funsec mailing list archives
Re: Some of y'all might like this (virus link)
From: Peter Kosinar <goober () nuf ksp sk>
Date: Wed, 19 Jan 2011 20:59:28 +0100 (CET)
This came in a spam today. http download card.exe from 200.223.205.137 Don't know what it is, but ClamAV latest version for Mac says it's not hostile. Funny, but I don't beleive that.[>] <sarcasm>Wait! It's not harmful to a "Mac", right? They're not vulnerable to viruses are they?</sarcasm> So ClamAV must know that and therefore doesn't think it's harmful.It seems odd that it was not detected, as according to this:
The detection name might explain it easily -- "PUA.IRC-Client.mIRC-3".
Quick look at ClamAV manpage confirms that PUAs aren't reported by
default:
--detect-pua[=yes/no(*)]
Detect Possibly Unwanted Applications.
http://www.virustotal.com/file-scan/report.html?id=4cc69ba312e2554f3070468398f339b44210ad4838c24ebe50debf02de3e019c-1294820720 ClamAV has been detecting that file since at least 2011-01-12 08:25:20 UTC...
Cheers, Peter _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Some of y'all might like this (virus link) Chris Boyd (Jan 19)
- Re: Some of y'all might like this (virus link) Thomas J. Raef (Jan 19)
- Re: Some of y'all might like this (virus link) Nick FitzGerald (Jan 19)
- Re: Some of y'all might like this (virus link) michael.blanchard (Jan 19)
- Re: Some of y'all might like this (virus link) Peter Kosinar (Jan 19)
- Re: Some of y'all might like this (virus link) Chris Boyd (Jan 19)
- Re: Some of y'all might like this (virus link) Nick FitzGerald (Jan 19)
- Re: Some of y'all might like this (virus link) Thomas J. Raef (Jan 19)