Svar: Re: bagle-i worm
Drew Marshall
drew at THEMARSHALLS.CO.UK
Tue Mar 2 21:33:35 GMT 2004
Jan Elmqvist Nielsen wrote:
>Hi
>
>I have seen 1.
>Kaspersky:
>/var/spool/MailScanner/incoming/23295/i22K6AC28320/AttachedDocument.zip/ycfgeutj.scr
>infected: I-Worm.Bagle.h
>
>in the mail is writing this:
>You have won!!!
>password -- 01251
>
>I am also running f-prot, it dosn't catch it.
>
>
F-Port haven't officially recognised it (Or not according to their
website) so there isn't a definition yet. I've just installed Clam also,
any one know how to check if that's got it covered yet?
>I don't know how kaspersky detect it in the password protected zip fil.
>But it does :-)
>Last kaspersky update from 19.01
>
>/Jan Elmqvist Nielsen
>
>
>
>>>>marco at MUW.EDU 02-03-04 18:12 >>>
>>>>
>>>>
>I can confirm that Bagle-I worm did make it through our MS gateways. I
>am
>running both Sophos and Command AV (up-to-date) and both let it slip
>through.
>We are running MS 4.26.8-1 and will upgrade to the latest one soon, if
>it
>helps. Meanwhile, I have blocked zip files temporarily.
>
>
>Quoting Derek Winkler <dwinkler at ALGORITHMICS.COM>:
>
>
>
>>For Bagle-H Sophos included this note:
>>
>>"W32/Bagle-H sends itself as a password protected ZIP file that is not
>>detected by this identity. However, when unzipped by the user the worm
>>
>>
>will
>
>
>>be detected by Sophos Anti-Virus at the user's desktop."
>>
>>May be true of Bagle-I since it also uses password protected ZIP files
>>
>>
>as
>
>
>>well, although they didn't specifically say.
>>
>>
>>
--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040302/ee3b696a/attachment.html
More information about the MailScanner
mailing list