On Wed, 10 Mar 2004 12:53:31 +0100
"Mrvka Andreas"
-----Ursprüngliche Nachricht----- Von: Tom Knight [mailto:thomas.knight@ahds.ac.uk] Gesendet: Mittwoch, 10. März 2004 12:34
-----Original Message----- From: GarUlbricht7@netscape.net [mailto:GarUlbricht7@netscape.net] Sent: 10 March 2004 07:49
"Mrvka Andreas"
wrote: hi,
i use the NAI product for my SuSE Linux 9 distribution. VirusScan for Unix: with actual engine and Dat file...
----<text snipped>---
i copied the exe file out of the zip file and ran the uvscan but nevertheless i was unsuccessful :-(
And you are unhappy ???
yes, i AM unhappy! for a mailserver virus scanning it's so nice, to let viruses go through...
My father has a saying:
"Don't go looking for trouble, it will find you soon enough."
Unless you have a test environment that is off the web, please don't go opening up stange files...
Indeed.
Looking at this again, you probably want to test using the eicar test file, http://www.eicar.org/anti_virus_test_file.htm. It's a harmless text file that all AV software detecta as a virus.
No I won't send it to you - my mail server probably wouldn't let it through!
i know this virus. i fact, my virus scan detect all viruses except this one which is in a password protected zip file.
NAI's product based on microsoft servers can detect him.
I try to ask NAI directly, as i read here...
Tom.
thanks, Andrew
Is it not well known that the virus scanners are not able to detect this virus precisely because it is in a password protected zip file? The Virus SWAT team at my job posed this very issue when announcing the virus to employees. The team instructed employees to delete the e-mail, or forward it to the team for analysis. The password is supposed to be included in the body of the e-mail, which you're supposed to open yourself so the virus can then do it's thing. The whole purpose, I gather, for putting the virus in the zip file was to avoid detection by the scanners. I was not aware that NAI had the ability to detect the visurs on Windows servers. Regards, Don
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here