Am Sonntag, 8. Februar 2004 12:54 schrieb Ralf Tempel:
Al Bogner schrieb:
Trotzdem ist es nicht viel Aufwand beide Scanner einzusetzen.
Hi! Ich würde gerne probieren, zum bereits laufenden Antivir noch Fprot oder einen anderen Scanner einzusetzen.
[Nachtrag] Gute Idee. Schau dir mal diesen Scan mit einem selber zusammengestellten Viren-Test-Attachment für einen Freund an. F-Prot ist kläglich an diesem Attachment bei einem _manuellen_ Dateiscan gescheitert, da es keines der 38 Viren erkannte. Über ein Mail, d.h. via amavis, hat f-prot aber Alarm geschlagen! F-Prot hat also enorme Probleme, wenn Dateien mit manchen Packern, wie rar, komprimiert sind und ein anderes Programm, wie amavis, nicht die Dekomprimierung initiiert. Man darf aber daraus nicht den Schluß ziehen, dass Antivir besser ist als F-Prot. Ich kenne auch Situationen, wo F-Prot viel besser als Antivir abschneidet. Allerdings verstehe ich nicht, dass F-Prot auf dieses Problem mit Archiven nicht reagiert. Aus diesem Grund gibt es ja auch Probleme mit dem Newsspool. Das hat nichts damit zu tun, dass das Programm für private Nutzung kostenlos ist, kommerzielle User zahlen ja dafür. Aus dem Protokoll meines Virenprüf-Scripts: gefunden von ANTIVIR: ALERT: [Worm/Cult.B virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20031123-100020-26447 --> BlueMountaineCard.pif <<< Contains signature of the worm Worm/Cult.B ALERT: [Worm/Cult.B virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20031128-214517-1510 --> BlueMountaineCard.pif <<< Contains signature of the worm Worm/Cult.B ALERT: [Worm/Bugbear.B virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20031202-214523-27202 --> Default.rdp.exe <<< Contains signature of the worm Worm/Bugbear.B ALERT: [Worm/Sober.C1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20031221-121741-13880 --> remove-smss.exe <<< Contains signature of the worm Worm/Sober.C1 ALERT: [Worm/Sober.C1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20031221-213033-31918 --> aktenz27545.scr <<< Contains signature of the worm Worm/Sober.C1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231024-17614 --> PACK.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231043-25446 --> gyubgj.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231112-20502 --> Upgrade4597.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231131-1768 --> installation492.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231150-31467 --> Update71.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231211-21233 --> q843357.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231230-32133 --> cdlrq.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231251-4447 --> update298.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231312-2835 --> Q965273.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231333-8321 --> pack173.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231358-22115 --> Install8.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231415-13135 --> pack94.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231436-29503 --> Patch.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231459-13215 --> Update692.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231520-14830 --> pack86.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231539-7921 --> pack3191.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231600-27424 --> Installer.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231623-12372 --> pack789.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231640-3724 --> fzcqac.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231702-28977 --> Installation72.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231722-10855 --> Pack116.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231741-19818 --> cemflwm.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231802-18721 --> q351354.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231821-7742 --> gvbh.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231840-3527 --> bklfvtn.scr <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231901-9740 --> Pack6654.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231927-5125 --> pack.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-231956-22198 --> pack15.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-232010-31147 --> pack65.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-232031-25975 --> euvj.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-232054-21052 --> esgq.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [Worm/Gibe.C.1 virus] /home/ab/Mail/.freunde.directory/christof/cur/1075638665.2044.rxak:2,S.XXX --> virusmails --> unkwn.tar --> virusmails --> unkwn.tar --> virusmails/virus-20040130-232122-27276 --> patch2654.exe <<< Contains signature of the worm Worm/Gibe.C.1 ALERT: [TR/InorDL.1 virus] /home/ab/Mail/.mailinglists.directory/.suse.directory/suse-linux-d/cur/1058006856.1813.I7tp:2,RS.XXX:2,S.XXX:2,S.XXX:2,S.XXX:2,S.XXX:2,S.XXX:2,S --> file0.txt <<< The Trojan horse TR/InorDL.1 gefunden von F-PROT: Virenverdacht von F-PROT (could be): /home/ab/Mail/inbox/cur/1061541734.1823.wJ4x:2,RS->sobigf.txt could be a corrupted executable file ________________________________________________________________________________ ANTIVIR Prüfung Zusammenfassung für client3:/home/ab/ Scanoptionen: -s -v -z --allfiles -e -ren -dmdel -dmds -r1 -rf/home/ab/virenpruefungen/letztes_antivir_log_fuer_home_ab.txt -ra -lang=DE Dateien: 60550 Alarme: 38 Repariert: 0 Gelöscht: 0 Umbenannt: 1 Warnungen: 2 Benötigte Zeit: 00:06:23 -------------------------- F-PROT Prüfung Zusammenfassung für client3:/home/ab/ Scanoptionen: -ai -archive -collect -dumb -packed -report=/home/ab/virenpruefungen/letztes_fprot_log_fuer_home_ab.txt Results of virus scanning: Files: 32960 MBRs: 0 Boot sectors: 0 Objects scanned: 43271 Time: 4:12 No viruses or suspicious files/boot sectors were found.