Full Disclosure mailing list archives
RE: f-prot not catching mimail ?
From: "Curt Purdy" <purdy () tecman com>
Date: Sun, 3 Aug 2003 14:36:55 -0500
As soon as I saw this email I terminaled into our SMTP server and saw F-Secure grabbed the first mimail on July 27, a week ago. The reason I was so shocked by this email, is that in the 14 years I have been fighting viruses, and have used everything, I saw multiple instances of Norton and McAfee either not finding or not removing a virus. But in all that time I have never found one that got by F-Prot, then later F-Secure, which is why it is the only AV we use from firewall to mail server to desktop. If it sounds like I'm prejudiced, it's because I am. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions cpurdy () dpsol com 936.637.7977 ext. 121 ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Mike Tancsa Sent: Saturday, August 02, 2003 1:34 PM To: full-disclosure () lists netsys com Subject: [inbox] [Full-disclosure] f-prot not catching mimail ? I have a few copies of the mimail virus from yesterday that f-prot even with its latest updates do not catch. Both the Windows and FreeBSD version fail to identify the two main variants I have got sent my way. e.g. avscan1% md5 *.DEF MD5 (MACRO.DEF) = fc09bc864e62639bc3424e3425083421 MD5 (SIGN.DEF) = a5d8c14285b2c866e3261421f7f3a0d2 MD5 (SIGN2.DEF) = 12c403a108c398aeaca01a2a4da68de4 avscan1% f-prot -verno F-PROT ANTIVIRUS Program version: 4.1.0 Engine version: 3.13.3 VIRUS SIGNATURE FILES SIGN.DEF created 1 August 2003 SIGN2.DEF created 1 August 2003 MACRO.DEF created 28 July 2003 avscan1% avscan1% f-prot message*.html Virus scanning report - 2 August 2003 @ 14:29 F-PROT ANTIVIRUS Program version: 4.1.0 Engine version: 3.13.3 VIRUS SIGNATURE FILES SIGN.DEF created 1 August 2003 SIGN2.DEF created 1 August 2003 MACRO.DEF created 28 July 2003 Search: message.html message2.html Action: Report only Files: Attempt to identify files Switches: <none> Results of virus scanning: Files: 2 MBRs: 0 Boot sectors: 0 Objects scanned: 0 Time: 0:00 No viruses or suspicious files/boot sectors were found. avscan1% md5 message*.html MD5 (message.html) = d1f0f5dd1f4ebbeebbd61e884ed1669c MD5 (message2.html) = d7b72f9b8370aa3b132069a878b5b5c8 avscan1% These are both caught by other scanners but passed by f-prot. Anyone with f-prot successfully identify this virus ? avscan1% f-prot -virlist | grep -i mimail Mimail.A@mm JS/Mimail.dropper avscan1% I sent email yesterday about this to frisk, but just got a "we will submit to the lab." That was before their update so I wonder if they figure they are covered. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike () sentex net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- f-prot not catching mimail ? Mike Tancsa (Aug 02)
- RE: f-prot not catching mimail ? Curt Purdy (Aug 03)
- Re: f-prot not catching mimail ? dizzy (Aug 13)
- <Possible follow-ups>
- Re: f-prot not catching mimail ? Paul Szabo (Aug 03)
- Re: f-prot not catching mimail ? Mike Tancsa (Aug 04)
- RE: f-prot not catching mimail ? Aditya (Aug 05)
- Re: f-prot not catching mimail ? Paul Szabo (Aug 04)
- Re: f-prot not catching mimail ? Nick FitzGerald (Aug 04)
- Re: f-prot not catching mimail ? (now fixed) Mike Tancsa (Aug 05)
- Re: f-prot not catching mimail ? Nik Reiman (Aug 06)
- Re: f-prot not catching mimail ? Paul Szabo (Aug 04)
- Re: f-prot not catching mimail ? Paul Szabo (Aug 06)