Strange Virus Detected Messages
DNSAdmin
dnsadmin at 1BIGTHINK.COM
Mon May 2 21:34:19 IST 2005
At 04:04 PM 5/2/2005, you wrote:
>Hi!
>
>>Report: F-Prot:
>>/var/spool/MailScanner/incoming/4958/j42J8XdD005496/msg-4958-7.html
>>Infection: HTML/ObjData at expl
>>
>>After querying users, it seems these messages could be false negatives.
>>
>>I am using both Clam AV and F-Prot - however ONLY F-Prot reports on
>>this.
>>(If I turn off F-Prot - no messages)
>
>Most likely related to:
>
>196 (first @ 19:01:16, last = 21:53:36) Worm.Sober.P
>
>Started about the same time
>
>2047 (first @ 19:06:47, last = 21:57:20) HTML/ObjData at expl
>
>>I proceeded to update Clam AV to the latest version .84 and F-Prot to
>>the latest 4.5.4. with the same result.
>>
>>Is this a MailScanner issue or is this a genuine Infection that F-Prot
>>is seeing?
>
>As far as we could tell, yes.
>
>Bye,
>Raymond.
Raymond.. as far as you could tell.. what? A genuine infection?
I am seeing this too. It's almost as if something is attaching these .HTML
attachments to valid mail.
Thanks,
Glenn
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
http://www.sng.ecs.soton.ac.uk/mailscanner/
Configuration by Glenn Parsons dnsadmin-at-1bigthink.com
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list