Re: Some of y'all might like this (virus link)

[<michael.blanchard () emc com>]

I've seen that issue with VirusTotal and McAfee detections late last year with Downloader.cjx.  virustotal said that 
Mcafee detected it, and yet when I performed my own test using the latest McAfee engine/DATs, McAfee really did not 
detect it.

 Mike B

Michael P. Blanchard
Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management
EMC ² Corporation
32 Coslin Drive
Southboro, MA 01772


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Nick FitzGerald
Sent: Wednesday, January 19, 2011 1:42 PM
To: 'funsec'
Subject: Re: [funsec] Some of y'all might like this (virus link)

Thomas J. Raef to Chris Boyd:

> > This came in a spam today.
> >
> > http download card.exe from 200.223.205.137
> >
> > Don't know what it is, but ClamAV latest version for Mac says it's not
> > hostile.  Funny, but I don't beleive that.
>
> [>] <sarcasm>Wait! It's not harmful to a "Mac", right? They're not
> vulnerable to viruses are they?</sarcasm>
>
> So ClamAV must know that and therefore doesn't think it's harmful. 

It seems odd that it was not detected, as according to this:

   
http://www.virustotal.com/file-scan/report.html?id=4cc69ba312e2554f3070468398f339b44210ad4838c24ebe50debf02de3e019c-1294820720

ClamAV has been detecting that file since at least 2011-01-12 08:25:20 
UTC...



Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.