AW: [Declude.Virus] ZEROHOUR caught a virus
This is really a great feature to know what will happen. We do *NOT* have Commtouch licensed, because we host mailservers for other customers But we are getting unknown virus "zerohour". ??? Alex Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von David Barker Gesendet: Mittwoch, 7. Mai 2008 16:20 An: declude.virus@declude.com Betreff: RE: [Declude.Virus] ZEROHOUR caught a virus Zerohour does not catch viruses based on signatures. It is a virus signature that defines it's name. Signature-less protection is an essential complement to traditional AV technologies. By proactively scanning the Internet and identifying massive virus outbreaks as soon as they emerge, Commtouch's Zero-Hour provides proactive virus blocking that is effective and signature-independent. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Wednesday, May 07, 2008 2:42 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] ZEROHOUR caught a virus Hi, Wel it is happening al lot more now and C:\Temp>grep -i zerohour vir0506.log 05/06/2008 00:57:58.462 q90f204c285d1.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 00:57:58.462 q90f204c285d1.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 00:58:23.994 q910c05dc85ee.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 00:58:23.994 q910c05dc85ee.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 11:20:00.552 q22b604dcdf98.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 11:20:00.552 q22b604dcdf98.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 11:40:16.701 q27610537e398.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 11:40:16.701 q27610537e398.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 19:52:39.166 q9ad505b654de.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 19:52:39.166 q9ad505b654de.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 20:06:40.255 q9e0c04c25a91.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 20:06:40.255 q9e0c04c25a91.smd File(s) are INFECTED [ZEROHOUR Unknown] But: 05/06/2008 00:57:58.744 q90f204c285d1.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED]<mailto:W32/[EMAIL PROTECTED]> Attachment=document.zip [50] I 05/06/2008 00:58:24.213 q910c05dc85ee.smd Scanner 1: Virus=: HTML/IFrame Attachment=[HTML segment] [50] I 05/06/2008 11:20:00.755 q22b604dcdf98.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED]<mailto:W32/[EMAIL PROTECTED]> Attachment=data.zip [50] I 05/06/2008 11:40:16.904 q27610537e398.smd Scanner 1: Virus=: HTML/IFrame Attachment=[HTML segment] [50] I 05/06/2008 19:52:39.416 q9ad505b654de.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED]<mailto:W32/[EMAIL PROTECTED]> Attachment=message.zip [50] I 05/06/2008 20:06:40.474 q9e0c04c25a91.smd Scanner 1: Virus=: HTML/IFrame Attachment=[HTML segment] [50] I In each instance ZEROHOUR reported a virus but did not know what it was, one of my other scanners DID know what it was and reported it so. I sure hope Declude will change this behaviour and report the known virus name when one of the scanners DOES report a name. I'm right now using Declude 4.3.64, I'll start using 4.4.0 later this week. Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> / www.tio.nl<http://www.tio.nl/> - Original Message - From: David Barker<mailto:[EMAIL PROTECTED]> To: declude.virus@declude.com<mailto:declude.virus@declude.com> Sent: Monday, May 05, 2008 9:53 PM Subject: RE: [Declude.Virus] ZEROHOUR caught a virus It could be ZEROHOUR as it identifies viruses based on attributes other than virus signatures thereby providing zerohour protection, in many cases the virus has no name as it has not been identified yet. David B From: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, May 05, 2008 2:52 PM To: declude.virus@declude.com<mailto:declude.virus@declude.com> Subject: RE: [Declude.Virus] ZEROHOUR caught a virus If I remember correctly, it is not the ZEROHOUR spam test catching a virus. It is the internal AVG virus scanner saying it has caught an unknown virus, or what it thinks is a virus. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Sunday, May 04, 2008 11:27 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] ZEROHOUR caught a virus Hi, Suddenly ZEROHOUR starts catching virusses but it does not know WHAT it caught. - Declude Virus v4.3.64 caught the ZEROHOUR Unknown virus in readme.zip from [Forged] to: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>. Date: 04 May 2008 12:36:21 Subject:Returned mail: see transcript for details Spool File: D7b90047b
