lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
From: mike at sentex.net (Mike Tancsa) Subject: f-prot not catching mimail ? I have a few copies of the mimail virus from yesterday that f-prot even with its latest updates do not catch. Both the Windows and FreeBSD version fail to identify the two main variants I have got sent my way. e.g. avscan1% md5 *.DEF MD5 (MACRO.DEF) = fc09bc864e62639bc3424e3425083421 MD5 (SIGN.DEF) = a5d8c14285b2c866e3261421f7f3a0d2 MD5 (SIGN2.DEF) = 12c403a108c398aeaca01a2a4da68de4 avscan1% f-prot -verno F-PROT ANTIVIRUS Program version: 4.1.0 Engine version: 3.13.3 VIRUS SIGNATURE FILES SIGN.DEF created 1 August 2003 SIGN2.DEF created 1 August 2003 MACRO.DEF created 28 July 2003 avscan1% avscan1% f-prot message*.html Virus scanning report - 2 August 2003 @ 14:29 F-PROT ANTIVIRUS Program version: 4.1.0 Engine version: 3.13.3 VIRUS SIGNATURE FILES SIGN.DEF created 1 August 2003 SIGN2.DEF created 1 August 2003 MACRO.DEF created 28 July 2003 Search: message.html message2.html Action: Report only Files: Attempt to identify files Switches: <none> Results of virus scanning: Files: 2 MBRs: 0 Boot sectors: 0 Objects scanned: 0 Time: 0:00 No viruses or suspicious files/boot sectors were found. avscan1% md5 message*.html MD5 (message.html) = d1f0f5dd1f4ebbeebbd61e884ed1669c MD5 (message2.html) = d7b72f9b8370aa3b132069a878b5b5c8 avscan1% These are both caught by other scanners but passed by f-prot. Anyone with f-prot successfully identify this virus ? avscan1% f-prot -virlist | grep -i mimail Mimail.A@mm JS/Mimail.dropper avscan1% I sent email yesterday about this to frisk, but just got a "we will submit to the lab." That was before their update so I wonder if they figure they are covered. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@...tex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike
Powered by blists - more mailing lists