Security Basics mailing list archives
RE: W32/Bagle-A propagation increasing
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Fri, 23 Jan 2004 09:54:26 -0800
Well clamAV is up2date: ClamAV update process started at Fri Jan 23 09:48:23 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES main.cvd is up to date (version: 18, sigs: 19810, f-level: 1, builder: tomek) daily.cvd is up to date (version: 98, sigs: 579, f-level: 1, builder: diego) ...and the socket is working because it tagged a Klez-H just this morning: A virus (W32/Klez-H) was found. Two banned names (only..pif, .exe) were found. Scanners detecting a virus: Sophos SAVI, Clam Antivirus-clamd Very unusual, at least Sophos is working well, but that's always been a good Linux AV. It'll be interesting to see if the Beagle virus actually stops as predicted on the 28th. Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 -----Original Message----- From: Alejandro Flores [mailto:alejandro.flores () triforsec com br] Sent: Wednesday, January 21, 2004 5:11 PM To: Shawn Jackson Cc: security-basics () securityfocus com Subject: Re: W32/Bagle-A propagation increasing Hello,
I've notice more W32/Bagle-A traffic at my border MTA. ClamAV and OpenAV don't seam to be spotting the virus but Sohpos does. According to the reports the virus stops working after January 28th 2004, so we only have few days more. Let's keep up the good work.
Some of my servers have been hitten by beagle, and clamav had dropped them. [ clamd.log ] Wed Jan 21 17:25:41 2004 -> /var/spool/MIMEDefang/mdefang-i0LKPX4x019351/Work/msg-12837-971.exe: Worm.Bagle.A FOUND Regards, Alejandro Flores --TriForSec http://www.triforsec.com.br/ --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- W32/Bagle-A propagation increasing Shawn Jackson (Jan 21)
- Re: W32/Bagle-A propagation increasing Alejandro Flores (Jan 22)
- Re: W32/Bagle-A propagation increasing Andy Cuff (Jan 22)
- Re: W32/Bagle-A propagation increasing Andy Cuff [Talisker] (Jan 22)
- <Possible follow-ups>
- RE: W32/Bagle-A propagation increasing Shawn Jackson (Jan 22)
- RE: W32/Bagle-A propagation increasing Francisco Mário Ferreira Custódio (Jan 22)
- RE: W32/Bagle-A propagation increasing Shawn Jackson (Jan 26)