Re: [Clamav-users] My.Doom.o

Tue, 27 Jul 2004 11:41:49 -0700 

On Tue, 27 Jul 2004 15:26:30 +0000, Scott Ryan <[EMAIL PROTECTED]>
wrote:

>I have not submitted any virii (correct word?) before, so please bear with me.
>I always run latest stable, currently 0.75 and have not had any virus issues 
>up until now. I am seeing a high number of mails in the below format hitting 
>our mail servers.
>
>>Dear user <[EMAIL PROTECTED]>,
>>Your e-mail account has been used to send a large amount of spam messages 
>>during this week.
>>Obviously, your computer had been infected by a recent virus and now runs a 
>hidden proxy server.
>>Please follow our instruction in order to keep your computer safe.
>>Best wishes,
>>The <domain> team.
>
>with a zip file attached containing a pif file.
>
>I submitted the zip file only to have the message returned to me advising that 
>it is not a virus, but "Binary fragment. Harmless."
>
>Symantec identify these mails as My.Doom.o and i have checked sigtool which 
>identifies My.Doom.m, but not My.Doom.o - 
>
>My question is, how do i get clamav to identify these files as a virus?


I got a few of these, too.  Norton AV with this morning's definitions doesn't
flag it as a virus.  I have just submitted the .zip file to them for analysis.

--
   Steve
   


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to