RE: [Clamav-users] new user to clamAV SpamAssassin

Sun, 14 Mar 2004 03:23:20 -0800 

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> Sent: Sunday, 14 March 2004 12:27 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] new user to clamAV SpamAssassin
> 
> > any 'exe' emailed to me from an unknown sender must be).  
> Its probably
> > just a trojan :_)  If you want to look at the suspicious 
> message, its
> > in ftp://spam:[EMAIL PROTECTED]/unknown_mail.txt
> > 
> 
> It's the top of a upx'd binary.  423 bytes is far too small 
> for a usable 
> PE binary so it sounds like you got some corrupt virus trying to 
> propigate.  If you have a sandbox, try to run it -- I bet it 
> will bomb and 
> do nothing.  Windows /may/ even refuse to execute it.
> 
> ----
> [EMAIL PROTECTED] tmp]# upx -d /tmp/ranking.htm.exe
>                      Ultimate Packer for eXecutables
>          Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002
> UPX 1.24         Markus F.X.J. Oberhumer & Laszlo Molnar      
>    Nov 7th 
> 2002
> 
>         File size         Ratio      Format      Name
>    --------------------   ------   -----------   -----------
> upx: /tmp/ranking.htm.exe: CantUnpackException: exe header corrupted

Thanks for that.  I didn't try to unpack it myself since I don't have a
secure sandbox  available.

Cheers.



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to