Yep, I'm seeing the same thing with Version 3.0.5.12:
=====
10/28/2005 10:56:04.343 q662b02ab0000beb9.smd Vulnerability flags = 0
10/28/2005 10:56:04.343 q662b02ab0000beb9.smd MIME file: [text/html][7bit;
Length=714 Checksum=63910]
10/28/2005 10:56:04.390 q662b02ab0000beb9.smd MIME file: email-details.zip
[base64; Length=93976 Checksum=11204045]
10/28/2005 10:56:04.390 q662b02ab0000beb9.smd Banning .ZIP file with scr
extension.
10/28/2005 10:56:06.156 q662b02ab0000beb9.smd Virus scanner 1 reports exit
code of 3
10/28/2005 10:56:06.171 q662b02ab0000beb9.smd Scanner 1: Virus=
W32/[EMAIL PROTECTED] Attachment=email-details.zip [16] I
10/28/2005 10:56:07.109 q662b02ab0000beb9.smd Virus scanner 2 reports exit
code of 1
10/28/2005 10:56:07.109 q662b02ab0000beb9.smd Scanner 2: Virus= [
WORM_MYTOB.LV]( 1) in
M:\IMail\spool\proc\work\D662B0~1.VIR\0.zip,(email-details.htm
.scr) Attachment=email-details.zip [16] I
10/28/2005 10:56:07.109 q662b02ab0000beb9.smd File(s) are INFECTED [ [
TROJ_GOLDUN.G]( 1) in
M:\IMail\spool\proc\work\D644C0~1.VIR\0.rar,(MsWindowsUpdate.exe): 1]
10/28/2005 10:56:07.109 q662b02ab0000beb9.smd Scanned: CONTAINS A VIRUS
[Prescan OK][MIME: 2 94832]
10/28/2005 10:56:07.109 q662b02ab0000beb9.smd From: xxx To: xxx [incoming
from xxx]
10/28/2005 10:56:07.109 q662b02ab0000beb9.smd Subject: Important
Notification
=====
10/28/2005 10:56:22.171 q664302ab0000becd.smd Vulnerability flags = 0
10/28/2005 10:56:23.750 q664302ab0000becd.smd Virus scanner 1 reports exit
code of 3
10/28/2005 10:56:23.750 q664302ab0000becd.smd Scanner 1: Virus=
HTML/[EMAIL PROTECTED] Attachment= [16] I
10/28/2005 10:56:24.625 q664302ab0000becd.smd Virus scanner 2 reports exit
code of 1
10/28/2005 10:56:24.625 q664302ab0000becd.smd Scanner 2: Virus= [
HTML_Netsky.P]( 1) in M:\IMail\spool\proc\work\D66430~1.VIR\0,(NONAMEFL)
Attachment= [16] I
10/28/2005 10:56:24.625 q664302ab0000becd.smd File(s) are INFECTED [ [
TROJ_GOLDUN.G]( 1) in
M:\IMail\spool\proc\work\D644C0~1.VIR\0.rar,(MsWindowsUpdate.exe): 1]
10/28/2005 10:56:24.625 q664302ab0000becd.smd Scanned: CONTAINS A VIRUS
10/28/2005 10:56:24.625 q664302ab0000becd.smd From: xxx To: xxx [incoming
from xxx]
10/28/2005 10:56:24.625 q664302ab0000becd.smd Subject: Mail delivery failed:
returning message to sender
=====
Bill
----- Original Message -----
From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, October 28, 2005 9:37 AM
Subject: [Declude.Virus] Virus name reported as different than what scanner
detected.
Anyone seen this before? The message (attachment) have the W97M/Thus
Virus and is detected by McAfee as having such, but the final virus string
somehow ends up at Netsky?
Darrell
x:\imail\spool>grep -i q41c378d5099ed6c9.smd vir1028.log
10/28/2005 11:21:09.718 q41c378d5099ed6c9.smd Vulnerability flags = 0
10/28/2005 11:21:09.718 q41c378d5099ed6c9.smd MIME file: HD New Look
list.doc [base64; Length=59
904 Checksum=2996157]
10/28/2005 11:21:10.750 q41c378d5099ed6c9.smd Virus scanner 1 reports exit
code of 0
10/28/2005 11:21:11.359 q41c378d5099ed6c9.smd Virus scanner 2 reports exit
code of 13
10/28/2005 11:21:11.359 q41c378d5099ed6c9.smd Scanner 2: Virus= the
W97M/Thus.gen Attachment=HD
New Look List.doc [11] I
10/28/2005 11:21:11.359 q41c378d5099ed6c9.smd File(s) are INFECTED [
W32/[EMAIL PROTECTED]: 13]
10/28/2005 11:21:32.796 q41c378d5099ed6c9.smd Scanned: CONTAINS A VIRUS
[MIME: 2 60102]
10/28/2005 11:21:32.796 q41c378d5099ed6c9.smd From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [
incoming from 64.207.161.182]
10/28/2005 11:21:32.796 q41c378d5099ed6c9.smd Subject: Here we go Again -
Proposal
------------------------------------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration,
MRTG Integration, and Log Parsers.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
