>>> This came in a spam today.
>>>
>>> http download card.exe from 200.223.205.137
>>>
>>> Don't know what it is, but ClamAV latest version for Mac says it's not
>>> hostile. Funny, but I don't beleive that.
>>
>> [>] <sarcasm>Wait! It's not harmful to a "Mac", right? They're not
>> vulnerable to viruses are they?</sarcasm>
>>
>> So ClamAV must know that and therefore doesn't think it's harmful.
>
> It seems odd that it was not detected, as according to this:
The detection name might explain it easily -- "PUA.IRC-Client.mIRC-3".
Quick look at ClamAV manpage confirms that PUAs aren't reported by
default:
--detect-pua[=yes/no(*)]
Detect Possibly Unwanted Applications.
>
> http://www.virustotal.com/file-scan/report.html?id=4cc69ba312e2554f3070468398f339b44210ad4838c24ebe50debf02de3e019c-1294820720
>
> ClamAV has been detecting that file since at least 2011-01-12 08:25:20
> UTC...
Cheers,
Peter
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