RE: [Declude.Virus] ZEROHOUR caught a virus
Zerohour does not catch viruses based on signatures. It is a virus signature that defines it’s name. Signature-less protection is an essential complement to traditional AV technologies. By proactively scanning the Internet and identifying massive virus outbreaks as soon as they emerge, Commtouch's Zero-Hour provides proactive virus blocking that is effective and signature-independent. http://www.commtouch.com/GUI/images/general/blank.gif From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Wednesday, May 07, 2008 2:42 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] ZEROHOUR caught a virus Hi, Wel it is happening al lot more now and C:\Temp>grep -i zerohour vir0506.log 05/06/2008 00:57:58.462 q90f204c285d1.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 00:57:58.462 q90f204c285d1.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 00:58:23.994 q910c05dc85ee.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 00:58:23.994 q910c05dc85ee.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 11:20:00.552 q22b604dcdf98.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 11:20:00.552 q22b604dcdf98.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 11:40:16.701 q27610537e398.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 11:40:16.701 q27610537e398.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 19:52:39.166 q9ad505b654de.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 19:52:39.166 q9ad505b654de.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 20:06:40.255 q9e0c04c25a91.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 20:06:40.255 q9e0c04c25a91.smd File(s) are INFECTED [ZEROHOUR Unknown] But: 05/06/2008 00:57:58.744 q90f204c285d1.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED] Attachment=document.zip [50] I 05/06/2008 00:58:24.213 q910c05dc85ee.smd Scanner 1: Virus=: HTML/IFrame Attachment=[HTML segment] [50] I 05/06/2008 11:20:00.755 q22b604dcdf98.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED] Attachment=data.zip [50] I 05/06/2008 11:40:16.904 q27610537e398.smd Scanner 1: Virus=: HTML/IFrame Attachment=[HTML segment] [50] I 05/06/2008 19:52:39.416 q9ad505b654de.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED] Attachment=message.zip [50] I 05/06/2008 20:06:40.474 q9e0c04c25a91.smd Scanner 1: Virus=: HTML/IFrame Attachment=[HTML segment] [50] I In each instance ZEROHOUR reported a virus but did not know what it was, one of my other scanners DID know what it was and reported it so. I sure hope Declude will change this behaviour and report the known virus name when one of the scanners DOES report a name. I'm right now using Declude 4.3.64, I'll start using 4.4.0 later this week. Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] / <http://www.tio.nl/> www.tio.nl - Original Message - From: David Barker <mailto:[EMAIL PROTECTED]> To: declude.virus@declude.com Sent: Monday, May 05, 2008 9:53 PM Subject: RE: [Declude.Virus] ZEROHOUR caught a virus It could be ZEROHOUR as it identifies viruses based on attributes other than virus signatures thereby providing zerohour protection, in many cases the virus has no name as it has not been identified yet. David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, May 05, 2008 2:52 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ZEROHOUR caught a virus If I remember correctly, it is not the ZEROHOUR spam test catching a virus. It is the internal AVG virus scanner saying it has caught an unknown virus, or what it thinks is a virus. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Sunday, May 04, 2008 11:27 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] ZEROHOUR caught a virus Hi, Suddenly ZEROHOUR starts catching virusses but it does not know WHAT it caught. - Declude Virus v4.3.64 caught the ZEROHOUR Unknown virus in readme.zip from [Forged] to: [EMAIL PROTECTED] Date: 04 May 2008 12:36:21 Subject:Returned mail: see transcript for details Spool File: D7b90047bbde0.smd Remote IP: 77.42.92.137 - >From the virlog: - C:\Temp>GREP -i BDE0 vir0504.log 05/04/2008 12:36:21.061 q7b90047bbde0.smd Vulnerability flags = 0 05/04/2008 12:36:21.076 q7b90047bbde0.smd MIME file: readme.zip [base64; Length=29054 Checksum=3149200] 05/04/2008 12:36:21.139 q7b90047bbde0.smd ZEROHOUR Reports VIRUS: Unknown 05/04/2008 12:36:21.139 q7b90047bbde0.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/04/200
