Re: [Clamav-users] 9.scr
Maurizio Marini wrote: Hi there i have received a mail with an attachment: Secret.zip inside it there is a file Filename 9.src Size 75,776 Size now 43721 is this a virus/worm/malware? the mail server report this freshclam output: mailgw1:/etc/postfix# freshclam ClamAV update process started at Mon Oct 10 14:56:11 2005 main.cvd is up to date (version: 34, sigs: 39625, f-level: 5, builder: tkojm) daily.cvd is up to date (version: 1125, sigs: 886, f-level: 6, builder: tomek) there is something wrong in my confs or should i submit it to clamav.net site? Did you scan it with clamscan or clamscand ? Before submitting, you should be sure that it isn't already in virus db ... -- Cevher Cemal Bozkur +-+-+-+-+-+-+-+-+-+ YÖRE NET Teknoloji Tel:+90 212 234 00 90 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 9.scr
Cevher wrote: Did you scan it with clamscan or clamscand ? Before submitting, you should be sure that it isn't already in virus db ... I'm very sorry it should be clamdscan not clamscand... -- Cevher Cemal Bozkur +-+-+-+-+-+-+-+-+-+ YÖRE NET Teknoloji Tel:+90 212 234 00 90 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 9.scr
On Monday 10 October 2005 03:03 pm, Cevher wrote: Did you scan it with clamscan or clamscand ? Before submitting, you should be sure that it isn't already in virus db ... amavis is running clamav ['Clam Antivirus-clamd', \ask_daemon, [CONTSCAN {}\n, /var/run/clamav/clamd.ctl], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], I find this (googling) on NAV site: http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] -- Maurizio Marini GSM +39-335-8259739 Fano: +39-0721-855285 Milano +39-02303123406 S. Costanzo: +39-0721950396 IAXTel: (700) 350-1234 Crashing is the only thing windows does quickly. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 9.scr
Maurizio Marini wrote: On Monday 10 October 2005 03:03 pm, Cevher wrote: Did you scan it with clamscan or clamscand ? Before submitting, you should be sure that it isn't already in virus db ... amavis is running clamav ['Clam Antivirus-clamd', \ask_daemon, [CONTSCAN {}\n, /var/run/clamav/clamd.ctl], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], I find this (googling) on NAV site: http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] Could you check the file with clamav's online scanner from the address below? http://test-clamav.power-netz.de/ -- Cevher Cemal Bozkur +-+-+-+-+-+-+-+-+-+ YÖRE NET Teknoloji Tel:+90 212 234 00 90 ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] 9.scr
Maurizio Marini said: Hi there i have received a mail with an attachment: Secret.zip inside it there is a file Filename 9.src Size 75,776 Size now 43721 is this a virus/worm/malware? the mail server report this freshclam output: mailgw1:/etc/postfix# freshclam ClamAV update process started at Mon Oct 10 14:56:11 2005 main.cvd is up to date (version: 34, sigs: 39625, f-level: 5, builder: tkojm) daily.cvd is up to date (version: 1125, sigs: 886, f-level: 6, builder: tomek) there is something wrong in my confs or should i submit it to clamav.net site? -- Maurizio Marini GSM +39-335-8259739 Fano: +39-0721-855285 Milano +39-02303123406 S. Costanzo: +39-0721950396 IAXTel: (700) 350-1234 Crashing is the only thing windows does quickly. It's always worth submitting suspect emails (the whole raw message) to online scanners such as http://virusscan.jotti.org/ and http://www.virustotal.com/. Cheers, Phil Phil Randal Network Engineer Herefordshire Council Hereford, UK ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 9.scr
On Monday 10 October 2005 03:31 pm, Cevher wrote: Could you check the file with clamav's online scanner from the address below? http://test-clamav.power-netz.de/ already done, there no virus in uploaded file :( -- Maurizio Marini GSM +39-335-8259739 Fano: +39-0721-855285 Milano +39-02303123406 S. Costanzo: +39-0721950396 IAXTel: (700) 350-1234 Crashing is the only thing windows does quickly. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 9.scr
On Mon, 2005-10-10 at 16:08 +0200, Maurizio Marini wrote: On Monday 10 October 2005 03:31 pm, Cevher wrote: Could you check the file with clamav's online scanner from the address below? http://test-clamav.power-netz.de/ already done, there no virus in uploaded file :( Did you try: clamscan --detect-broken 9.scr Most likely it is a broken executable. -- Daniel J McDonald, CCIE # 2495, CNX, CISSP # 78281 Austin Energy [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 9.scr
On Monday 10 October 2005 03:42 pm, Randal, Phil wrote: FYI: hitting retrn at password request: [EMAIL PROTECTED] /home/maumar]# unzip Secret.zip Archive: Secret.zip [Secret.zip] 9.scr password: skipping: 9.scr incorrect password [EMAIL PROTECTED] /home/maumar]# who sent me the, wanted to send a an empty message, only to test i was able to send; only a laware could attache secret.zip to this message -- Maurizio Marini GSM +39-335-8259739 Fano: +39-0721-855285 Milano +39-02303123406 S. Costanzo: +39-0721950396 IAXTel: (700) 350-1234 Crashing is the only thing windows does quickly. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 9.scr
Maurizio Marini wrote: On Monday 10 October 2005 03:42 pm, Randal, Phil wrote: FYI: hitting retrn at password request: [EMAIL PROTECTED] /home/maumar]# unzip Secret.zip Archive: Secret.zip [Secret.zip] 9.scr password: skipping: 9.scr incorrect password [EMAIL PROTECTED] /home/maumar]# who sent me the, wanted to send a an empty message, only to test i was able to send; only a laware could attache secret.zip to this message Have a look at this thread... http://lurker.clamav.net/message/20050621.021616.10c08ec8.en.html -- Cevher Cemal Bozkur +-+-+-+-+-+-+-+-+-+ YÖRE NET Teknoloji Tel:+90 212 234 00 90 ___ http://lurker.clamav.net/list/clamav-users.html