Steve Lenti wrote:
On Fri, 16 Jul 2004 08:39:16 -0500, Vernon A. Fort
<[EMAIL PROTECTED]> wrote:
I have email messages that are being detected as Worm.Bagle.Gen-zippwd
but when I unzip, clamav detects the binary as Bagle.AF. I cannot
submit a sample because its already detected.
If someone wants a few sample email messages, let me know where to send
them.
I might be way off base here, but isnt the virus you are talking about
a "Zipped" Bagel generation virus? Which would explain why its being
detected as Worm.Bagle.Gen-zippwd right?
OK - the virus was NOT detected by uvscan, AGV or Sophos but WAS
detected by clamav - a good thing. This is why I use clamav on several
mail server in conjunction with a commercial scanner. This e-Mail virus
WAS a password protected zip file but when unzipped, the files were
detected as the Bagle.AF virus by all scanners including clamav. My
only reason for sending the original post was to see if 'Maybe' the
virus programmers wanted a sample of this message because some were
detected as Bagel.AF but not all. But then again, maybe it is being
detected correctly?
Vernon
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
