[Clamav-users] FOO.EXE
Here I am looking at manual. Using my clamav tools I find. --- SCAN SUMMARY --- Known viruses: 9317 Scanned directories: 1 Scanned files: 33 Infected files: 0 Data scanned: 27.98 Mb I/O buffer size: 131072 bytes Time: 14.597 sec (0 m 14 s) webmail:/home/dee# clamscan viri viri/message.zip: Trojan.Dropper.C FOUND --- SCAN SUMMARY --- Known viruses: 9317 Scanned directories: 1 Scanned files: 1 Infected files: 1 Data scanned: 0.02 Mb I/O buffer size: 131072 bytes Time: 0.360 sec (0 m 0 s) Following the Signature Tool section 3.5 sigtool -c clamscan --stdout -f message.zip -s message Not detected at 3900, moving backward. Not detected at 1950, moving backward. Not detected at 975, moving backward. Not detected at 487, moving backward. Not detected at 243, moving backward. Not detected at 121, moving backward. Not detected at 60, moving backward. Not detected at 29, moving backward. Not detected at 13, moving backward. Not detected at 5, moving backward. Not detected at 1, moving backward. Not detected at 0, moving backward. Not detected at 0, moving backward. Starting precise loop Segmentation fault This made it past our version of clamav ? clamscan / ClamAV version 0.60 Dee --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] FOO.EXE
On Saturday 16 August 2003 4:57 pm, W.D. McKinney wrote: Here I am looking at manual. Using my clamav tools I find. webmail:/home/dee# clamscan viri viri/message.zip: Trojan.Dropper.C FOUND Yup - that's the one I thought it would be :) It's been detected by ClamAV since 1st August. This made it past our version of clamav ? clamscan / ClamAV version 0.60 I don't understand. You said it just got detected and identified by your version of ClamAV... Does whatever mail scanning system you use check .zip files for viruses? Did it correctly pass this one to ClamAV for checking when it came through? Antony. -- Anyone that's normal doesn't really achieve much. - Mark Blair, Australian rocket engineer --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] FOO.EXE
Hi, One of our customers we host e-mail sent it to me from down in AU and it was from [EMAIL PROTECTED] as it made it to her from our server.(Like you said :-) This is the first instance of a known viris making through our system that I know. Thanks We run qmail/qmail-scanner/SA/clamav and it has worked excellent. It may have been in a small window of time On Sat, 2003-08-16 at 08:41, Antony Stone wrote: On Saturday 16 August 2003 4:57 pm, W.D. McKinney wrote: Here I am looking at manual. Using my clamav tools I find. webmail:/home/dee# clamscan viri viri/message.zip: Trojan.Dropper.C FOUND Yup - that's the one I thought it would be :) It's been detected by ClamAV since 1st August. This made it past our version of clamav ? clamscan / ClamAV version 0.60 I don't understand. You said it just got detected and identified by your version of ClamAV... Does whatever mail scanning system you use check .zip files for viruses? Did it correctly pass this one to ClamAV for checking when it came through? Antony. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] FOO.EXE
On Saturday 16 August 2003 5:58 pm, W.D. McKinney wrote: Hi, One of our customers we host e-mail sent it to me from down in AU and it was from [EMAIL PROTECTED] as it made it to her from our server.(Like you said :-) When was the message sent (or, more accurately, when was it received scanned by your server)? We run qmail/qmail-scanner/SA/clamav and it has worked excellent. It may have been in a small window of time This virus has been detected by ClamAV since 1st August. If the email was processed on your server much after that I recommend you check your signature updating system to ensure it (a) works and (b) tells you when there's a problem (which there are from time to time). Regards, Antony. -- This email was created using 100% recycled electrons. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] FOO.EXE
On 16 Aug 2003 07:57:50 -0800 W.D. McKinney [EMAIL PROTECTED] wrote: sigtool -c clamscan --stdout -f message.zip -s message Not detected at 5, moving backward. Not detected at 1, moving backward. Not detected at 0, moving backward. Not detected at 0, moving backward. Starting precise loop Segmentation fault This made it past our version of clamav ? clamscan / ClamAV version 0.60 Sigtool has _nothing_ to virus catching. Something must be wrong in your setup. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ - C. Amboinensiswww.pajacyk.pl --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] FOO.EXE
sigtool -c clamscan --stdout -f message.zip -s message Someone correct me if I'm wrong but I'm pretty sure you can't use sigtool to extract the virus signature from a zip (no matter what scanner you use). The zip itself is not infected, you need to unzip the file and extract the signature from the infected file within. Quite why you're trying to do this however I can't see, as you've already proven that clamscan can detect the infection. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] FOO.EXE
On 16 Aug 2003 20:26:44 +0100 Kevin Spicer [EMAIL PROTECTED] wrote: sigtool -c clamscan --stdout -f message.zip -s message Someone correct me if I'm wrong but I'm pretty sure you can't use sigtool to extract the virus signature from a zip (no matter what You're completely right. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ - C. Amboinensiswww.pajacyk.pl --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] FOO.EXE
On Saturday 16 August 2003 8:26 pm, Kevin Spicer wrote: sigtool -c clamscan --stdout -f message.zip -s message Someone correct me if I'm wrong but I'm pretty sure you can't use sigtool to extract the virus signature from a zip (no matter what scanner you use). The zip itself is not infected, you need to unzip the file and extract the signature from the infected file within. I assume the original poster suspected it was a virus which just happened to have a .zip extension - not realising that it really is a genuine zip file, with an infected .html inside. Quite why you're trying to do this however I can't see, as you've already proven that clamscan can detect the infection. Indeed. Antony. -- I vote no to this proposal to form a committee to investigate whether we should or should not hold a ballot on whether to vote yet. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users