Problem identifying DumaRu Virus

Muenz, Michael linux at LEUTE.SERVER.DE
Thu Mar 25 15:22:25 GMT 2004


Hi

> I'm seeing a strange Problem when identifying the Worm Worm.Dumaru.Y.
> If I send the infamous "myphoto.zip" as an attachment I get this warning
> [amongst other scanner alarms] from clamav:

My problem is, that Clamav AND F-Prot doesn't detect Dumaru.Y and Z !

#################################################################
From: "Elene" <FUCKENSUICIDE at HOTMAIL.COM>
To: <XXX>
Subject: Important information for you. Read it immediately !
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="xxxx"
Message-Id: <20040325144225.5295C581CE at XXX>
Date: Thu, 25 Mar 2004 15:42:25 +0100 (CET)
X-Virus-Status: Found to be clean
X-Spam-Status: Yes, hits=14.1 tag1=3.0 tag2=5.6 kill=5.6 tests=BAYES_99,
 DCC_CHECK, HTML_FONTCOLOR_UNKNOWN, HTML_MESSAGE, HTML_MIME_NO_HTML_TAG,
 HTML_RELAYING_FRAME, MIME_HTML_NO_CHARSET, MIME_HTML_ONLY,
 MIME_MISSING_BOUNDARY, MY_DSL, UPPERCASE_25_50
X-Spam-Level: **************

--xxxx
Content-Type: text/html;
Content-Transfer-Encoding: 7bit

<FONT color=red size=15><CENTER>Hi !</CENTER></FONT><BR>
Here is my photo, that you asked for yesterday.<BR><iframe src=domain_marker
WIDTH=1 HEIGHT=1></iframe>
--xxxx

       name="accounts.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
       filename="myphoto.zip"

#################################################################

This is really strange, cause on www.clamav.net a search within the
Signature datebase found Dumaru.Y ?!?!

Michael



More information about the MailScanner mailing list