15.10.2009 16:47, Tom Shaw kirjoitti:
At 4:30 PM +0300 10/15/09, Jari Fredriksson wrote:Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_6GorA2txt0CVliaTmJuBPNhCIqDzZA" Content-Disposition: inline Undetected IRS scam variant. http://www.iki.fi/jarif/malware/tax-statement.exe -- http://www.iki.fi/jarif/"You don't have permission to access /~jarif/ikipage/malware/tax-statement.exe on this server." :-(
Oops, fixed.
Also to you have link url to that samples as well.
Does not compute.
But that should have been detected than winnow.malware.ts.irs.1.UNOFFICIAL unless they changed their attack vector.
Good. I will post a question in near future about how to install and maintain SaneSecurity for 'malware' and NOT 'spam'. But not yet. Probably the solution will be script #1 with some help from forum about the correct databases to load. -- http://www.iki.fi/jarif/ A classic is something that everyone wants to have read and nobody wants to read. -- Mark Twain, "The Disappearance of Literature"
pgpFyB9ZeHc94.pgp
Description: PGP signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
