> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of Michael V. Khaletsky > Sent: 26. november 2003 19:27 > To: [EMAIL PROTECTED] > Subject: [Clamav-users] Exploit.IFrame.Gen - description ? > >There is nothing bad in this code according to my point of view, only the >HTML link >inside.
I'm currently studying how to update the signature to avoid "false positive". But please note that using IFrame and URL's to identify recipient makes the e-mail very close to a SPAM or virus mail. > I'm sure clamav-milter understand what it does. > But I tried to look for any description of Exploit.IFrame.Gen virus and > couldn't find. > Can You please help me. > Where can I find the description of this virus: Exploit.IFrame.Gen > to show this description to our user. The IFrame exploit is very simple since which makes is difficult to create a signature that avoids "false positive". This is a breakdown of the current signature. Please note that I've changed parts to allow this e-mail to pass av-engines (@=a). Exploit.IFrame.Gen (Clam)=696672616d65207372633d*6369643a*6865696768743d*2077696474683d*2f696672616d65*2f424f44593e3c2f48544d4c3e 696672616d65207372633d [EMAIL PROTECTED] src= 6369643a cid: 6865696768743d height= 2077696474683d width= 2f696672616d65 /[EMAIL PROTECTED] 2f424f44593e3c2f48544d4c3e /BODY><-HTML> Best regards, Diego d'Ambra ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
