Since the SCO virus has a list of common first names it couples with domains it finds, one of our employees, "[EMAIL PROTECTED]" got a bunch of undeliverable bounces back (unknown users, etc.). These bounces contain the full virus in the form of the complete source of the original email dumped at the end of the bounce message. Although I'm sure the MIME is no longer set up right so it may be harmles, Norton seems to catch these while ClamAV does not. I'm running a CVS snapshot of ClamAV from yesterday (the 26th) and run Freshclam every hour. It seems to be catching other forms of the SCO virus, just not these bounces.
I've sent this same message to [EMAIL PROTECTED] with an attached example bounce. But I didn't want to violate the "DO NOT SEND VIRII HERE!!! Send them to [EMAIL PROTECTED]" rule. ;-) I can send anybody else an example on request. -- Matt Systems Administrator Local Access Communications 360.330.5535 ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
