Re: [newbie] virus infected file in cooker?
On Sunday 18 January 2004 05:48, JoeHill wrote: Here's the contents of that file, if yer interested. I have it on my system. It's an example of a mail which is infected with Nimbda, IIANM, since Nimbda uses the 'iframe' exploit. So,if I understand you correctly, it is a text printout of the contents of an infected file, given as an example? And therefore a harmless one, since nothing can activate. Well, we have used similar quotes on the list before when discussing the problem. Doesn't look as though it's anything to worry about Troy, but Joe's right - it would probably look alarming to the virus scanner. Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] virus infected file in cooker?
On Saturday 17 January 2004 09:48 pm, JoeHill wrote: Message From Gorge.net Mailer: The file (msg-15574-1533.txt) was found to be infected with a virus which has been removed. Please read the VirusWarning.txt attachment(s) for more information. My ISP removed Joe's e-mail and sent me a warning that it was infected! e Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] virus infected file in cooker?
On Sun, 18 Jan 2004 10:20:20 -0800 Erylon Hines [EMAIL PROTECTED] wrote: Message From Gorge.net Mailer: The file (msg-15574-1533.txt) was found to be infected with a virus which has been removed. Please read the VirusWarning.txt attachment(s) for more information. My ISP removed Joe's e-mail and sent me a warning that it was infected! LOL! Sorry, I never thought of that... Anyway, all I said in the mail is that it's not an infected package, it's just that there's an *example* of an e-mail 'infected' with the iframe exploit. -- JoeHill ++ ICQ # 280779813 Registered Linux user #282046 Homepage: www.orderinchaos.org +++ The philosophers have only interpreted the world in various ways. The point, however, is to change it.-- Karl Marx Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] virus infected file in cooker?
On Sun, 18 Jan 2004 10:25:40 + Anne Wilson [EMAIL PROTECTED] wrote: Here's the contents of that file, if yer interested. I have it on my system. It's an example of a mail which is infected with Nimbda, IIANM, since Nimbda uses the 'iframe' exploit. So,if I understand you correctly, it is a text printout of the contents of an infected file, given as an example? And therefore a harmless one, since nothing can activate. Yes, yes, and yes ;-) Well, we have used similar quotes on the list before when discussing the problem. Doesn't look as though it's anything to worry about Troy, but Joe's right - it would probably look alarming to the virus scanner. -- JoeHill ++ ICQ # 280779813 Registered Linux user #282046 Homepage: www.orderinchaos.org +++ It is easier for a camel to pass through the eye of a needle than for a rich man to enter the Kingdom of God. -- Jesus Christ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] virus infected file in cooker?
On Sun, 18 Jan 2004 14:37:15 -0500 JoeHill [EMAIL PROTECTED] wrote: On Sun, 18 Jan 2004 10:20:20 -0800 Erylon Hines [EMAIL PROTECTED] wrote: Message From Gorge.net Mailer: The file (msg-15574-1533.txt) was found to be infected with a virus which has been removed. Please read the VirusWarning.txt attachment(s) for more information. My ISP removed Joe's e-mail and sent me a warning that it was infected! LOL! Sorry, I never thought of that... Anyway, all I said in the mail is that it's not an infected package, it's just that there's an *example* of an e-mail 'infected' with the iframe exploit. Joe, even the server has it in for you ;-) -- JoeHill ++ ICQ # 280779813 Registered Linux user #282046 Homepage: www.orderinchaos.org +++ The philosophers have only interpreted the world in various ways. The point, however, is to change it.-- Karl Marx Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] virus infected file in cooker?
On Sunday 18 January 2004 18:20, Erylon Hines wrote: On Saturday 17 January 2004 09:48 pm, JoeHill wrote: Message From Gorge.net Mailer: The file (msg-15574-1533.txt) was found to be infected with a virus which has been removed. Please read the VirusWarning.txt attachment(s) for more information. My ISP removed Joe's e-mail and sent me a warning that it was infected! e Perhaps your isp needs educating? Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] virus infected file in cooker?
On Sunday 18 January 2004 01:13 pm, Anne Wilson wrote: On Sunday 18 January 2004 18:20, Erylon Hines wrote: On Saturday 17 January 2004 09:48 pm, JoeHill wrote: Message From Gorge.net Mailer: The file (msg-15574-1533.txt) was found to be infected with a virus which has been removed. Please read the VirusWarning.txt attachment(s) for more information. My ISP removed Joe's e-mail and sent me a warning that it was infected! e Perhaps your isp needs educating? Anne They use MailScanner under postfix (pretty enlightened bunch, actually). e Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] virus infected file in cooker?
