Heads UP: Suspicious file not detected by most virusscanners.

Roger Jochem roger at RUDNICK.COM.BR
Fri Jun 3 12:40:39 IST 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sorry. Mcafee is detecting it too now...

----- Original Message ----- 
From: "Roger Jochem" <roger at rudnick.com.br>
To: "MailScanner mailing list" <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Friday, June 03, 2005 8:40 AM
Subject: Re: Heads UP: Suspicious file not detected by most virusscanners.


> I'm receiving a lot of them... Only clamav was detecting it on my server
in
> the begining... Now bitdefender is detecting it to. But mcafee does not...
>
> ----- Original Message ----- 
> From: "Hywel Burris" <hywel.burris at COMTEC-EUROPE.CO.UK>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Friday, June 03, 2005 8:20 AM
> Subject: Re: Heads UP: Suspicious file not detected by most virusscanners.
>
>
> >
> >
> > > -----Original Message-----
> > > From: Stijn Jonker [mailto:SJCJonker at SJC.NL]
> > > Sent: 03 June 2005 07:11
> > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > Subject: Heads UP: Suspicious file not detected by most virusscanners.
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Hello all,
> > >
> > > I just received 2 copies of an mail containing a text that
> > > Osama Bin Laden was captured, with an attachment of pics.zip
> > > (900 bytes).
> > >
> > > Virustotal.com didn't report anything really usefull back,
> > > will be doing my rounds through the submissions sites of
> > > mcafee,norman, symantec and clamav.
> > >
> > > Output of virustotal.com:
> > > Antivirus Version Update Result
> > > AntiVir 6.30.0.15 06.02.2005
> > > Heuristic/Trojan.Downloader
> > > AVG 718 06.02.2005 no virus found
> > > Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader
> > > BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader
> > > ClamAV devel-20050501 06.02.2005
> > > Trojan.Downloader.Small-561
> > > DrWeb 4.32b 06.02.2005 no virus found
> > > eTrust-Iris 7.1.194.0 06.02.2005 no virus found
> > > eTrust-Vet 11.9.1.0 06.02.2005 no virus found
> > > Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr
> > > Ikarus 2.32 06.03.2005 no virus found
> > > Kaspersky 4.0.2.24 06.03.2005
> > > Trojan-Downloader.Win32.Small.axr
> > > McAfee 4505 06.02.2005 no virus found
> > > NOD32v2 1.1124 06.02.2005 probably unknown
> > > NewHeur_PE virus
> > > Norman 5.70.10 06.03.2005 W32/Downloader
> > > Panda 8.02.00 06.02.2005 no virus found
> > > Sybari 7.5.1314 06.03.2005 W32/Downloade
> > > Symantec 8.0 06.02.2005 no virus found
> > > VBA32 3.10.3 06.02.2005 no virus found
> >
> >
> > I had F-Prot pick this up first along with trusty old
> > MailScanner..Bitdefender would have as it picked it up as suspicious but
> > MailScanner allowed it through where do I change this behaviour? I had a
> > look in bitdefender-wrapper but couldn't see any config there.
> >
> > Thanks
> >
> > ************************************************************************
> > This e-mail and any attachments are strictly confidential and intended
> solely for the addressee. They may contain information which is covered by
> legal, professional or other privilege. If you are not the intended
> addressee, you must not copy the e-mail or the attachments, or use them
for
> any purpose or disclose their contents to any other person. To do so may
be
> unlawful. If you have received this transmission in error, please notify
us
> as soon as possible and delete the message and attachments from all places
> in your computer where they are stored.
> >
> > Although we have scanned this e-mail and any attachments for viruses, it
> is your responsibility to ensure that they are actually virus free.
> >
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list