f-prot / aves detects this as a virus !! I think

Matt Doherty Matthew_doherty at DATAWATCH.COM
Mon Jun 24 20:39:08 IST 2002


Thank You
  -----Original Message-----
  From: Daryl S. Ehrenheim [mailto:ehren at PICKERING.COM]
  Sent: Monday, June 24, 2002 4:09 PM
  To: MAILSCANNER at JISCMAIL.AC.UK
  Subject: Re: f-prot / aves detects this as a virus !! I think




  Matt Doherty wrote:

    How can we achieve a simular output using sophos?
  Is this the kind on info you are looking for?

  Try doing:

  sweep -vv

  Here is the output on my linux box.

  SWEEP virus detection utility
  Copyright (c) 1989,2002 Sophos Plc, www.sophos.com

  System time 12:08:13, System date 24 June 2002

  Product version           : 3.58
  Engine version            : 2.10
  User interface version    : 2.03.098
  Platform                  : Linux/Intel
  Released                  : 03 June 2002
  Total viruses (with IDEs) : 74067

  Default executable extensions:

  386, 3GR, ADD, ASP, CHM, COM, CPL, DLL, DMD, DOC, DOT,
  DRV, EXE, FLT, FON, FOT, I13, IFS, MOD, MPD, MSO, OCX,
  OV?, PDR, SCR, SYS, VXD, XL?, VB?, INI, MPP, MPT, HLP,
  HT?, SRC, SHS, SHB, PRC, PPS, PPT, POT, PIF, HTML, WBK,
  LNK, BAT, SH, PL, EML, NWS, RTF, DBX, PDF, SWF, JS,
  JSE

  Files without extensions will also be scanned by default.

  Archive types supported:

  Archive name         Command line qualifier   Extension(s)
  Arj                  -arj                     ARJ
  Cmz                  -cmz                     Z, TAZ
  Gzip                 -gzip                    GZ, TGZ
  Rar                  -rar                     RAR
  Tar                  -tar                     TAR
  Zip                  -zip                     ZIP
  Lha                  -lha                     LHA, LZH
  MSCompress           -mscmp                   ??_
  SfxArchives          -sfx                     EXE
  MacBinary            -mbin                    BIN
  BinHex               -bhex                    HQX
  Uue                  -uue                     UUE


      -----Original Message-----
      From: Rishi Gangoly [mailto:rishi at THEARGONCOMPANY.COM]
      Sent: Monday, June 24, 2002 1:27 PM
      To: MAILSCANNER at JISCMAIL.AC.UK
      Subject: Re: f-prot / aves detects this as a virus !! I think


      Also what's the output of f-prot -virno

      Here is mine:
      ------------------------------
      SIGN.DEF created 24. June 2002
      SIGN2.DEF created 24. June 2002
      MACRO.DEF created 11. June 2002
      DOS/Windows: 25460 viruses and 14400 Trojans
      Word/Excel: 7625 viruses and Trojans
      Java: 2 viruses and 115 Trojans
      BAT: 1006 viruses and Trojans
      IRC INI: 360 viruses and Trojans
      Script: 1743 viruses and Trojans
      INF: 4 viruses and Trojans
      Unix shell: 31 viruses and Trojans
      Ami: 2 viruses and Trojans
      WinBat: 4 viruses and Trojans
      PIF: 18 viruses and Trojans
      PalmOS: 4 viruses and Trojans
      PHP: 2 viruses and Trojans
      Unix: 96 viruses and Trojans
      In addition, over 14400 viruses are identified using
      generic identification, so the total number of viruses
      and Trojans known to F-PROT is somewhere over 65200.
      ------------------------------


      ----- Original Message -----
      From: "Rishi Gangoly" <rishi at theargoncompany.com>
      To: <MAILSCANNER at JISCMAIL.AC.UK>
      Sent: Monday, June 24, 2002 9:22 PM
      Subject: Re: f-prot / aves detects this as a virus !! I think