Re: [Declude.Virus] ZEROHOUR caught a virus
Hi, Wel it is happening al lot more now and C:\Temp>grep -i zerohour vir0506.log 05/06/2008 00:57:58.462 q90f204c285d1.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 00:57:58.462 q90f204c285d1.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 00:58:23.994 q910c05dc85ee.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 00:58:23.994 q910c05dc85ee.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 11:20:00.552 q22b604dcdf98.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 11:20:00.552 q22b604dcdf98.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 11:40:16.701 q27610537e398.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 11:40:16.701 q27610537e398.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 19:52:39.166 q9ad505b654de.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 19:52:39.166 q9ad505b654de.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/06/2008 20:06:40.255 q9e0c04c25a91.smd ZEROHOUR Reports VIRUS: Unknown 05/06/2008 20:06:40.255 q9e0c04c25a91.smd File(s) are INFECTED [ZEROHOUR Unknown] But: 05/06/2008 00:57:58.744 q90f204c285d1.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED] Attachment=document.zip [50] I 05/06/2008 00:58:24.213 q910c05dc85ee.smd Scanner 1: Virus=: HTML/IFrame Attachment=[HTML segment] [50] I 05/06/2008 11:20:00.755 q22b604dcdf98.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED] Attachment=data.zip [50] I 05/06/2008 11:40:16.904 q27610537e398.smd Scanner 1: Virus=: HTML/IFrame Attachment=[HTML segment] [50] I 05/06/2008 19:52:39.416 q9ad505b654de.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED] Attachment=message.zip [50] I 05/06/2008 20:06:40.474 q9e0c04c25a91.smd Scanner 1: Virus=: HTML/IFrame Attachment=[HTML segment] [50] I In each instance ZEROHOUR reported a virus but did not know what it was, one of my other scanners DID know what it was and reported it so. I sure hope Declude will change this behaviour and report the known virus name when one of the scanners DOES report a name. I'm right now using Declude 4.3.64, I'll start using 4.4.0 later this week. Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] / www.tio.nl - Original Message - From: David Barker To: declude.virus@declude.com Sent: Monday, May 05, 2008 9:53 PM Subject: RE: [Declude.Virus] ZEROHOUR caught a virus It could be ZEROHOUR as it identifies viruses based on attributes other than virus signatures thereby providing zerohour protection, in many cases the virus has no name as it has not been identified yet. David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, May 05, 2008 2:52 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ZEROHOUR caught a virus If I remember correctly, it is not the ZEROHOUR spam test catching a virus. It is the internal AVG virus scanner saying it has caught an unknown virus, or what it thinks is a virus. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Sunday, May 04, 2008 11:27 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] ZEROHOUR caught a virus Hi, Suddenly ZEROHOUR starts catching virusses but it does not know WHAT it caught. - Declude Virus v4.3.64 caught the ZEROHOUR Unknown virus in readme.zip from [Forged] to: [EMAIL PROTECTED] Date: 04 May 2008 12:36:21 Subject:Returned mail: see transcript for details Spool File: D7b90047bbde0.smd Remote IP: 77.42.92.137 - From the virlog: - C:\Temp>GREP -i BDE0 vir0504.log 05/04/2008 12:36:21.061 q7b90047bbde0.smd Vulnerability flags = 0 05/04/2008 12:36:21.076 q7b90047bbde0.smd MIME file: readme.zip [base64; Length=29054 Checksum=3149200] 05/04/2008 12:36:21.139 q7b90047bbde0.smd ZEROHOUR Reports VIRUS: Unknown 05/04/2008 12:36:21.139 q7b90047bbde0.