> I've found a few bits of spy/adware that everything missed. > You can download > a trial at www.norman.com . > > I should say that I don't have any connection with this > company except as a > end user. > > Below is a example of what it reports. > > Cheers, > Patrick > > ALARM: > Virus infected: > Virus name: 'W32/Downloader' [ General information ]
Patrick, thanks for checking that file (I presume it was the cab file you checked), and confirming my suspicions. The sand box does sound like a handy tool, and the mention of it got me to wondering what other tools exist for checking to see what a virus tries to do to a system. (That's a general question to the list.) (I couldn't find any way to download the Sand Box from Norman-- is it only available as part of the AV, or am I just looking in the wrong places? All I could see is Norman talking about the Sand Box, but nothing about how to get it.) Thanks again for scanning the file-- you didn't say if you'd submitted it to clamav, so I submitted it this morning (#3622). An interesting (to me!) data point-- after several weeks of receiving the email that led me to the .cab file, it stopped yesterday (the day after I mention what I'd found on the list), and I'm now receiving a new email format. I believe it's the same type of attack, but haven't found the payload yet. -ron ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
