Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: AW: [suse-security] NAI on unix do not find actual virus
  • From: Don Parris <dcparris@xxxxxxxxxxxxx>
  • Date: Wed, 10 Mar 2004 13:11:25 -0500
  • Message-id: <20040310131125.1e7598db.dcparris@xxxxxxxxxxxxx>
On Wed, 10 Mar 2004 12:53:31 +0100
"Mrvka Andreas" <mrv@xxxxxxx> wrote:

>>
>>
>>>-----Ursprüngliche Nachricht-----
>>>Von: Tom Knight [mailto:thomas.knight@xxxxxxxxxx]
>>>Gesendet: Mittwoch, 10. März 2004 12:34
>>>
>>>> -----Original Message-----
>>>> From: GarUlbricht7@xxxxxxxxxxxx [mailto:GarUlbricht7@xxxxxxxxxxxx]
>>>> Sent: 10 March 2004 07:49
>>>>
>>>> "Mrvka Andreas" <mrv@xxxxxxx> wrote:
>>>> >
>>>> > hi,
>>>> >
>>>> > i use the NAI product for my SuSE Linux 9 distribution.
>>>> > VirusScan for Unix: with actual engine and Dat file...
>>>>
>>>> ----<text snipped>---
>>>>
>>>> > i copied the exe file out of the zip file and ran the uvscan but
>>>> > nevertheless i was unsuccessful :-(
>>>> >
>>>>
>>>> And you are unhappy ???
>>
>>yes, i AM unhappy!
>>for a mailserver virus scanning it's so nice, to let viruses go through...
>>
>>>>
>>>> My father has a saying:
>>>>
>>>> "Don't go looking for trouble,
>>>> it will find you soon enough."
>>>>
>>>> Unless you have a test environment that is off the web, please don't
>>>> go opening up stange files...
>>>>
>>>
>>>Indeed.
>>>
>>>Looking at this again, you probably want to test using the
>>>eicar test file,
>>>http://www.eicar.org/anti_virus_test_file.htm. It's a harmless
>>>text file that all AV software detecta as a virus.
>>>
>>>No I won't send it to you - my mail server probably wouldn't
>>>let it through!
>>
>>i know this virus.
>>i fact, my virus scan detect all viruses except this one which
>>is in a password protected zip file.
>>
>>NAI's product based on microsoft servers can detect him.
>>
>>I try to ask NAI directly, as i read here...
>>
>>>
>>>Tom.
>>>
>>
>>thanks,
>>Andrew
>>

Is it not well known that the virus scanners are not able to detect this virus
precisely because it is in a password protected zip file? The Virus SWAT team
at my job posed this very issue when announcing the virus to employees. The
team instructed employees to delete the e-mail, or forward it to the team for
analysis. The password is supposed to be included in the body of the e-mail,
which you're supposed to open yourself so the virus can then do it's thing. The
whole purpose, I gather, for putting the virus in the zip file was to avoid
detection by the scanners. I was not aware that NAI had the ability to detect
the visurs on Windows servers.

Regards,
Don


>>--
>>Check the headers for your unsubscription address
>>For additional commands, e-mail: suse-security-help@xxxxxxxx
>>Security-related bug reports go to security@xxxxxxx, not here
>>

< Previous Next >
Follow Ups