There's a plugin (in the firewall group iirc, but I don't know the plugin ID off the top of my head) that mails an EICAR string through a mail relay, if present, on the target machine. The idea is that it will test the antivirus software on the mail server (assuming AV is used). I guess that this plugin doesn't write to the report since it cannot know the outcome of the test (must read the email for that). Might be a good idea to include an FYI in the report to check mail or mail logs, though.
HTH, Michael -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, February 09, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: Strange Emails.. Hi; We are getting some strange emails, from what appears to be out of Nessus. hostname #su - root # mail Mail [5.2 UCB] [AIX 4.1] Type ? for help. "/var/spool/mail/root": 5 messages 5 new >N 1 [EMAIL PROTECTED] Thu Feb 5 15:34 27/829 "Nessus antivirus test 1: bas" N 2 [EMAIL PROTECTED] Thu Feb 5 15:34 20/666 "Nessus antivirus test 2: uue" N 3 [EMAIL PROTECTED] Thu Feb 5 15:34 27/860 "Nessus antivirus test 3: alt" N 4 [EMAIL PROTECTED] Thu Feb 5 15:34 27/903 "Nessus antivirus test 4: bro" N 5 [EMAIL PROTECTED] Thu Feb 5 15:35 26/758 "Nessus antivirus test 5: 'mi" ? However, we just ran a default scan of about 30 hosts (this was one of them), but checked the reports and could not find anything about a AntiVirus Scan. ------------ The contents of the message: from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] Organization: Nessus Kabable Subject: Nessus antivirus test 1-5 If you can read or execute the attachment, you need to install an antivirus or fix for your current one. ------------ These emails were sent to the [EMAIL PROTECTED], from what looks like our nessus server, but again could not find anywhere where we asked it to perform a scan such as this. These were AIX and HPUX based systems. Has anyone seen somethins as such as this... Scott S. Sun Health Corportion Computer Security Officer _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
