Heads UP: Suspicious file not detected by most virusscanners.

Hywel Burris hywel.burris at COMTEC-EUROPE.CO.UK
Fri Jun 3 12:20:50 IST 2005 

 

> -----Original Message-----
> From: Stijn Jonker [mailto:SJCJonker at SJC.NL] 
> Sent: 03 June 2005 07:11
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Heads UP: Suspicious file not detected by most virusscanners.
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello all,
> 
> I just received 2 copies of an mail containing a text that 
> Osama Bin Laden was captured, with an attachment of pics.zip 
> (900 bytes).
> 
> Virustotal.com didn't report anything really usefull back, 
> will be doing my rounds through the submissions sites of 
> mcafee,norman, symantec and clamav.
> 
> Output of virustotal.com:
> Antivirus	Version	Update	Result
> AntiVir	6.30.0.15	06.02.2005	
> Heuristic/Trojan.Downloader
> AVG	718	06.02.2005	no virus found
> Avira	6.30.0.15	06.02.2005	Heuristic/Trojan.Downloader
> BitDefender	7.0	06.02.2005	BehavesLike:Trojan.Downloader
> ClamAV	devel-20050501	06.02.2005	
> Trojan.Downloader.Small-561
> DrWeb	4.32b	06.02.2005	no virus found
> eTrust-Iris	7.1.194.0	06.02.2005	no virus found
> eTrust-Vet	11.9.1.0	06.02.2005	no virus found
> Fortinet	2.27.0.0	06.03.2005	W32/Gifget.A-tr
> Ikarus	2.32	06.03.2005	no virus found
> Kaspersky	4.0.2.24	06.03.2005	
> Trojan-Downloader.Win32.Small.axr
> McAfee	4505	06.02.2005	no virus found
> NOD32v2	1.1124	06.02.2005	probably unknown 
> NewHeur_PE virus
> Norman	5.70.10	06.03.2005	W32/Downloader
> Panda	8.02.00	06.02.2005	no virus found
> Sybari	7.5.1314	06.03.2005	W32/Downloade
> Symantec	8.0	06.02.2005	no virus found
> VBA32	3.10.3	06.02.2005	no virus found


I had F-Prot pick this up first along with trusty old
MailScanner..Bitdefender would have as it picked it up as suspicious but
MailScanner allowed it through where do I change this behaviour? I had a
look in bitdefender-wrapper but couldn't see any config there.

Thanks

************************************************************************
This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. 

Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free.
 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list