      > Hi Fracois
      >
      > What happens when you do :
      >
      > f-prot -virlist | grep -i Frethem
      >
      >
      > Regards
      >
      > Rishi
      >
      >
      >
      > ----- Original Message -----
      > From: "Francois Caen" <FCaen at CI.LAKEWOOD.WA.US>
      > To: <MAILSCANNER at JISCMAIL.AC.UK>
      > Sent: Tuesday, June 18, 2002 9:09 PM
      > Subject: Re: f-prot / aves detects this as a virus !! I think
      >
      >
      > > -----Original Message-----
      > > From: rishi at THEARGONCOMPANY.COM
      > >
      > > > Just had another idea.
      > > > What's the sum of the infected file that yoy have?
      > > > Here is mine.
      > > >
      > > >
      > > > [root f-prot]# sum /tmp/decrypt-password.exe
      > > > 07788 35
      > >
      > > For all the ones I received, I get the same results:
      > >
      > > # sum decrypt-password.exe
      > > 47131 35
      > >
      > > I typically use md5sum, dunno exactly how it differs from sum but
it's a
      > standard for software downloads.
      > >
      > > # md5sum decrypt-password.exe
      > > cc695e7e531c18843baa0731a38e969b decrypt-password.exe
      > >
      > > # sum /usr/local/f-prot/*
      > > 49258 1 /usr/local/f-prot/CHANGES
      > > 54451 21 /usr/local/f-prot/ENGLISH.TX0
      > > 46493 3 /usr/local/f-prot/INSTALL
      > > 38393 3 /usr/local/f-prot/LICENSE
      > > 13115 455 /usr/local/f-prot/MACRO.DEF
      > > 25947 1 /usr/local/f-prot/README
      > > 28940 1 /usr/local/f-prot/SIGN.ASC
      > > 16736 1038 /usr/local/f-prot/SIGN.DEF
      > > 47624 1 /usr/local/f-prot/SIGN2.ASC
      > > 24019 381 /usr/local/f-prot/SIGN2.DEF
      > > 30967 12 /usr/local/f-prot/check-updates.sh
      > > 43536 7 /usr/local/f-prot/checksum
      > > 52218 932 /usr/local/f-prot/f-prot
      > > 53109 5 /usr/local/f-prot/f-prot.8
      > > 41567 1 /usr/local/f-prot/f-prot.sh
      > > 23276 3 /usr/local/f-prot/f-protwrapper
      > > 02783 922 /usr/local/f-prot/fp-def.zip
      > > 03152 215 /usr/local/f-prot/macrdef2.zip
      > >
      > > # md5sum /usr/local/f-prot/*
      > > 2d159aceaf924853502ec97dba2414d2 /usr/local/f-prot/CHANGES
      > > ccbf77f4141f5d0775ace281bbc7452c /usr/local/f-prot/ENGLISH.TX0
      > > edec255b29f87624b6b1c5a000d4cd91 /usr/local/f-prot/INSTALL
      > > 382c9b94925d309068907581a7ee7e7a /usr/local/f-prot/LICENSE
      > > bc26349c2892a303fed0928cc95551d3 /usr/local/f-prot/MACRO.DEF
      > > d971c388ec249a1bf699657a823f4f3d /usr/local/f-prot/README
      > > 13f975f08f9c0d0e78eda0fa39263d92 /usr/local/f-prot/SIGN.ASC
      > > fa7a8b065075fb0f43ed6073698ae2ae /usr/local/f-prot/SIGN.DEF
      > > 9abb515ed622720bfd27b17356da3c16 /usr/local/f-prot/SIGN2.ASC
      > > cbf14c505c1b904477c943bbf983ee6a /usr/local/f-prot/SIGN2.DEF
      > > f9edeccdb48ca2f51efcfcfedab8cea8
/usr/local/f-prot/check-updates.sh
      > > dc1893dcb0da9f06a718013dab94b60a /usr/local/f-prot/checksum
      > > 6dd38d416efb1b3a15e5a2abb78f038c /usr/local/f-prot/f-prot
      > > ef23f6eb09963af8917263603f665d9a /usr/local/f-prot/f-prot.8
      > > 74ac7a4872c003e2f4fbd1494bd76ed7 /usr/local/f-prot/f-prot.sh
      > > f184c6d9ff007949a466d8d78fd2a5ee /usr/local/f-prot/f-protwrapper
      > > 4dc8efd6d9daa451a1515d210664e2f4 /usr/local/f-prot/fp-def.zip
      > > c5c867208efd9d3b398c64d0df50e4e1 /usr/local/f-prot/macrdef2.zip
      > >
      > > Hope this helps :-)
      > > ------------------------------------------------
      > > Francois Caen
      > > Network Information Systems Engineer - Webmaster
      > > City of Lakewood, WA
      > > (253) 512-2269



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020624/2bce935f/attachment.html


More information about the MailScanner mailing list