Here too. in message.scr Unknown File [.SCR file] ...
Alex ________________________________ Von: [EMAIL PROTECTED] [EMAIL PROTECTED] im Auftrag von Bonno Bloksma [EMAIL PROTECTED] Gesendet: Montag, 5. Mai 2008 08:27 An: Declude.Virus@declude.com Betreff: [Declude.Virus] ZEROHOUR caught a virus Hi, Suddenly ZEROHOUR starts catching virusses but it does not know WHAT it caught. ----------<quote>------------------------------- Declude Virus v4.3.64 caught the ZEROHOUR Unknown virus in readme.zip from [Forged] to: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>. Date: 04 May 2008 12:36:21 Subject: Returned mail: see transcript for details Spool File: D7b90047b0000bde0.smd Remote IP: 77.42.92.137 ----------<quote>------------------------------- >From the virlog: ----------<quote>------------------------------- C:\Temp>GREP -i 0000BDE0 vir0504.log 05/04/2008 12:36:21.061 q7b90047b0000bde0.smd Vulnerability flags = 0 05/04/2008 12:36:21.076 q7b90047b0000bde0.smd MIME file: readme.zip [base64; Length=29054 Checksum=3149200] 05/04/2008 12:36:21.139 q7b90047b0000bde0.smd ZEROHOUR Reports VIRUS: Unknown 05/04/2008 12:36:21.139 q7b90047b0000bde0.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Virus scanner 1 reports exit code of 3 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Forging virus found: Likely forged sender was [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED]<mailto:W32/[EMAIL PROTECTED]> Attachment=readme.zip [50] I 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Scanned: CONTAINS A VIRUS [MIME: 2 29533] 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd From: [Forged] To: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> [incoming from 77.42.92.137] 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Subject: Returned mail: see transcript for details ----------<quote>------------------------------- I seems one of my other scanners thinks it's a virus as well, and... it reports a name. 1) I've seen a ZEROHOUR virus just once before, is this a new feature? 2) Does ZEROHOUR ever know the name of the virus? 3) Could we have a new feature where Declude uses the "real" name of a virus when multiple scanners report a virus and some don't know the name? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> / www.tio.nl<http://www.tio.nl> --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. ________________________________ Siller AG, Wannenaeckerstrasse 43, 74078 Heilbronn Vorstand: Prof. H.-F. Siller (Vorsitzender), Joern Buelow, Ralf Michi Aufsichtsratsvorsitzender: Armin Sohler Reg. Gericht Stuttgart, HRB 107707, Ust-Id Nr. DE145782955 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.