Hi Matt..
thanks for your quick reply. Here is the virus log
entries:
03/24/2006 14:34:08.042 q49aa017400001b4f.smd Vulnerability flags =
0
03/24/2006 14:34:10.777 q49aa017400001b4f.smd Virus scanner 1 reports exit code of 0 03/24/2006 14:34:11.871 q49aa017400001b4f.smd Virus scanner 2 reports exit code of 8 03/24/2006 14:34:11.965 q49aa017400001b4f.smd Scanner 2: Virus= Possibly a new variant of JS/ Attachment=[HTML segment] [17] I 03/24/2006 14:34:12.012 q49aa017400001b4f.smd File(s) are INFECTED [ Possibly a new variant of JS/: 8] 03/24/2006 14:34:12.059 q49aa017400001b4f.smd Deleting file with virus 03/24/2006 14:34:12.121 q49aa017400001b4f.smd Deleting E-mail with virus! 03/24/2006 14:34:12.153 q49aa017400001b4f.smd Scanned: CONTAINS A VIRUS [MIME: 1 2652] 03/24/2006 14:34:12.184 q49aa017400001b4f.smd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 10.119.249.109] 03/24/2006 14:34:12.215 q49aa017400001b4f.smd Subject: Response & here is our entries in the virus.cfg file
SCANFILE1
C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP
/PANALYZE /NOBREAK /UNZIP /SILENT /NODDA /REPORT report.txt
VIRUSCODE1 13 REPORT1 Found # F-PROT - 2nd scanner
SCANFILE2 C:\Progra~1\FSI\F-Prot\fpcmd.exe -AI /TYPE /SILENT
/server /PARANOID /NOMEM /ARCHIVE=5 /PACKED /NOBOOT /DUMB
/REPORT=report.txt
VIRUSCODE2 3 VIRUSCODE2 6 VIRUSCODE2 8 REPORT2 Infection: # AVG - 3rd Scanner SCANFILE3 C:\Progra~1\Grisoft\AVG7\avgscan.exe /NOMEM /NOBOOT /NOHIMEM /NOSELF /ARC /RT /ARCW /RTW /MACROW /REPORT=report.txt VIRUSCODE3 4 VIRUSCODE3 5 VIRUSCODE3 6 VIRUSCODE3 7 VIRUSCODE3 9 REPORT3 identified # CLAM- 4th
Scanner
SCANFILE4 C:\clamav-devel\bin\clamscan.exe --quiet --log-verbose --no-summary --max-ratio 0 -l report.txt VIRUSCODE4 1 Hope that helps..
Regards,
- Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, March 24, 2006 5:56 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Containing: Possibly a new variant of JS/ virus You might want to post your full Declude Virus log snippet for one such message and identify both your Declude version and your virus scanners. Matt |
- [Declude.Virus] Containing: Possibly a new variant of JS/ v... Kami Razvan
- Re: [Declude.Virus] Containing: Possibly a new variant... Matt
- RE: [Declude.Virus] Containing: Possibly a new var... Kami Razvan