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Virus scanner 1 reports exit code of 3 05/04/2008 12:36:21.342 q7b90047bbde0.smd Forging virus found: Likely forged sender was [EMAIL PROTECTED] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED] Attachment=readme.zip [50] I 05/04/2008 12:36:21.342 q7b90047bbde0.smd Scanned: CONTAINS A VIRUS [MIME: 2 29533] 05/04/2008 12:36:21.342 q7b90047bbde0.smd From: [Forged] To: [EMAIL PROTECTED] [incoming from 77.42.92.137] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Subject: Returned mail: see transcript for details - I seems one of my other scanners thi
AW: [Declude.Virus] ZEROHOUR caught a virus
We do not have Zerohour, as we host mails for our customers :-) Alex Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von David Barker Gesendet: Montag, 5. Mai 2008 21:53 An: declude.virus@declude.com Betreff: RE: [Declude.Virus] ZEROHOUR caught a virus It could be ZEROHOUR as it identifies viruses based on attributes other than virus signatures thereby providing zerohour protection, in many cases the virus has no name as it has not been identified yet. David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, May 05, 2008 2:52 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ZEROHOUR caught a virus If I remember correctly, it is not the ZEROHOUR spam test catching a virus. It is the internal AVG virus scanner saying it has caught an unknown virus, or what it thinks is a virus. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Sunday, May 04, 2008 11:27 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] ZEROHOUR caught a virus Hi, Suddenly ZEROHOUR starts catching virusses but it does not know WHAT it caught. - Declude Virus v4.3.64 caught the ZEROHOUR Unknown virus in readme.zip from [Forged] to: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>. Date: 04 May 2008 12:36:21 Subject:Returned mail: see transcript for details Spool File: D7b90047bbde0.smd Remote IP: 77.42.92.137 - >From the virlog: - C:\Temp>GREP -i BDE0 vir0504.log 05/04/2008 12:36:21.061 q7b90047bbde0.smd Vulnerability flags = 0 05/04/2008 12:36:21.076 q7b90047bbde0.smd MIME file: readme.zip [base64; Length=29054 Checksum=3149200] 05/04/2008 12:36:21.139 q7b90047bbde0.smd ZEROHOUR Reports VIRUS: Unknown 05/04/2008 12:36:21.139 q7b90047bbde0.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Virus scanner 1 reports exit code of 3 05/04/2008 12:36:21.342 q7b90047bbde0.smd Forging virus found: Likely forged sender was [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> 05/04/2008 12:36:21.342 q7b90047bbde0.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED]<mailto:W32/[EMAIL PROTECTED]> Attachment=readme.zip [50] I 05/04/2008 12:36:21.342 q7b90047bbde0.smd Scanned: CONTAINS A VIRUS [MIME: 2 29533] 05/04/2008 12:36:21.342 q7b90047bbde0.smd From: [Forged] To: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> [incoming from 77.42.92.137] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Subject: Returned mail: see transcript for details - I seems one of my other scanners thinks it's a virus as well, and... it reports a name. 1) I've seen a ZEROHOUR virus just once before, is this a new feature? 2) Does ZEROHOUR ever know the name of the virus? 3) Could we have a new feature where Declude uses the "real" name of a virus when multiple scanners report a virus and some don't know the name? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> / www.tio.nl<http://www.tio.nl> --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. Siller AG, Wannenaeckerstrasse 43, 74078 Heilbronn Vorstand: Prof. H.-F. Siller (Vorsitzender), Joern Buelow, Ralf Michi Aufsichtsratsvorsitzender: Armin Sohler Reg. Gericht Stuttgart, HRB 107707, Ust-Id Nr. DE145782955 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ZEROHOUR caught a virus
