Suddenly ZEROHOUR starts catching virusses but it does not know WHAT it caught.
Declude Virus v4.3.64 caught the ZEROHOUR Unknown virus in readme.zip
from [Forged] to:  [EMAIL PROTECTED]

Date:       04 May 2008 12:36:21
Subject:    Returned mail: see transcript for details
Spool File: D7b90047b0000bde0.smd
Remote IP:

>From the virlog:
C:\Temp>GREP -i 0000BDE0 vir0504.log
05/04/2008 12:36:21.061 q7b90047b0000bde0.smd Vulnerability flags = 0
05/04/2008 12:36:21.076 q7b90047b0000bde0.smd MIME file: readme.zip [base64; 
Length=29054 Checksum=3149200]
05/04/2008 12:36:21.139 q7b90047b0000bde0.smd ZEROHOUR Reports VIRUS: Unknown
05/04/2008 12:36:21.139 q7b90047b0000bde0.smd File(s) are INFECTED [ZEROHOUR 
05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Virus scanner 1 reports exit code 
of 3
05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Forging virus found: Likely 
forged sender was [EMAIL PROTECTED]
05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Scanner 1: Virus=: W32/[EMAIL 
PROTECTED] Attachment=readme.zip [50] I
05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Scanned: CONTAINS A VIRUS [MIME: 
2 29533]
05/04/2008 12:36:21.342 q7b90047b0000bde0.smd From: [Forged] To: [EMAIL 
PROTECTED] [incoming from]
05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Subject: Returned mail: see 
transcript for details
I seems one of my other scanners thinks it's a virus as well, and... it reports 
a name.

1) I've seen a ZEROHOUR virus just once before, is this a new feature?

2) Does ZEROHOUR ever know the name of the virus?

3) Could we have a new feature where Declude uses the "real" name of a virus 
when multiple scanners report a virus and some don't know the name?

Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer

tio hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.

Reply via email to