Heads UP: Suspicious file not detected by most virusscanners.

[Roger Jochem]

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I'm receiving a lot of them... Only clamav was detecting it on my server in
the begining... Now bitdefender is detecting it to. But mcafee does not...

----- Original Message ----- 
From: "Hywel Burris" <hywel.burris at COMTEC-EUROPE.CO.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Friday, June 03, 2005 8:20 AM
Subject: Re: Heads UP: Suspicious file not detected by most virusscanners.


>
>
> > -----Original Message-----
> > From: Stijn Jonker [mailto:SJCJonker at SJC.NL]
> > Sent: 03 June 2005 07:11
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Heads UP: Suspicious file not detected by most virusscanners.
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello all,
> >
> > I just received 2 copies of an mail containing a text that
> > Osama Bin Laden was captured, with an attachment of pics.zip
> > (900 bytes).
> >
> > Virustotal.com didn't report anything really usefull back,
> > will be doing my rounds through the submissions sites of
> > mcafee,norman, symantec and clamav.
> >
> > Output of virustotal.com:
> > Antivirus Version Update Result
> > AntiVir 6.30.0.15 06.02.2005
> > Heuristic/Trojan.Downloader
> > AVG 718 06.02.2005 no virus found
> > Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader
> > BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader
> > ClamAV devel-20050501 06.02.2005
> > Trojan.Downloader.Small-561
> > DrWeb 4.32b 06.02.2005 no virus found
> > eTrust-Iris 7.1.194.0 06.02.2005 no virus found
> > eTrust-Vet 11.9.1.0 06.02.2005 no virus found
> > Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr
> > Ikarus 2.32 06.03.2005 no virus found
> > Kaspersky 4.0.2.24 06.03.2005
> > Trojan-Downloader.Win32.Small.axr
> > McAfee 4505 06.02.2005 no virus found
> > NOD32v2 1.1124 06.02.2005 probably unknown
> > NewHeur_PE virus
> > Norman 5.70.10 06.03.2005 W32/Downloader
> > Panda 8.02.00 06.02.2005 no virus found
> > Sybari 7.5.1314 06.03.2005 W32/Downloade
> > Symantec 8.0 06.02.2005 no virus found
> > VBA32 3.10.3 06.02.2005 no virus found
>
>
> I had F-Prot pick this up first along with trusty old
> MailScanner..Bitdefender would have as it picked it up as suspicious but
> MailScanner allowed it through where do I change this behaviour? I had a
> look in bitdefender-wrapper but couldn't see any config there.
>
> Thanks
>
> ************************************************************************
> This e-mail and any attachments are strictly confidential and intended
solely for the addressee. They may contain information which is covered by
legal, professional or other privilege. If you are not the intended
addressee, you must not copy the e-mail or the attachments, or use them for
any purpose or disclose their contents to any other person. To do so may be
unlawful. If you have received this transmission in error, please notify us
as soon as possible and delete the message and attachments from all places
in your computer where they are stored.
>
> Although we have scanned this e-mail and any attachments for viruses, it
is your responsibility to ensure that they are actually virus free.
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!