[Mimedefang] sobig virus slipping by mcafee.
Jason Englander
jason at englanders.cc
Tue Sep 2 18:39:01 EDT 2003
On Tue, 2 Sep 2003, Lucas Albers wrote:
> If you want to look at the message you can download it from:
> http://www.cs.montana.edu/support/mimedefang/PART.1.BODY.gz
I've only spent about 30 seconds with it, but if it helps to know any -
I extracted the movie0045.pif attachment out of it with uudeview. Here's
what I got with various scanners after scanning it:
uvscan:
Found the W32/Sobig.f at MM virus !!!
clamscan:
movie0045.pif: Worm.Sobig.F FOUND
antivir:
ALERT: [Worm/Sobig.F virus] movie0045.pif <<< Contains signature of the worm Worm/Sobig.F
File::Scan:
movie0045.pif Infection: W32/Sobig.f at MM
Anyway, causes to slip by can include variants detected by one, but not
another, badly formed MIME that MIME::tools can't decode, you name it...
"mimedefang.pl -structure" may shed some light on it.
If anything truly does make it past clamav, send it to
virus at clamav.elektrapro.com and we'll add a signature to clamav's virus
db for it.
Jason
--
Jason Englander <jason at englanders.cc>
394F 7E02 C105 7268 777A 3F5A 0AC0 C618 0675 80CA
More information about the MIMEDefang
mailing list