On Wed, 07 Sep 2005 11:10:33 -0600 Anthony Chavez <[EMAIL PROTECTED]> wrote:
> On Tue, 6 Sep 2005 09:48:06 +0200 "Securiteinfo.com" <[EMAIL PROTECTED]> > wrote: > >> Le mardi 6 Septembre 2005 04:06, Anthony Chavez a écrit : >>> I have tried to report a false positive for Worm.Bagle.BB-gen three >>> times now, and have yet to see it make its way into my database. I've >>> provided the file in my submission as well as reported the original site >>> From which it can be downloaded >>> (http://www.subspacedownloads.com/files/continuum039pr1.zip, very cool >>> game, BTW). >> >> Your sample has been submitted to the Clamav team. >> Thank you for reporting. > > Thank you for passing it along. > > In the future, however, are there any additional requirements that I > will need to fulfill in order to submit a virus or report a false > positive? This may be old news, but it turns out that this particular file is in fact infected with Worm.Bagle.BB-gen. How do I know? My domain was placed on a spam blacklist thanks to this little bugger. I combed through my mail server configuration and firewall rules and found them to be completely clean. So, I uninstalled it, upgraded to 0.39 (release), and ClamWin stopped complaining. Throughout this whole endeavor, McAfee Stinger failed to detect it. Therefore, I can only assume that although Stinger claims to detect W32/Bagle, it must not detect variants. Something to look out for. Scrolling down in the comments page (http://www.subspacedownloads.com/index.php?act=file&fid=3), it appears that I am not the only one who has found this file to be infected. I have updated this page with a warning and hopefully they will take the file offline soon. -- Anthony Chavez http://anthonychavez.org/ mailto:[EMAIL PROTECTED] jabber:[EMAIL PROTECTED]
pgpAUhLUbEMcR.pgp
Description: PGP signature
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
