If I remember correctly, it is not the ZEROHOUR spam test catching a virus. It is the internal AVG virus scanner saying it has caught an unknown virus, or what it thinks is a virus.
Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Sunday, May 04, 2008 11:27 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] ZEROHOUR caught a virus Hi, Suddenly ZEROHOUR starts catching virusses but it does not know WHAT it caught. ----------<quote>------------------------------- Declude Virus v4.3.64 caught the ZEROHOUR Unknown virus in readme.zip from [Forged] to: [EMAIL PROTECTED] Date: 04 May 2008 12:36:21 Subject: Returned mail: see transcript for details Spool File: D7b90047b0000bde0.smd Remote IP: 77.42.92.137 ----------<quote>------------------------------- >From the virlog: ----------<quote>------------------------------- C:\Temp>GREP -i 0000BDE0 vir0504.log 05/04/2008 12:36:21.061 q7b90047b0000bde0.smd Vulnerability flags = 0 05/04/2008 12:36:21.076 q7b90047b0000bde0.smd MIME file: readme.zip [base64; Length=29054 Checksum=3149200] 05/04/2008 12:36:21.139 q7b90047b0000bde0.smd ZEROHOUR Reports VIRUS: Unknown 05/04/2008 12:36:21.139 q7b90047b0000bde0.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Virus scanner 1 reports exit code of 3 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Forging virus found: Likely forged sender was [EMAIL PROTECTED] 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED] Attachment=readme.zip [50] I 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Scanned: CONTAINS A VIRUS [MIME: 2 29533] 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd From: [Forged] To: [EMAIL PROTECTED] [incoming from 77.42.92.137] 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Subject: Returned mail: see transcript for details ----------<quote>------------------------------- I seems one of my other scanners thinks it's a virus as well, and... it reports a name. 1) I've seen a ZEROHOUR virus just once before, is this a new feature? 2) Does ZEROHOUR ever know the name of the virus? 3) Could we have a new feature where Declude uses the "real" name of a virus when multiple scanners report a virus and some don't know the name? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] / <http://www.tio.nl> www.tio.nl --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
