lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
From: psz at maths.usyd.edu.au (Paul Szabo) Subject: f-prot not catching mimail ? Mike Tancsa <mike@...tex.net> wrote: > I have a few copies of the mimail virus from yesterday that f-prot even > with its latest updates do not catch. Both the Windows and FreeBSD version > fail to identify the two main variants I have got sent my way. I found the same lack of detection, on Linux. Normally I save the suspect email message as a "UNIX mbox" file and feed that to f-prot; it then finds the attached ZIP within, and the files contained within the ZIP. However with Mimail, it does not detect the ZIP within the message. If I unpack the ZIP from the message, then the HTM from the ZIP, and finally the EXE from the HTM, then f-prot seems to skip all those except for the EXE, which it detects correctly. I cannot see anything "special" in the MIME structure of Mimail that would cause f-prot to miss the ZIP attachment (or maybe it is the structure of the ZIP that f-prot cannot unpack?). Cheers, Paul Szabo - psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia --- $ f-prot virus/mimail -ai -archive -packed -list Virus scanning report - 4 August 2003 @ 7:26 F-PROT ANTIVIRUS Program version: 4.1.1 Engine version: 3.13.3 VIRUS SIGNATURE FILES SIGN.DEF created 1 August 2003 SIGN2.DEF created 2 August 2003 MACRO.DEF created 28 July 2003 Search: virus/mimail Action: Report only Files: Attempt to identify files Switches: -ARCHIVE -PACKED -LIST -AI /usr/users/amstaff/psz/virus/mimail Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 1 Time: 0:00 No viruses or suspicious files/boot sectors were found.
Powered by blists - more mailing lists