I got a ton of autoreplies from AV software on this. The message did not
contain a virus, the signature is triggered by a line in the exploit that
contains the Unix commands to cat the password file through a pipe to the
mail program. Of course, I won't quote the actual line, because then this
message will trigger the same problem, but interested users can view the
original message at:
http://www.securityfocus.com/archive/1/163938
Yes, going to that URL may cause your AV software to act up again.
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
> My Antivirus detected the Virus "unix.penguin" from mail By kanedaaa
> Bohater, Subjet CGI - Mailnews cgi vulnerability dated 20/02/2001.
>
> >From Virus Encyclopedia:
>
> Unix.Penguin is a simple shell script which emails the unix passwd file to
> someone. This may allow others to gain information about a system.
>
> Luca
