Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

message.zip ?

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


dee at akwireless

Aug 16, 2003, 8:41 AM

Post #1 of 3 (443 views)
Permalink
message.zip ?
Hi,

One of our customers recieved a message that had a .zip attachment and
looks suspect. Anyone here here what to take a look at at it ?

Dee
--
W.D.McKinney (Dee)
Alaska Wireless Systems
11310 Lillan Lane, Anchorage, AK 99515-2914
Direct (907)349-4308 -=- http://www.akwireless.net


Antony at Soft-Solutions

Aug 16, 2003, 9:26 AM

Post #2 of 3 (426 views)
Permalink
Re: message.zip ? [In reply to]
On Saturday 16 August 2003 4:30 pm, W.D. McKinney wrote:

> Hi,
>
> One of our customers recieved a message that had a .zip attachment and
> looks suspect. Anyone here here what to take a look at at it ?

Let me guess - it's called message.zip (you said that in your subject), it's
20567 bytes long, and it contains one file, message.html, which is 20445
bytes long?

Running it through a current version of ClamAV reveals that it's a recent
virus called Trojan.Dropper.C, also known as MiMail...

Am I right? If not, zip a copy with a password and email it to me (with the
password) and I'll run it through a few other antivirus engines...

Antony.

--

The first ninety percent of an engineering project takes ninety percent
of the time, and the last ten percent takes the remaining ninety percent.


mikesz at uptimetech

Aug 16, 2003, 9:35 AM

Post #3 of 3 (435 views)
Permalink
Re: message.zip ? [In reply to]
Sure, post it somewhere we can get to. Sounds like mimail.a?


Mike



On Sat, Aug 16, 2003 at 07:30:02AM -0800, W.D. McKinney wrote:
> Hi,
>
> One of our customers recieved a message that had a .zip attachment and
> looks suspect. Anyone here here what to take a look at at it ?
>
> Dee
> --
> W.D.McKinney (Dee)
> Alaska Wireless Systems
> 11310 Lillan Lane, Anchorage, AK 99515-2914
> Direct (907)349-4308 -=- http://www.akwireless.net
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
> _______________________________________________
> Clamav-users mailing list
> Clamav-users [at] lists
> https://lists.sourceforge.net/lists/listinfo/clamav-users

--
Michael Sullenszino
Unix System Administrator
Data Security, UptimeTech.com - 206-547-1817
mikesz [at] uptimetech

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.