It could be ZEROHOUR as it identifies viruses based on attributes other than virus signatures thereby providing zerohour protection, in many cases the virus has no name as it has not been identified yet. David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, May 05, 2008 2:52 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ZEROHOUR caught a virus If I remember correctly, it is not the ZEROHOUR spam test catching a virus. It is the internal AVG virus scanner saying it has caught an unknown virus, or what it thinks is a virus. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Sunday, May 04, 2008 11:27 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] ZEROHOUR caught a virus Hi, Suddenly ZEROHOUR starts catching virusses but it does not know WHAT it caught. - Declude Virus v4.3.64 caught the ZEROHOUR Unknown virus in readme.zip from [Forged] to: [EMAIL PROTECTED] Date: 04 May 2008 12:36:21 Subject:Returned mail: see transcript for details Spool File: D7b90047bbde0.smd Remote IP: 77.42.92.137 - >From the virlog: - C:\Temp>GREP -i BDE0 vir0504.log 05/04/2008 12:36:21.061 q7b90047bbde0.smd Vulnerability flags = 0 05/04/2008 12:36:21.076 q7b90047bbde0.smd MIME file: readme.zip [base64; Length=29054 Checksum=3149200] 05/04/2008 12:36:21.139 q7b90047bbde0.smd ZEROHOUR Reports VIRUS: Unknown 05/04/2008 12:36:21.139 q7b90047bbde0.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Virus scanner 1 reports exit code of 3 05/04/2008 12:36:21.342 q7b90047bbde0.smd Forging virus found: Likely forged sender was [EMAIL PROTECTED] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED] Attachment=readme.zip [50] I 05/04/2008 12:36:21.342 q7b90047bbde0.smd Scanned: CONTAINS A VIRUS [MIME: 2 29533] 05/04/2008 12:36:21.342 q7b90047bbde0.smd From: [Forged] To: [EMAIL PROTECTED] [incoming from 77.42.92.137] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Subject: Returned mail: see transcript for details - I seems one of my other scanners thinks it's a virus as well, and... it reports a name. 1) I've seen a ZEROHOUR virus just once before, is this a new feature? 2) Does ZEROHOUR ever know the name of the virus? 3) Could we have a new feature where Declude uses the "real" name of a virus when multiple scanners report a virus and some don't know the name? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] / <http://www.tio.nl> www.tio.nl --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ZEROHOUR caught a virus
If I remember correctly, it is not the ZEROHOUR spam test catching a virus. It is the internal AVG virus scanner saying it has caught an unknown virus, or what it thinks is a virus. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Sunday, May 04, 2008 11:27 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] ZEROHOUR caught a virus Hi, Suddenly ZEROHOUR starts catching virusses but it does not know WHAT it caught. - Declude Virus v4.3.64 caught the ZEROHOUR Unknown virus in readme.zip from [Forged] to: [EMAIL PROTECTED] Date: 04 May 2008 12:36:21 Subject:Returned mail: see transcript for details Spool File: D7b90047bbde0.smd Remote IP: 77.42.92.137 - >From the virlog: - C:\Temp>GREP -i BDE0 vir0504.log 05/04/2008 12:36:21.061 q7b90047bbde0.smd Vulnerability flags = 0 05/04/2008 12:36:21.076 q7b90047bbde0.smd MIME file: readme.zip [base64; Length=29054 Checksum=3149200] 05/04/2008 12:36:21.139 q7b90047bbde0.smd ZEROHOUR Reports VIRUS: Unknown 05/04/2008 12:36:21.139 q7b90047bbde0.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Virus scanner 1 reports exit code of 3 05/04/2008 12:36:21.342 q7b90047bbde0.smd Forging virus found: Likely forged sender was [EMAIL PROTECTED] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED] Attachment=readme.zip [50] I 05/04/2008 12:36:21.342 q7b90047bbde0.smd Scanned: CONTAINS A VIRUS [MIME: 2 29533] 05/04/2008 12:36:21.342 q7b90047bbde0.smd From: [Forged] To: [EMAIL PROTECTED] [incoming from 77.42.92.137] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Subject: Returned mail: see transcript for details - I seems one of my other scanners thinks it's a virus as well, and... it reports a name. 1) I've seen a ZEROHOUR virus just once before, is this a new feature? 2) Does ZEROHOUR ever know the name of the virus? 3) Could we have a new feature where Declude uses the "real" name of a virus when multiple scanners report a virus and some don't know the name? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] / <http://www.tio.nl> www.tio.nl --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
