New virus?

Rose, Bobby brose at MED.WAYNE.EDU
Tue May 11 15:59:22 IST 2004


What is ClamAV identifying it as? 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Martin Hepworth
Sent: Tuesday, May 11, 2004 10:37 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: New virus?

Remco

Clamav catches it... sophos doesn't - have sent off samples..

also a bagle zip varient hitting my site - no passwd image where there
should be one and the zip isn't encrypted so it sails past MS. Looks
like a broken one..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Remco Barendse wrote:
> We are receiving messages that contain only a link in the body. I 
> cannot confirm it is a virus but it is mass mailed and is pretending 
> to be something else.
>
> This is the complete contents of the df file of the virus (I would NOT

> open the url on a Winblows box!):
>
> <HTML><HEAD></HEAD><BODY bgColor=#ffffff><DIV><FONT face=Arial 
> size=2><BR><A href="http://drs.yahoo.com/ecem.com/NEWS/*http://
> www.security-warning.biz/personal6/maljo24/www.YAHOO.com/#http://drs.y
> ahoo.com/ecem.com/NEWS">http://drs.yahoo.com/ecem.com/NE
> WS</A></FONT></DIV></BODY></HTML>
>
> It is not detected up by 3 different virus scanner and I could not 
> find any info about it in google.
>
> I tried downloading the webpage but did not succeed.
>
> Can we block such constructed url's in MailScanner?
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
system manager.

This footnote confirms that this email message has been swept for the
presence of computer viruses and is believed to be clean.

**********************************************************************

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html




More information about the MailScanner mailing list