Recently (starting 15.00 +07.00 GMT) our network is infected by yet another mass-mailing worm.
I already submitted this worm as submission number 1530. ClamAv hasn't detected it yet.
The thing is, after I manually unpack the zip file (which contains a .scr), the .scr was recognized as Worm.Bagle.F
ClamAV couldn't recognize it since the zip was password-protected. So far (I only have two different samples now) the password is the same : 31517.
Since the password is the same, hopefully it won't take virus db team long to update the signature.
However what IF:
- there's a new virus
- the virus just passes known (detected) worm, in a zip file
- the zip file is password-protected, and the password always changes (random, included in email body), thus
- the zip file always changes. Creating signature from zip is imposssible.
- ClamAV can't extract the real content.
Can clamav (or ANY AV scanner, for that matter) detects this kind of virus?
Regards,
Fajar A. Nugraha
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