AW: [Declude.Virus] ZEROHOUR caught a virus
Here too. in message.scr Unknown File [.SCR file] ... Alex Von: [EMAIL PROTECTED] [EMAIL PROTECTED] im Auftrag von Bonno Bloksma [EMAIL PROTECTED] Gesendet: Montag, 5. Mai 2008 08:27 An: Declude.Virus@declude.com Betreff: [Declude.Virus] ZEROHOUR caught a virus Hi, Suddenly ZEROHOUR starts catching virusses but it does not know WHAT it caught. - Declude Virus v4.3.64 caught the ZEROHOUR Unknown virus in readme.zip from [Forged] to: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>. Date: 04 May 2008 12:36:21 Subject:Returned mail: see transcript for details Spool File: D7b90047bbde0.smd Remote IP: 77.42.92.137 - >From the virlog: - C:\Temp>GREP -i BDE0 vir0504.log 05/04/2008 12:36:21.061 q7b90047bbde0.smd Vulnerability flags = 0 05/04/2008 12:36:21.076 q7b90047bbde0.smd MIME file: readme.zip [base64; Length=29054 Checksum=3149200] 05/04/2008 12:36:21.139 q7b90047bbde0.smd ZEROHOUR Reports VIRUS: Unknown 05/04/2008 12:36:21.139 q7b90047bbde0.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Virus scanner 1 reports exit code of 3 05/04/2008 12:36:21.342 q7b90047bbde0.smd Forging virus found: Likely forged sender was [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> 05/04/2008 12:36:21.342 q7b90047bbde0.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED]<mailto:W32/[EMAIL PROTECTED]> Attachment=readme.zip [50] I 05/04/2008 12:36:21.342 q7b90047bbde0.smd Scanned: CONTAINS A VIRUS [MIME: 2 29533] 05/04/2008 12:36:21.342 q7b90047bbde0.smd From: [Forged] To: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> [incoming from 77.42.92.137] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Subject: Returned mail: see transcript for details - I seems one of my other scanners thinks it's a virus as well, and... it reports a name. 1) I've seen a ZEROHOUR virus just once before, is this a new feature? 2) Does ZEROHOUR ever know the name of the virus? 3) Could we have a new feature where Declude uses the "real" name of a virus when multiple scanners report a virus and some don't know the name? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> / www.tio.nl<http://www.tio.nl> --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. Siller AG, Wannenaeckerstrasse 43, 74078 Heilbronn Vorstand: Prof. H.-F. Siller (Vorsitzender), Joern Buelow, Ralf Michi Aufsichtsratsvorsitzender: Armin Sohler Reg. Gericht Stuttgart, HRB 107707, Ust-Id Nr. DE145782955 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] ZEROHOUR caught a virus
Hi, Suddenly ZEROHOUR starts catching virusses but it does not know WHAT it caught. - Declude Virus v4.3.64 caught the ZEROHOUR Unknown virus in readme.zip from [Forged] to: [EMAIL PROTECTED] Date: 04 May 2008 12:36:21 Subject:Returned mail: see transcript for details Spool File: D7b90047bbde0.smd Remote IP: 77.42.92.137 - >From the virlog: - C:\Temp>GREP -i BDE0 vir0504.log 05/04/2008 12:36:21.061 q7b90047bbde0.smd Vulnerability flags = 0 05/04/2008 12:36:21.076 q7b90047bbde0.smd MIME file: readme.zip [base64; Length=29054 Checksum=3149200] 05/04/2008 12:36:21.139 q7b90047bbde0.smd ZEROHOUR Reports VIRUS: Unknown 05/04/2008 12:36:21.139 q7b90047bbde0.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Virus scanner 1 reports exit code of 3 05/04/2008 12:36:21.342 q7b90047bbde0.smd Forging virus found: Likely forged sender was [EMAIL PROTECTED] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED] Attachment=readme.zip [50] I 05/04/2008 12:36:21.342 q7b90047bbde0.smd Scanned: CONTAINS A VIRUS [MIME: 2 29533] 05/04/2008 12:36:21.342 q7b90047bbde0.smd From: [Forged] To: [EMAIL PROTECTED] [incoming from 77.42.92.137] 05/04/2008 12:36:21.342 q7b90047bbde0.smd Subject: Returned mail: see transcript for details - I seems one of my other scanners thinks it's a virus as well, and... it reports a name. 1) I've seen a ZEROHOUR virus just once before, is this a new feature? 2) Does ZEROHOUR ever know the name of the virus? 3) Could we have a new feature where Declude uses the "real" name of a virus when multiple scanners report a virus and some don't know the name? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] / www.tio.nl --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
