lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: mike at (Mike Tancsa)
Subject: f-prot not catching mimail ? (now fixed)

This is now fixed with an updated engine. I verified both with my Windows 
Desktop version as well with my FreeBSD version. This gets both versions of 
the virus I have found.

avscan1# f-prot *.zip
Virus scanning report  -  5 August 2003 @ 13:50

Program version: 4.1.1
Engine version: 3.13.4

SIGN.DEF created 1 August 2003
SIGN2.DEF created 4 August 2003
MACRO.DEF created 4 August 2003

Action: Report only
Files: Attempt to identify files
Switches: <none>

/tmp/tmp2/>message.html  Infection: W32/Mimail.A@mm
/tmp/tmp2/>message.html  Infection: W32/Mimail.A@mm
/tmp/tmp2/>  Not scanned (encrypted)
/tmp/tmp2/>  Not scanned (encrypted)

Results of virus scanning:

Files: 3
MBRs: 0
Boot sectors: 0
Objects scanned: 4
Infected: 2
Suspicious: 0
Disinfected: 0
Deleted: 0
Renamed: 0

Time: 0:00

At 07:35 AM 05/08/2003 +1000, Paul Szabo wrote:
> >>I cannot see anything "special" in the MIME structure of Mimail that would
> >>cause f-prot to miss the ZIP attachment (or maybe it is the structure of
> >>the ZIP that f-prot cannot unpack?).
> >
> > I was told its the encoding scheme in the .html file thats the problem.
> > Currently the scanner does not support that type of encoding.
>It seems to me that the HTML contains the binary EXE without any encoding:
>$ cat -v message.html | fold | head -5
>MIME-Version: 1.0
>Content-Transfer-Encoding: binary
>Regardless, f-prot should list the ZIP attachment, and the files contained
>within the ZIP ...
>Paul Szabo -
>School of Mathematics and Statistics  University of Sydney   2006  Australia

Powered by blists - more mailing lists