hi all, fprot is catching the virus all right, but only the exe file then the virus signatures are only for the exe file and not for the zip or the htm - the only logical conclusion i could come to.
if you have f-prot on your desktop then you will catch the vieus just before executing and on the mailserver just add this address to the blocked senders list - - hope that helped Aditya -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Paul Szabo Sent: Monday, August 04, 2003 3:07 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] f-prot not catching mimail ? Mike Tancsa <[EMAIL PROTECTED]> wrote: > I have a few copies of the mimail virus from yesterday that f-prot even > with its latest updates do not catch. Both the Windows and FreeBSD version > fail to identify the two main variants I have got sent my way. I found the same lack of detection, on Linux. Normally I save the suspect email message as a "UNIX mbox" file and feed that to f-prot; it then finds the attached ZIP within, and the files contained within the ZIP. However with Mimail, it does not detect the ZIP within the message. If I unpack the ZIP from the message, then the HTM from the ZIP, and finally the EXE from the HTM, then f-prot seems to skip all those except for the EXE, which it detects correctly. I cannot see anything "special" in the MIME structure of Mimail that would cause f-prot to miss the ZIP attachment (or maybe it is the structure of the ZIP that f-prot cannot unpack?). Cheers, Paul Szabo - [EMAIL PROTECTED] http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia --- $ f-prot virus/mimail -ai -archive -packed -list Virus scanning report - 4 August 2003 @ 7:26 F-PROT ANTIVIRUS Program version: 4.1.1 Engine version: 3.13.3 VIRUS SIGNATURE FILES SIGN.DEF created 1 August 2003 SIGN2.DEF created 2 August 2003 MACRO.DEF created 28 July 2003 Search: virus/mimail Action: Report only Files: Attempt to identify files Switches: -ARCHIVE -PACKED -LIST -AI /usr/users/amstaff/psz/virus/mimail Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 1 Time: 0:00 No viruses or suspicious files/boot sectors were found. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ________________________________________________________________________ Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
