| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <417AEBDB.23242.11F9FA7D@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Undetectable Virus from CANADA ISP 69.197.83.68 Andrew Smith to Farrukh Hussain: > > Today I got e-mail from "69.197.83.68" CANADA ISP which has undetectable > > virus. > > This just means that you or your A/V hasn't updated their virus > definitions. Try multiple A/V programs, this will cover a wider range > of 'viruses'. _OR_ it means Farrukh was depending on an unreliable or outdated virus scanner. Scanned with 21 different scanners a few hours after the message was posted and 20 of them detected it. This was not due to some recent (as in the preceding few hours) rush of updates -- most web descriptions agree that the virus they detected was first seen very late in July, with a second variant a few days later, early in August. That result _includes_ the same scanner (by name) that Hotmail reputedly uses, but then, Hotmail failing to reliably keep its scanner up to date, and/or the supplier of said scanner failing to provide reliable updates to Hotmail are not exactly news, and it has been long suspected that Hotmail's virus scanning is designed to "fail open" (i.e. pass on Email that has not been scanned but report it as if it has been scanned and found "not infected"). In short, this virus has been widely detected since late July/early August by almost all "Western" virus detection engines, so the OP's report and concerns would seem more than a tad misdirected... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists