We do not have Zerohour, as we host mails for our customers :-) Alex
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von David Barker Gesendet: Montag, 5. Mai 2008 21:53 An: declude.virus@declude.com Betreff: RE: [Declude.Virus] ZEROHOUR caught a virus It could be ZEROHOUR as it identifies viruses based on attributes other than virus signatures thereby providing zerohour protection, in many cases the virus has no name as it has not been identified yet. David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, May 05, 2008 2:52 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ZEROHOUR caught a virus If I remember correctly, it is not the ZEROHOUR spam test catching a virus. It is the internal AVG virus scanner saying it has caught an unknown virus, or what it thinks is a virus. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Sunday, May 04, 2008 11:27 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] ZEROHOUR caught a virus Hi, Suddenly ZEROHOUR starts catching virusses but it does not know WHAT it caught. ----------<quote>------------------------------- Declude Virus v4.3.64 caught the ZEROHOUR Unknown virus in readme.zip from [Forged] to: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>. Date: 04 May 2008 12:36:21 Subject: Returned mail: see transcript for details Spool File: D7b90047b0000bde0.smd Remote IP: 77.42.92.137 ----------<quote>------------------------------- >From the virlog: ----------<quote>------------------------------- C:\Temp>GREP -i 0000BDE0 vir0504.log 05/04/2008 12:36:21.061 q7b90047b0000bde0.smd Vulnerability flags = 0 05/04/2008 12:36:21.076 q7b90047b0000bde0.smd MIME file: readme.zip [base64; Length=29054 Checksum=3149200] 05/04/2008 12:36:21.139 q7b90047b0000bde0.smd ZEROHOUR Reports VIRUS: Unknown 05/04/2008 12:36:21.139 q7b90047b0000bde0.smd File(s) are INFECTED [ZEROHOUR Unknown] 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Virus scanner 1 reports exit code of 3 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Forging virus found: Likely forged sender was [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Scanner 1: Virus=: W32/[EMAIL PROTECTED]<mailto:W32/[EMAIL PROTECTED]> Attachment=readme.zip [50] I 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Scanned: CONTAINS A VIRUS [MIME: 2 29533] 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd From: [Forged] To: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> [incoming from 77.42.92.137] 05/04/2008 12:36:21.342 q7b90047b0000bde0.smd Subject: Returned mail: see transcript for details ----------<quote>------------------------------- I seems one of my other scanners thinks it's a virus as well, and... it reports a name. 1) I've seen a ZEROHOUR virus just once before, is this a new feature? 2) Does ZEROHOUR ever know the name of the virus? 3) Could we have a new feature where Declude uses the "real" name of a virus when multiple scanners report a virus and some don't know the name? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> / www.tio.nl<http://www.tio.nl> --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. ________________________________ Siller AG, Wannenaeckerstrasse 43, 74078 Heilbronn Vorstand: Prof. H.-F. Siller (Vorsitzender), Joern Buelow, Ralf Michi Aufsichtsratsvorsitzender: Armin Sohler Reg. Gericht Stuttgart, HRB 107707, Ust-Id Nr. DE145782955 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.