Doherty
Matthew_doherty at DATAWATCH.COM
Mon Jun 24 17:40:48 IST 2002
How can we achieve a simular output using sophos?
-----Original Message-----
From: Rishi Gangoly [mailto:rishi at THEARGONCOMPANY.COM]
Sent: Monday, June 24, 2002 1:27 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: f-prot / aves detects this as a virus !! I think
Also what's the output of f-prot -virno
Here is mine:
------------------------------
SIGN.DEF created 24. June 2002
SIGN2.DEF created 24. June 2002
MACRO.DEF created 11. June 2002
DOS/Windows: 25460 viruses and 14400 Trojans
Word/Excel: 7625 viruses and Trojans
Java: 2 viruses and 115 Trojans
BAT: 1006 viruses and Trojans
IRC INI: 360 viruses and Trojans
Script: 1743 viruses and Trojans
INF: 4 viruses and Trojans
Unix shell: 31 viruses and Trojans
Ami: 2 viruses and Trojans
WinBat: 4 viruses and Trojans
PIF: 18 viruses and Trojans
PalmOS: 4 viruses and Trojans
PHP: 2 viruses and Trojans
Unix: 96 viruses and Trojans
In addition, over 14400 viruses are identified using
generic identification, so the total number of viruses
and Trojans known to F-PROT is somewhere over 65200.
------------------------------
----- Original Message -----
From: "Rishi Gangoly" <rishi at theargoncompany.com>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Monday, June 24, 2002 9:22 PM
Subject: Re: f-prot / aves detects this as a virus !! I think
> Hi Fracois
>
> What happens when you do :
>
> f-prot -virlist | grep -i Frethem
>
>
> Regards
>
> Rishi
>
>
>
> ----- Original Message -----
> From: "Francois Caen" <FCaen at CI.LAKEWOOD.WA.US>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Tuesday, June 18, 2002 9:09 PM
> Subject: Re: f-prot / aves detects this as a virus !! I think
>
>
> > -----Original Message-----
> > From: rishi at THEARGONCOMPANY.COM
> >
> > > Just had another idea.
> > > What's the sum of the infected file that yoy have?
> > > Here is mine.
> > >
> > >
> > > [root f-prot]# sum /tmp/decrypt-password.exe
> > > 07788 35
> >
> > For all the ones I received, I get the same results:
> >
> > # sum decrypt-password.exe
> > 47131 35
> >
> > I typically use md5sum, dunno exactly how it differs from sum but it's
a
> standard for software downloads.
> >
> > # md5sum decrypt-password.exe
> > cc695e7e531c18843baa0731a38e969b decrypt-password.exe
> >
> > # sum /usr/local/f-prot/*
> > 49258 1 /usr/local/f-prot/CHANGES
> > 54451 21 /usr/local/f-prot/ENGLISH.TX0
> > 46493 3 /usr/local/f-prot/INSTALL
> > 38393 3 /usr/local/f-prot/LICENSE
> > 13115 455 /usr/local/f-prot/MACRO.DEF
> > 25947 1 /usr/local/f-prot/README
> > 28940 1 /usr/local/f-prot/SIGN.ASC
> > 16736 1038 /usr/local/f-prot/SIGN.DEF
> > 47624 1 /usr/local/f-prot/SIGN2.ASC
> > 24019 381 /usr/local/f-prot/SIGN2.DEF
> > 30967 12 /usr/local/f-prot/check-updates.sh
> > 43536 7 /usr/local/f-prot/checksum
> > 52218 932 /usr/local/f-prot/f-prot
> > 53109 5 /usr/local/f-prot/f-prot.8
> > 41567 1 /usr/local/f-prot/f-prot.sh
> > 23276 3 /usr/local/f-prot/f-protwrapper
> > 02783 922 /usr/local/f-prot/fp-def.zip
> > 03152 215 /usr/local/f-prot/macrdef2.zip
> >
> > # md5sum /usr/local/f-prot/*
> > 2d159aceaf924853502ec97dba2414d2 /usr/local/f-prot/CHANGES
> > ccbf77f4141f5d0775ace281bbc7452c /usr/local/f-prot/ENGLISH.TX0
> > edec255b29f87624b6b1c5a000d4cd91 /usr/local/f-prot/INSTALL
> > 382c9b94925d309068907581a7ee7e7a /usr/local/f-prot/LICENSE
> > bc26349c2892a303fed0928cc95551d3 /usr/local/f-prot/MACRO.DEF
> > d971c388ec249a1bf699657a823f4f3d /usr/local/f-prot/README
> > 13f975f08f9c0d0e78eda0fa39263d92 /usr/local/f-prot/SIGN.ASC
> > fa7a8b065075fb0f43ed6073698ae2ae /usr/local/f-prot/SIGN.DEF
> > 9abb515ed622720bfd27b17356da3c16 /usr/local/f-prot/SIGN2.ASC
> > cbf14c505c1b904477c943bbf983ee6a /usr/local/f-prot/SIGN2.DEF
> > f9edeccdb48ca2f51efcfcfedab8cea8 /usr/local/f-prot/check-updates.sh
> > dc1893dcb0da9f06a718013dab94b60a /usr/local/f-prot/checksum
> > 6dd38d416efb1b3a15e5a2abb78f038c /usr/local/f-prot/f-prot
> > ef23f6eb09963af8917263603f665d9a /usr/local/f-prot/f-prot.8
> > 74ac7a4872c003e2f4fbd1494bd76ed7 /usr/local/f-prot/f-prot.sh
> > f184c6d9ff007949a466d8d78fd2a5ee /usr/local/f-prot/f-protwrapper
> > 4dc8efd6d9daa451a1515d210664e2f4 /usr/local/f-prot/fp-def.zip
> > c5c867208efd9d3b398c64d0df50e4e1 /usr/local/f-prot/macrdef2.zip
> >
> > Hope this helps :-)
> > ------------------------------------------------
> > Francois Caen
> > Network Information Systems Engineer - Webmaster
> > City of Lakewood, WA
> > (253) 512-2269
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020624/ed86551f/attachment.html
More information about the MailScanner
mailing list