Re: [Clamav-users] My.Doom.o

Tue, 27 Jul 2004 10:38:35 -0700 

Scott Ryan wrote:

I have not submitted any virii (correct word?) before, so please bear with me.
I always run latest stable, currently 0.75 and have not had any virus issues up until now. I am seeing a high number of mails in the below format hitting our mail servers.


Dear user <[EMAIL PROTECTED]>,
Your e-mail account has been used to send a large amount of spam messages during this week.
Obviously, your computer had been infected by a recent virus and now runs a 

hidden proxy server.

Please follow our instruction in order to keep your computer safe.
Best wishes,
The <domain> team.



with a zip file attached containing a pif file.

I submitted the zip file only to have the message returned to me advising that it is not a virus, but "Binary fragment. Harmless." 

Yes, it is a fragment of a virus.
It is a dead virus :-)



Symantec identify these mails as My.Doom.o and i have checked sigtool which identifies My.Doom.m, but not My.Doom.o - 

You could identify it, but it cannot do any harm anymore.



My question is, how do i get clamav to identify these files as a virus? 



--
Paul Bijnens, Xplanation                            Tel  +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM    Fax  +32 16 397.512
http://www.xplanation.com/          email:  [EMAIL PROTECTED]
***********************************************************************
* I think I've got the hang of it now:  exit, ^D, ^C, ^\, ^Z, ^Q, F6, *
* quit,  ZZ, :q, :q!,  M-Z, ^X^C,  logoff, logout, close, bye,  /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt,  abort,  hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e,  kill -1 $$,  shutdown, *
* kill -9 1,  Alt-F4,  Ctrl-Alt-Del,  AltGr-NumLock,  Stop-A,  ...    *
* ...  "Are you sure?"  ...   YES   ...   Phew ...   I'm out          *
***********************************************************************




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to