Full Disclosure mailing list archives
Re: f-prot not catching mimail ?
From: dizzy <dizzy () event-media de>
Date: Wed, 13 Aug 2003 12:27:47 +0200
update your f-prot version to 4.1.2 then it work´s (amavisd-new too) and sorry for this late answer On Sat, 02 Aug 2003 14:33:35 -0400 Mike Tancsa <mike () sentex net> wrote:
I have a few copies of the mimail virus from yesterday that f-prot even with its latest updates do not catch. Both the Windows and FreeBSD version fail to identify the two main variants I have got sent my way. e.g. avscan1% md5 *.DEF MD5 (MACRO.DEF) = fc09bc864e62639bc3424e3425083421 MD5 (SIGN.DEF) = a5d8c14285b2c866e3261421f7f3a0d2 MD5 (SIGN2.DEF) = 12c403a108c398aeaca01a2a4da68de4 avscan1% f-prot -verno F-PROT ANTIVIRUS Program version: 4.1.0 Engine version: 3.13.3 VIRUS SIGNATURE FILES SIGN.DEF created 1 August 2003 SIGN2.DEF created 1 August 2003 MACRO.DEF created 28 July 2003 avscan1% avscan1% f-prot message*.html Virus scanning report - 2 August 2003 @ 14:29 F-PROT ANTIVIRUS Program version: 4.1.0 Engine version: 3.13.3 VIRUS SIGNATURE FILES SIGN.DEF created 1 August 2003 SIGN2.DEF created 1 August 2003 MACRO.DEF created 28 July 2003 Search: message.html message2.html Action: Report only Files: Attempt to identify files Switches: <none> Results of virus scanning: Files: 2 MBRs: 0 Boot sectors: 0 Objects scanned: 0 Time: 0:00 No viruses or suspicious files/boot sectors were found. avscan1% md5 message*.html MD5 (message.html) = d1f0f5dd1f4ebbeebbd61e884ed1669c MD5 (message2.html) = d7b72f9b8370aa3b132069a878b5b5c8 avscan1% These are both caught by other scanners but passed by f-prot. Anyone with f-prot successfully identify this virus ? avscan1% f-prot -virlist | grep -i mimail Mimail.A@mm JS/Mimail.dropper avscan1% I sent email yesterday about this to frisk, but just got a "we will submit to the lab." That was before their update so I wonder if they figure they are covered. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike () sentex net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- Martin "dizzy" Kujawski Müller und Kujawski GbR event-media Invalidenstr. 50-51 10557 Berlin Germany Tel.: +49 30 390 318 12 Fax: +49 30 390 318 13 mail: martin.kujawski () event-media de web: http://www.event-media.de _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- f-prot not catching mimail ? Mike Tancsa (Aug 02)
- RE: f-prot not catching mimail ? Curt Purdy (Aug 03)
- Re: f-prot not catching mimail ? dizzy (Aug 13)
- <Possible follow-ups>
- Re: f-prot not catching mimail ? Paul Szabo (Aug 03)
- Re: f-prot not catching mimail ? Mike Tancsa (Aug 04)
- RE: f-prot not catching mimail ? Aditya (Aug 05)
- Re: f-prot not catching mimail ? Paul Szabo (Aug 04)
- Re: f-prot not catching mimail ? Nick FitzGerald (Aug 04)
- Re: f-prot not catching mimail ? (now fixed) Mike Tancsa (Aug 05)
- Re: f-prot not catching mimail ? Nik Reiman (Aug 06)
- Re: f-prot not catching mimail ? Paul Szabo (Aug 04)
- Re: f-prot not catching mimail ? Paul Szabo (Aug 06)