As soon as I saw this email I terminaled into our SMTP server and saw F-Secure grabbed the first mimail on July 27, a week ago. The reason I was so shocked by this email, is that in the 14 years I have been fighting viruses, and have used everything, I saw multiple instances of Norton and McAfee either not finding or not removing a virus. But in all that time I have never found one that got by F-Prot, then later F-Secure, which is why it is the only AV we use from firewall to mail server to desktop.
If it sounds like I'm prejudiced, it's because I am. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions [EMAIL PROTECTED] 936.637.7977 ext. 121 ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike Tancsa Sent: Saturday, August 02, 2003 1:34 PM To: [EMAIL PROTECTED] Subject: [inbox] [Full-Disclosure] f-prot not catching mimail ? I have a few copies of the mimail virus from yesterday that f-prot even with its latest updates do not catch. Both the Windows and FreeBSD version fail to identify the two main variants I have got sent my way. e.g. avscan1% md5 *.DEF MD5 (MACRO.DEF) = fc09bc864e62639bc3424e3425083421 MD5 (SIGN.DEF) = a5d8c14285b2c866e3261421f7f3a0d2 MD5 (SIGN2.DEF) = 12c403a108c398aeaca01a2a4da68de4 avscan1% f-prot -verno F-PROT ANTIVIRUS Program version: 4.1.0 Engine version: 3.13.3 VIRUS SIGNATURE FILES SIGN.DEF created 1 August 2003 SIGN2.DEF created 1 August 2003 MACRO.DEF created 28 July 2003 avscan1% avscan1% f-prot message*.html Virus scanning report - 2 August 2003 @ 14:29 F-PROT ANTIVIRUS Program version: 4.1.0 Engine version: 3.13.3 VIRUS SIGNATURE FILES SIGN.DEF created 1 August 2003 SIGN2.DEF created 1 August 2003 MACRO.DEF created 28 July 2003 Search: message.html message2.html Action: Report only Files: Attempt to identify files Switches: <none> Results of virus scanning: Files: 2 MBRs: 0 Boot sectors: 0 Objects scanned: 0 Time: 0:00 No viruses or suspicious files/boot sectors were found. avscan1% md5 message*.html MD5 (message.html) = d1f0f5dd1f4ebbeebbd61e884ed1669c MD5 (message2.html) = d7b72f9b8370aa3b132069a878b5b5c8 avscan1% These are both caught by other scanners but passed by f-prot. Anyone with f-prot successfully identify this virus ? avscan1% f-prot -virlist | grep -i mimail [EMAIL PROTECTED] JS/Mimail.dropper avscan1% I sent email yesterday about this to frisk, but just got a "we will submit to the lab." That was before their update so I wonder if they figure they are covered. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, [EMAIL PROTECTED] Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
