Virus being missed. (assumed)

David Curtis DCurtis at SBSCHOOLS.NET
Fri Mar 4 19:02:03 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I guess it is time to look at using BitDefender. Someone want to point me
to some help docs to get it setup with mailscanner and clamav??
 
 
Thanks for the info. It did find it:
 
Service load: |
0%     100%
File: 54543.rar
Status: INFECTED/MALWARE (Note: this file has been scanned before.
Therefore, this file's scan results will not be stored in the database)
Packers detected: None
 
AntiVir No viruses found (0.47 seconds taken)
Avast No viruses found (1.50 seconds taken)
AVG Antivirus No viruses found (0.48 seconds taken)
BitDefender Win32.Bagle.BG at mm (0.51 seconds taken)
ClamAV No viruses found (0.59 seconds taken)
Dr.Web Win32.HLLM.Beagle.34304 (0.89 seconds taken)
F-Prot Antivirus No viruses found (0.22 seconds taken)
Fortinet W32/Bagle.BL-mm (0.41 seconds taken)
Kaspersky Anti-Virus Email-Worm.Win32.Bagle.pac (0.99 seconds taken)
mks_vir Worm.Beagle.AV (0.25 seconds taken)
NOD32 Win32/Bagle.BA (0.50 seconds taken)
Norman Virus Control No viruses found (0.19 seconds taken)
 
Statistics
Last piece of malware found was Win32/Bagle.BA in Entire_Message.eml,
detected by:

Scanner Malware name Time taken
AntiVir X 0.48 seconds
Avast X 1.53 seconds
AVG Antivirus X 0.45 seconds
BitDefender Win32.Bagle.BG at mm 0.68 seconds
ClamAV X 1.80 seconds
Dr.Web Win32.HLLM.Beagle.34304 0.91 seconds
F-Prot Antivirus X 0.23 seconds
Fortinet W32/Bagle.BL-mm 0.41 seconds
Kaspersky Anti-Virus Email-Worm.Win32.Bagle.pac 1.01 seconds
mks_vir Worm.Beagle.AV 0.26 seconds
NOD32 Win32/Bagle.BA 0.50 seconds
Norman Virus Control X 0.21 seconds

>>> Glenn.Steen at AP1.SE 03/04 1:42 PM >>>
Try it at jotti.org and see what other scanners think.
 
-- Glenn
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]
On Behalf Of David Curtis
Sent: den 4 mars 2005 19:31
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Virus being missed. (assumed)

I think I have a virus that is being missed by mailscanner/clamav.
Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam,
SpamAssassin (score=7.065, required 3.75,
 BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE
0.00,
 HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23,
 MSGID_SPAM_LETTERS 2.71)
 
The attachment has a rar file seams to be a randomly generated
number with a file dddd.exe in it.
 
Just an fyi.
 







This email may contain information protected under the Family
Educational Rights and Privacy Act (FERPA) or the Health Insurance
Portability and Accountability Act (HIPAA). If this email contains
confidential and/or privileged health or student information and
you
are not entitled to access such information under FERPA or HIPAA,
federal regulations require that you destroy this email without
reviewing it and you may not forward it to anyone.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!








This email may contain information protected under the Family
Educational Rights and Privacy Act (FERPA) or the Health Insurance
Portability and Accountability Act (HIPAA). If this email contains
confidential and/or privileged health or student information and you
are not entitled to access such information under FERPA or HIPAA,
federal regulations require that you destroy this email without
reviewing it and you may not forward it to anyone.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list