On Tue, 2005-05-31 at 16:24 +0100, Bob Hutchinson wrote: > > I downloaded your zip file, neither clamscan or clamdscan found anything, > either before or after I unzipped it
That was my experience too, and the reason behind my posting here. Should clam(d)scan be hitting on this? I think it should. > I set it up on a linux devbox and pointed firefox running under debian at it > and the javascript console told me it had failed to run, nor were there any > files created. Perhaps MSIE will let the jscript run, I cannot test that, no > winboxes here, and I'm not about to try either. The javascript will run on any box, linux included. What it does (install .exe, etc.) is only unique to MS Windows. It does this by downloading this file: h--p://69.50.177.102/x155/ind.php which then proceeds to download this file: h--p://69.50.177.102/x155/count5.htm which then proceeds to download this file: h--p://81.222.131.59/dl/adv737.php To me, the original javascript IS a virus and SHOULD be reported by clam(d)scan. -Jim P. _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
