New virus?

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Tue May 11 16:05:36 IST 2004


Hi

ClamAV 0.70 on my system is trapping as Exploit.MhtRedir

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Rose, Bobby wrote:
> What is ClamAV identifying it as?
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Tuesday, May 11, 2004 10:37 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: New virus?
>
> Remco
>
> Clamav catches it... sophos doesn't - have sent off samples..
>
> also a bagle zip varient hitting my site - no passwd image where there
> should be one and the zip isn't encrypted so it sails past MS. Looks
> like a broken one..
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Remco Barendse wrote:
>
>>We are receiving messages that contain only a link in the body. I
>>cannot confirm it is a virus but it is mass mailed and is pretending
>>to be something else.
>>
>>This is the complete contents of the df file of the virus (I would NOT
>
>
>>open the url on a Winblows box!):
>>
>><HTML><HEAD></HEAD><BODY bgColor=#ffffff><DIV><FONT face=Arial
>>size=2><BR><A href="http://drs.yahoo.com/ecem.com/NEWS/*http://
>>www.security-warning.biz/personal6/maljo24/www.YAHOO.com/#http://drs.y
>>ahoo.com/ecem.com/NEWS">http://drs.yahoo.com/ecem.com/NE
>>WS</A></FONT></DIV></BODY></HTML>
>>
>>It is not detected up by 3 different virus scanner and I could not
>>find any info about it in google.
>>
>>I tried downloading the webpage but did not succeed.
>>
>>Can we block such constructed url's in MailScanner?
>>
>>-------------------------- MailScanner list ----------------------
>>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>>Before posting, please see the Most Asked Questions at
>>http://www.mailscanner.biz/maq/     and the archives at
>>http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they are
> addressed. If you have received this email in error please notify the
> system manager.
>
> This footnote confirms that this email message has been swept for the
> presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list