On Saturday 17 January 2004 03:05, JoeHill wrote: On Thu, 15 Jan 2004 20:50:01 -0600 Troy T. Hall [EMAIL PROTECTED] wrote: I just discovered this after AVG kept telling I had a virus after it had cleaned it. c:\WINDOWS\Desktop\Mandrake\Cooker\mailman-2.1.2-9mdk.i586.rpm-( RPM)-(GZip) -./usr/lib/mailman/tests/msgs/nimda.txt-(part:)-(IFRAME000 0) - HTML/IFrame_Exploit* - Infected This file was downloaded from the mandrake cooker ftp site. The ultimate question is now, I wonder if my server is infected. It's just a text file that comes in the package. Since it's called 'nimda', AVG is picking it up. It would pick up anything with the word 'nimda' Troy - I never saw your original mail. Joe may well be right, but I'd still ask the question at [EMAIL PROTECTED], just to be sure. Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] virus infected file in cooker?
On Sat, 17 Jan 2004 10:12:54 + Anne Wilson [EMAIL PROTECTED] wrote: This file was downloaded from the mandrake cooker ftp site. The ultimate question is now, I wonder if my server is infected. It's just a text file that comes in the package. Since it's called 'nimda', AVG is picking it up. It would pick up anything with the word 'nimda' Troy - I never saw your original mail. Joe may well be right, but I'd still ask the question at [EMAIL PROTECTED], just to be sure. Here's the contents of that file, if yer interested. I have it on my system. It's an example of a mail which is infected with Nimbda, IIANM, since Nimbda uses the 'iframe' exploit. Received: from tom.interq.or.jp (tom.interq.or.jp [210.172.128.229]) by imap.interq.or.jp with ESMTP id f8J1sCHb006936 for [EMAIL PROTECTED]; Wed, 19 Sep 2001 10:54:13 +0900 (JST) Received: from master.debian.org ([EMAIL PROTECTED] [216.234.231.130]) by tom.interq.or.jp with ESMTP id f8J1sAS04533 for [EMAIL PROTECTED]; ) Wed, 19 Sep 2001 10:54:11 +0900 (JST) Date: Wed, 19 Sep 2001 10:54:11 +0900 (JST) From: [EMAIL PROTECTED] Subject: C:\WINNT\mmc.exebqinsghtmstaskicwconnhtml helpdialerhypertrmgotodlgmsicwie6bakieexbqqviewie6bakeudcediticwdldwintlreadmeh ypertrmmsicwnpbqv32hypertrmic$ MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=_ABC1234567890DEF_ X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 --_ABC1234567890DEF_ Content-Type: multipart/alternative; boundary=_ABC0987654321DEF_ --_ABC0987654321DEF_ Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable HTMLHEAD/HEADBODY bgColor=3D#ff iframe src=3Dcid:EA4DMGBP9p height=3D0 width=3D0 /iframe/BODY/HTML --_ABC0987654321DEF_-- --_ABC1234567890DEF_ Content-Type: audio/x-wav; name=readme.exe Content-Transfer-Encoding: base64 Content-ID: EA4DMGBP9p --_ABC1234567890DEF_ -- JoeHill ++ ICQ # 280779813 Registered Linux user #282046 Homepage: www.orderinchaos.org +++ Superstition, idolatry, and hypocrisy have ample wages, but truth goes a-begging. -- Martin Luther Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] virus infected file in cooker?
On Thu, 15 Jan 2004 20:50:01 -0600 Troy T. Hall [EMAIL PROTECTED] wrote: I just discovered this after AVG kept telling I had a virus after it had cleaned it. c:\WINDOWS\Desktop\Mandrake\Cooker\mailman-2.1.2-9mdk.i586.rpm-(RPM)-(GZip) -./usr/lib/mailman/tests/msgs/nimda.txt-(part:)-(IFRAME) - HTML/IFrame_Exploit* - Infected This file was downloaded from the mandrake cooker ftp site. The ultimate question is now, I wonder if my server is infected. It's just a text file that comes in the package. Since it's called 'nimda', AVG is picking it up. It would pick up anything with the word 'nimda' -- JoeHill ++ ICQ # 280779813 Registered Linux user #282046 Homepage: www.orderinchaos.org +++ Things fall apart; the centre cannot hold... -- William Butler Yeats Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com