Menu
▾
▴
Re: [AMaViS-user] Virus that sophos does not detect
|
From: Nate A. <sub...@gr...> - 2001-12-30 22:45:57
|
Lars Hecking said: > >> I managed to extract the infected files from >> the attached email and have posted them here: >> http://saratoga.linuxpowered.net/viruses/ > > In which form did that email contain the virus? As named > attachment w/ extension? amavis tagged an extention onto it..actually there was 2 files in the parts/ subdirectory mail-nh2:/tmp/amavis-10507528/parts# ls -l total 280 -rw------- 1 root root 1002 Dec 30 04:55 msg-30495-1.txt -rw------- 1 root root 1155 Dec 30 04:55 msg-30495-2.html -rw------- 1 root root 132542 Dec 30 04:55 msg-30495-3.exe -rw------- 1 root root 132542 Dec 30 04:55 msg-30495-4.2 scanning the directory reveals both msg-30495-3.exe and msg-30495-4.2 to be infected with the same virus. i ran a md5sum on them and it came out identical so i only put 1 of the files on the server 48702b75f811b101e1f97020c0525ca5 msg-30495-3.exe 48702b75f811b101e1f97020c0525ca5 msg-30495-4.2 heres the original email as quaranteened(sp) by amavis on one of the mail leaf servers: http://saratoga.linuxpowered.net/viruses/email.txt nate -- Nate Amsden System Administrator GraphOn (Sent using Squirrelmail! 1.2.0rc2) |