Re: [Clamav-users] Large number of Mytob.MM this morning?
Jay Lee said: Anyone else seeing a lot of Mytob.MM getting thru today? ClamAV doesn't seem to be blocking it on the mail server, Norton catches it if the virus defs are up to date (today's work, yesterday's don't). I've already submitted a sample to the website, any hope of getting this blocked soon? Did you submit it to the online testing web page to see if that system handles it differently from yours? dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Large number of Mytob.MM this morning?
Dennis Peterson wrote: Jay Lee said: Anyone else seeing a lot of Mytob.MM getting thru today? ClamAV doesn't seem to be blocking it on the mail server, Norton catches it if the virus defs are up to date (today's work, yesterday's don't). I've already submitted a sample to the website, any hope of getting this blocked soon? Did you submit it to the online testing web page to see if that system handles it differently from yours? I have now yes, I tried sending the raw email message, the attached .zip file and the unzipped .exe, it reported them all as clean. Jay -- Jay Lee Network / Systems Administrator Information Technology Dept. Philadelphia Biblical University -- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Large number of Mytob.MM this morning?
Jay Lee wrote: I've already submitted a sample to the website, any hope of getting this blocked soon? Did you submit it to the online testing web page to see if that system handles it differently from yours? I have now yes, I tried sending the raw email message, the attached .zip file and the unzipped .exe, it reported them all as clean. Jay It's worth submitting the raw message file to http://virusscan.jotti.org and http://www.virustotal.com as well. Phil Phil Randal Network Engineer Herefordshire Council Hereford, UK ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Large number of Mytob.MM this morning?
Randal, Phil wrote: Jay Lee wrote: I've already submitted a sample to the website, any hope of getting this blocked soon? Did you submit it to the online testing web page to see if that system handles it differently from yours? I have now yes, I tried sending the raw email message, the attached .zip file and the unzipped .exe, it reported them all as clean. Jay It's worth submitting the raw message file to http://virusscan.jotti.org and http://www.virustotal.com as well. Here is virustotal's result: Virus Total ___ Scan results File: qvyexy.zip Date: 01/12/2006 18:03:37 (CET) AntiVir 6.33.0.77/20060112 found [HEUR-DBLEXT/Worm.Gen] Avast 4.6.695.0/20060111 found nothing AVG 718/20060111found [BackDoor.Wootbot.LD] Avira 6.33.0.77/20060112 found [HEUR-DBLEXT/Worm.Gen] BitDefender 7.2/20060112found [Win32.Worm.Mytob.X.Gen] CAT-QuickHeal 8.00/20060111 found [Backdoor.Wootbot.gen] ClamAV devel-20051123/20060112 found nothing DrWeb4.33/20060112 found [Win32.IRC.Bot.based] eTrust-Iris 7.1.194.0/20060112 found [Win32/RBot.Variant!Worm] eTrust-Vet 12.4.1.0/20060112 found [Win32/Mytob!ZIP!generic] Ewido 3.5/20060112found [Backdoor.Wootbot] Fortinet2.54.0.0/20060112 found [W32/ForBot!bdr] F-Prot 3.16c/20060111 found [W32/[EMAIL PROTECTED] Ikarus 0.2.59.0/20060112 found [Backdoor.Win32.Wootbot.GEN] Kaspersky 4.0.2.24/20060112 found [Backdoor.Win32.Wootbot.gen] McAfee 4672/20060111 found [Generic Malware.a!zip] NOD32v2 1.1363/20060112 found [Win32/Mytob.OF] Norman 5.70.10/20060112found [W32/SDBot.gen1] Panda 9.0.0.4/20060112found [Bck/Vidaloka.R] Sophos 4.01.0/20060112 found [W32/Forbot-Fam] Symantec8.0/20060112found [EMAIL PROTECTED] TheHacker 5.9.2.072/20060112 found [W32/Generic!zip-dobleextension] UNA 1.83/20060112 found nothing VBA32 3.10.5/20060112 found [Backdoor.Win32.Wootbot.gen] -- Jay Lee Network / Systems Administrator Information Technology Dept. Philadelphia Biblical University -- ___ http://lurker.clamav.net/list/clamav-users.html