Virus slipped through this morning

Rick Cooper rcooper at dwford.com
Tue May 19 15:51:21 IST 2009


----Original Message----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex
Broens Sent: Tuesday, May 19, 2009 12:59 AM To: MailScanner discussion
Subject: Re: Virus slipped through this morning

> On 5/19/2009 1:23 AM, Ljósnet wrote:
>> www.efnet.is/Info08.zip
> 
> clamdscan Info08.zip
> /tmp/virus/Info08.zip: Broken.Executable FOUND

Detect Broken Executables is not on by default so it has to be enabled in
clamd.conf
But that virus is now detected thanks to the nice fellow at SaneSecurity as
	Sanesecurity.Malware.8871.UNOFFICIAL



> 
> 
> 
>> On Mon, May 18, 2009 at 11:12 PM, Hugo van der Kooij
>> <hvdkooij at vanderkooij.org> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> 
>>> Ljósnet wrote:
>>>> Hello, just wanted to check if anyone here had this one coming through
>>>> today, it seems neither MailScanner og clamav catched it.
>>>> 
>>>> Fortunately nod32 blocked it on my computer.
>>>> 
>>>> http://pastebin.com/m5c3f87bd
>>>> 
>>>> Inside this zip file is a .exe virus. :)
>>> There is nothing usefull there. Where is the ZIP file? I like to see if
>>> I can test it against a bunch of scanners.
>>> 
>>> Hugo
>>> 
>>> 
>>> - --
>>> hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
>>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>>> 
>>>        A: Yes.
>>>        >Q: Are you sure?
>>>        >>A: Because it reverses the logical flow of conversation.
>>>        >>>Q: Why is top posting frowned upon?
>>> 
>>> Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN
>>> PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
>>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>>> 
>>> iEYEARECAAYFAkoR62oACgkQBvzDRVjxmYHOMQCdFHh6p7QJw1Pu8UlD4uTM2eSi
>>> Dg0AoK0BY/xIemt5wBXqcYJBxBCS+2HO
>>> =1Hbe
>>> -----END PGP SIGNATURE-----
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> 
>>> Before posting, read http://wiki.mailscanner.info/posting
>>> 
>>> Support MailScanner development - buy the book off the website!
>>> 
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the MailScanner mailing list