F-Prot detects INor.D as a "security risk" not a virus. The output of an F-Prot scan is below.
-Frank Virus scanning report - 12 March 2004 @ 11:27 F-PROT ANTIVIRUS Program version: 3.14b Engine version: 3.14.7 VIRUS SIGNATURE FILES SIGN.DEF created 11 March 2004 SIGN2.DEF created 11 March 2004 MACRO.DEF created 8 March 2004 Search: p_usb.zip Action: Report only Files: "Dumb" scan of all files Switches: /ARCHIVE /PACKED /REPORT=report.txt /SILENT /NOBOOT /NOMEM Memory was not scanned. Hard disk boot sectors were not scanned. C:\Download\p_usb.zip->usb_d2.exe is a security risk named W32/Inor.D Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 2 Infected: 0 Suspicious: 1 Disinfected: 0 Deleted: 0 Renamed: 0 Time: 0:00 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, March 12, 2004 11:30 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] INor.D >I just had a email slip by my IMail server to my PC with the Inor.D in a >.zip (with a .exe inside) > >Both are running latest .C version of F-Prot. > >What could I have in my virus.cfg that allowed this? I still have the >.zip if anyone wants it. The first question is why it was not caught by F-Prot. The second is why it was not caught by other options (banning .ZIP files, etc.). My guess is that it was not caught by F-Prot because it is a trojan, which can't spread on its own. That means that if you open it, it will not spread to other computers. It's a bad program, but not one that would normally be considered a virus (so some scanners may block it while others will not). As for why it was not blocked as an .exe within a .zip, that all depends on your settings -- if you use "BANEXT ZIP" or both "BANEXT EXE" and "BANZIPEXTS" with the latest interim, it should get caught (if you are using the Standard/Pro version, depending on which technique you are using). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
