[Declude.Virus] W32.Netsky.Q got through..

Fri, 23 Apr 2004 06:40:26 -0700 

Hello,
        This morning when receiving message from our spam account (I hold
everything instead of deleting then review), I received a message and
attachment that Norton AV on my local machine caught as a Netsky.Q virus.
This would have been delivered to the client had it not failed the spam
tests.
        I'm running Declude v1.79 and F-Prot 3.14e with latest defs.  Anyone
else seeing Netsky.Q's getting through?  Luckily I haven't seen anymore come
through, but if you look at the virus logs, it sees it as virus free.  UGH!
Wish I could have caught it on my Linux VM so I could continue sending the
message to the server to see when it finally catches it.
        Thoughts, comments welcome.. -Jeff

______________________________________________________
Norton Attachment:
Norton AntiVirus removed the attachment: msg15622.zip.
The [EMAIL PROTECTED] threat was detected in the attachment.
______________________________________________________
iMail Log:
04:23 02:21 SMTPD(05FB0112) [61.149.33.60] EHLO etna.com
04:23 02:21 SMTPD(05FB0112) [61.149.33.60] MAIL FROM:<[EMAIL PROTECTED]>
04:23 02:21 SMTPD(05FB0112) [61.149.33.60] RCPT TO:<[EMAIL PROTECTED]>
04:23 02:21 SMTPD(05FB0112) [61.149.33.60] C:\IMAIL\spool\Db5cf112.SMD 41758
04:23 02:21 SMTP-(000004FC) processing C:\IMAIL\spool\Qb5cf112.SMD
04:23 02:21 SMTP-(000004FC) forwarded message to [EMAIL PROTECTED]
04:23 02:21 SMTP-(000004FC) ldeliver domain.com spam-main (1)
<[EMAIL PROTECTED]> 42284
04:23 02:21 SMTP-(000004FC) finished C:\IMAIL\spool\Qb5cf112.SMD status=1
______________________________________________________
Declude Log:
04/23/2004 02:21:25 Qb5cf112 L1 Message OK
04/23/2004 02:21:25 Qb5cf112 Tests failed [weight=14]: SBL=WARN
IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN SPAMHEADERS=WARN
WEIGHT10=ROUTETO CATCHALLMAILS=IGNORE
______________________________________________________
Virus Log:
04/23/2004 02:21:24 Qb5cf112 Scanned: Virus Free [MIME: 2 30030]


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.

Reply via email to