Scott Ryan wrote:
I have not submitted any virii (correct word?) before, so please bear with me.
I always run latest stable, currently 0.75 and have not had any virus issues
up until now. I am seeing a high number of mails in the below format hitting
our mail servers.
Dear user <[EMAIL PROTECTED]>,
Your e-mail account has been used to send a large amount of spam messages
during this week.
Obviously, your computer had been infected by a recent virus and now runs a
hidden proxy server.
Please follow our instruction in order to keep your computer safe.
Best wishes,
The <domain> team.
with a zip file attached containing a pif file.
I submitted the zip file only to have the message returned to me advising that
it is not a virus, but "Binary fragment. Harmless."
Yes, it is a fragment of a virus.
It is a dead virus :-)
Symantec identify these mails as My.Doom.o and i have checked sigtool which
identifies My.Doom.m, but not My.Doom.o -
You could identify it, but it cannot do any harm anymore.
My question is, how do i get clamav to identify these files as a virus?
--
Paul Bijnens, Xplanation Tel +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM Fax +32 16 397.512
http://www.xplanation.com/ email: [EMAIL PROTECTED]
***********************************************************************
* I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, F6, *
* quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, *
* kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ... "Are you sure?" ... YES ... Phew ... I'm out *
***********************************************************************
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users