New virus?

Miguel Koren O'Brien de Lacy miguelk at KONSULTEX.COM.BR
Mon Nov 3 12:30:28 GMT 2003


Clam has this virus (with quite a few variations) in the database since 
Sunday and possibly earlier. I think that the fact that it went through 
my Clam installation could be because for some reason I did not have the 
Clam configuration in Mail Scanner set to go into zip files. On the 
other hand, my particular case may be a new variation of this virus 
which is not in Clam yet. It could also be some problem between Mail 
Scanner 4.24-5 and Clam.

Just confirmed, this seems a new variation because I have the wrapper 
set up correctly and clamscan on the command line does not find it. I 
sent the sample to the Clam team.

Miguel

Steve Freegard wrote:

>Remco,
>
>It's Mimail-F and I've caught a few of these this morning (all have come
>from a HK Cable TV subnet):
>
>Showing records 1 to 4 of 4
>Date/Time         ID             From     To      Subject
>Size   Score Status
>03/11/03 10:52:48 hA3Aq9LV014955 john at xxx xxx at xxx don't be late! ygxesmwl
>15.9Kb 12.05 Spam, Virus (W32/Mimail-F)
>03/11/03 10:50:45 hA3AoMLV014806 john at xxx xxx at xxx don't be late! morzwkwa
>15.9Kb 12.05 Spam, Virus (W32/Mimail-F)
>03/11/03 04:11:07 hA34B2bx031518 john at xxx xxx at xxx don't be late! polawaqa
>15.9Kb 12.05 Spam, Virus (W32/Mimail-F)
>03/11/03 04:10:05 hA349nbx031433 john at xxx xxx at xxx don't be late! xiianuqz
>15.9Kb 12.05 Spam, Virus (W32/Mimail-F)
>
>According to Sophos - I got the mimail-f IDE at 0214 this morning and have
>just got an IDE for mimail-h at 1023.
>
>Kind regards,
>Steve.
>
>--
>Steve Freegard
>Systems Manager
>Littlehampton Book Services Ltd.
>
>-----Original Message-----
>From: Remco Barendse [mailto:mailscanner at BARENDSE.TO]
>Sent: 03 November 2003 10:00
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: New virus?
>
>
>I think it's a variant of Mimail.e because they are all sent from john at .....
>
>I now just totally blocked .zip files :)
>
>On Mon, 3 Nov 2003, Spicer, Kevin wrote:
>
>  
>
>>Remco Barendse wrote:
>>    
>>
>>>We just received several messages that all contain a zip file. The
>>>df message is pasted below.
>>>      
>>>
>>I think its probably MiMail-C  My Sophos is picking it up but clam is
>>not.
>>
>>
>>
>>BMRB International
>>http://www.bmrb.co.uk
>>+44 (0)20 8566 5000
>>_________________________________________________________________
>>This message (and any attachment) is intended only for the recipient
>>and may contain confidential and/or privileged material.  If you have
>>received this in error, please contact the sender and delete this
>>message immediately.  Disclosure, copying or other action taken in
>>respect of this email or in reliance on it is prohibited.  BMRB
>>International Limited accepts no liability in relation to any personal
>>emails, or content of any email which does not directly relate to our
>>business.
>>
>>    
>>
>
>--
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the sender and delete the message from your mailbox.
>
>This footnote also confirms that this email message has been swept by
>MailScanner (www.mailscanner.info) for the presence of computer viruses.
>
>  
>



-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.




More information about the MailScanner mailing list