Security Basics mailing list archives

RE: W32/Bagle-A propagation increasing

From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Fri, 23 Jan 2004 09:54:26 -0800


        Well clamAV is up2date:

        ClamAV update process started at Fri Jan 23 09:48:23 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
main.cvd is up to date (version: 18, sigs: 19810, f-level: 1, builder:
tomek)
daily.cvd is up to date (version: 98, sigs: 579, f-level: 1, builder:
diego)

        ...and the socket is working because it tagged a Klez-H just
this morning:

A virus (W32/Klez-H) was found.

Two banned names (only..pif, .exe) were found.

Scanners detecting a virus: Sophos SAVI, Clam Antivirus-clamd

        Very unusual, at least Sophos is working well, but that's always
been a good Linux AV. It'll be interesting to see if the Beagle virus
actually stops as predicted on the 28th.


Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
             (800) 325-1199 x338


-----Original Message-----
From: Alejandro Flores [mailto:alejandro.flores () triforsec com br] 
Sent: Wednesday, January 21, 2004 5:11 PM
To: Shawn Jackson
Cc: security-basics () securityfocus com
Subject: Re: W32/Bagle-A propagation increasing

        Hello,

      I've notice more W32/Bagle-A traffic at my border MTA. ClamAV
and OpenAV don't seam to be spotting the virus but Sohpos does.
According to the reports the virus stops working after January 28th
2004, so we only have few days more. Let's keep up the good work.


        Some of my servers have been hitten by beagle, and clamav had
dropped
them.
[ clamd.log ]
Wed Jan 21 17:25:41 2004 ->
/var/spool/MIMEDefang/mdefang-i0LKPX4x019351/Work/msg-12837-971.exe:
Worm.Bagle.A FOUND

Regards,
Alejandro Flores




--TriForSec
http://www.triforsec.com.br/ 


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------

Current thread:

W32/Bagle-A propagation increasing Shawn Jackson (Jan 21)
- Re: W32/Bagle-A propagation increasing Alejandro Flores (Jan 22)
- Re: W32/Bagle-A propagation increasing Andy Cuff (Jan 22)
- Re: W32/Bagle-A propagation increasing Andy Cuff [Talisker] (Jan 22)
- <Possible follow-ups>
- RE: W32/Bagle-A propagation increasing Shawn Jackson (Jan 22)
- RE: W32/Bagle-A propagation increasing Francisco Mário Ferreira Custódio (Jan 22)
- RE: W32/Bagle-A propagation increasing Shawn Jackson (Jan 26)