USB/Removable/Flash etc..
> Date: Fri, 14 May 2010 13:23:18 -0400 > From: mdud...@king-cart.com > To: clamav-users@lists.clamav.net > Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > > Huh? It is impossible to have a windows machine without any mass storage > devices. > > Marshall > > Jean-Paul natola wrote: > > correction: I DO NOT ALLOW any mass storage devices on our windows machines > > > > > >> From: jnat...@hotmail.com > >> To: clamav-users@lists.clamav.net > >> Date: Fri, 14 May 2010 12:54:33 -0400 > >> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > >> > >> > >> I will install it now, i created this box for the sole purpose of scan usb > >> > > drives, I do ALLOW any storage devices to be used on our windows machines. > > > >> > >> If i can just find a way to automate it so that I dont have to mount and > >> > > run the scans manually > > > >> > >> > >> > >> > >>> From: hugh...@wharton.upenn.edu > >>> To: clamav-users@lists.clamav.net > >>> Date: Fri, 14 May 2010 12:23:38 -0400 > >>> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine > >>> > > virus > > > >>> And you CAN submit with a text-based browser like lynx -- assuming > >>> > > you're allowed to install one on that box. They work fine for the submission > > program: http://cgi.clamav.net/sendvirus.cgi > > > >>> -Hugh > >>> > >>> -----Original Message----- > >>> From: clamav-users-boun...@lists.clamav.net > >>> > > [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Alain Zidouemba > > > >>> Sent: Friday, May 14, 2010 12:20 PM > >>> To: ClamAV users ML > >>> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine > >>> > > virus > > > >>> If you can, please generate the MD5 checksum for that file and paste it > >>> > > here. > > > >>> Thanks, > >>> > >>> -Alain > >>> > >>> On Fri, May 14, 2010 at 12:13 PM, Jean-Paul natola <jnat...@hotmail.com> > >>> > > wrote: > > > >>>> yes it is, see link > >>>> > >>>> > >>>> > > http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PALEVO.SMBF&VSect=Sn > > > >>>> > >>>> unfortunatley the bsd box has no web browser so I cannot get to the > >>>> > > submission page > > > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>> Date: Fri, 14 May 2010 11:14:49 -0400 > >>>>> From: azidoue...@sourcefire.com > >>>>> To: clamav-users@lists.clamav.net > >>>>> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine > >>>>> > > virus > > > >>>>> type the following at the command line: clamscan --help > >>>>> > >>>>> It will show you some of the options you have for quarantining file: > >>>>> > >>>>> clamscan --remove[=yes/no(*)] Remove infected files. Be careful! > >>>>> clamscan --move=DIRECTORY Move infected files into DIRECTORY > >>>>> clamscan --copy=DIRECTORY Copy infected files into DIRECTORY > >>>>> > >>>>> What about menekrug.exe? Do you believe it is malware and should have > >>>>> been detected? If so, please submit to: > >>>>> http://www.clamav.net/lang/en/sendvirus/ > >>>>> > >>>>> -Alain > >>>>> > >>>>> On Fri, May 14, 2010 at 11:03 AM, Jean-Paul natola > >>>>> > > <jnat...@hotmail.com> wrote: > > > >>>>>> Hi all, > >>>>>> > >>>>>> > >>>>>> > >>>>>> I am running clamav on a bsd box to scan USB drives, I have two > >>>>>> > > questions, now that it found the virus is there a way to "clean or > > quarentine " > > the infected file"? > > > >>>>>> > >>>>>> also it gave an "OK" result to menekrug.exe see below > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> /mnt/usb/ISPRED/Desktop.ini: Trojan.Agent-155358 FOUND > >>>>>> /mnt/usb/ISPRED/menekrug.exe: OK > >>>>>> /mnt/usb/StarrsAnnLHREWR72.pdf: OK > >>>>>> /mnt/usb/USB Vault/Desktop.ini: Trojan.Agent-155358 FOUND > >>>>>> /mnt/usb/USB Vault/syn.exe: Trojan.Downloader-77313 FOUND > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> _________________________________________________________________ > >>>>>> The New Busy think 9 to 5 is a cute idea. Combine multiple > >>>>>> > > calendars with Hotmail. > > > > http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 > > > >>>>>> _______________________________________________ > >>>>>> Help us build a comprehensive ClamAV guide: visit > >>>>>> > > http://wiki.clamav.net > > > >>>>>> http://www.clamav.net/support/ml > >>>>>> > >>>>>> > >>>>> _______________________________________________ > >>>>> Help us build a comprehensive ClamAV guide: visit > >>>>> > > http://wiki.clamav.net > > > >>>>> http://www.clamav.net/support/ml > >>>>> > >>>> _________________________________________________________________ > >>>> The New Busy is not the too busy. Combine all your e-mail accounts > >>>> > > with Hotmail. > > > > http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4 > > > >>>> _______________________________________________ > >>>> Help us build a comprehensive ClamAV guide: visit > >>>> > > http://wiki.clamav.net > > > >>>> http://www.clamav.net/support/ml > >>>> > >>>> > >>> _______________________________________________ > >>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > >>> http://www.clamav.net/support/ml > >>> _______________________________________________ > >>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > >>> http://www.clamav.net/support/ml > >>> > >> _________________________________________________________________ > >> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with > >> > > Hotmail. > > > > http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 > > > >> _______________________________________________ > >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > >> http://www.clamav.net/support/ml > >> > > > > _________________________________________________________________ > > The New Busy is not the too busy. Combine all your e-mail accounts with > > Hotmail. > > http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4 > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > > > > > > > > > > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml _________________________________________________________________ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
