RE: [Declude.JunkMail] Virus?

[Goran Jovanovic]

Richard,   I implemented CLAM AV with the Sane Security phishing filters. This is from the thread that Andrew included. I run F-Prot then McAfee then CLAM AV with the ExitOnFirstDetect (or whatever that directive is). Clam is the scanner that catches pretty much all phishing attempts. The other two don’t do much in that department.   Goran Jovanovic Omega Network Solutions     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, April 06, 2006 2:03 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Virus?   Richard, you might want to check this thread from the archives.  Goran can clarify, but I'm pretty sure that this is the source of the "Sane Security" detection string.   For what it's worth, Message Sniffer catches the email message body you supplied with the MALWARE category.   The hosting provider, 0catch.com are not bad guys but their express hosting model makes them a frequently used hoster of malware and pharmacy sales/scams.   The link was still active, so I downloaded and ran it through various antivirus engines out of curiousity.  Trend Micro didn't detect it, but F-Prot, McAfee and CLAM-AV all did.   Here are the results from VirusTotal.com :   Results of a file scan This is a report processed by VirusTotal on 04/06/2006 at 19:19:19 (CET) after scanning the file "postcard.gif.exe" file. Antivirus Version Update Result AntiVir 6.34.0.24 04.06.2006 TR/Zapchas.F Avast 4.6.695.0 04.03.2006 Win32:Parite AVG 386 04.06.2006 IRC/BackDoor.Flood Avira 6.34.0.56 04.06.2006 TR/Zapchas.F BitDefender 7.2 04.06.2006 Backdoor.IRC.Zapchast.AY CAT-QuickHeal 8.00 04.06.2006 no virus found ClamAV devel-20060202 04.06.2006 W32.Parite.B DrWeb 4.33 04.06.2006 no virus found eTrust-InoculateIT 23.71.121 04.06.2006 no virus found eTrust-Vet 12.4.2151 04.06.2006 no virus found Ewido 3.5 04.06.2006 no virus found Fortinet 2.71.0.0 04.06.2006 BAT/Zapchast.S-tr F-Prot 3.16c 04.06.2006 security risk or a "backdoor" program Ikarus 0.2.59.0 04.06.2006 no virus found Kaspersky 4.0.2.24 04.06.2006 Backdoor.IRC.Zapchast McAfee 4734 04.05.2006 IRC/Flood.ev NOD32v2 1.1474 04.05.2006 IRC/Zapchast.L Norman 5.90.15 04.06.2006 Smalldrp.IYU Panda 9.0.0.4 04.05.2006 no virus found Sophos 4.04.0 04.06.2006 W32/Parite-B Symantec 8.0 04.06.2006 Trojan.Dropper TheHacker 5.9.7.125 04.05.2006 no virus found UNA 1.83 04.05.2006 no virus found VBA32 3.10.5 04.06.2006 Backdoor.IRC.Zapchast     Andrew 8)       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris Sent: Thursday, April 06, 2006 10:20 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Virus? Which virus scanner do you use? Richard Farris Ethixs Online 1.270.247.5555 Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet" ----- Original Message ----- From: Goran Jovanovic To: Declude.JunkMail@declude.com Sent: Thursday, April 06, 2006 10:47 AM Subject: RE: [Declude.JunkMail] Virus?   I had to manually release your message from the virus queue because it got tagged as   Virus:            Html.Phishing.Card.Sanesecurity.06022100     Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris Sent: Thursday, April 06, 2006 9:04 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Virus?   I just received about 10 of these at 7:30 this morning...any ideas what is going on.. Richard Farris Ethixs Online 1.270.247.5555 Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet"