Re: WARNING. You sent a potential virus or unauthorised code

[mrousseau () LABCAL COM (Maxime Rousseau)]

In Anti-Virus we trust (not).

Its cute to see that my message triggered this Anti-Viral stuff. If I
knew who was that I would be tempted to try again but using the GUID of
the FSO instead of the name itself "FileSystemObject". An also
interesting note is that the anti-virus software did not seem to realise
or maybe does not make the difference between an 'active' script and
script being typed in a plain text message.

Anyone ever tried to use the GUIDs to avoid virus detection? or are they
smart enough to detect them via guid also?

M.

!  -----Original Message-----
!  From: support () messagelabs com [mailto:support () messagelabs com]
!  Sent: Thursday, June 01, 2000 11:31 PM
!  To: owner-vuln-dev () SECURITYFOCUS COM; mrousseau () LABCAL COM;
!  VULN-DEV () SECURITYFOCUS COM
!  Subject: WARNING. You sent a potential virus or unauthorised code
!  
!  
!  The MessageLabs Virus Control Centre discovered a possible 
!  virus or unauthorised code (such as a joke program or trojan)
!  in an email sent by you. 
!  
!  Please read this whole email carefully. It explains what has 
!  happened to your email, which suspected virus has been caught, 
!  and what to do if you need help.
!  
!  
!  ------------------------------------------------------------
!  Some details about the infected message
!  ------------------------------------------------------------
!  
!  To help identify the email:
!  
!  The message was titled 'Re: Outlook/HTML "proggie"'
!  The message date was Thu, 1 Jun 2000 11:07:52 -0400
!  The message identifier was 
!  <9D55A50A449AD311BCDB00E018C124FD0CAEFB@SRV4>
!  The message recipients were 
!      stan.woods () US GASES BOC COM
!  
!  
!  To help identify the virus:
!  
!  Scanner 1 (Skeptic) reported the following:
!  
!  Skeptic searching for 22 viruses
!  /var/qmail/queue/split/0/
!  
!  >>> Possible Virus 'HTML.Worm' variant FileSystemObject 
!  found in file '528387A_1.txt'.
!  Heuristics score: 742
!  
!  
!  The message was diverted into the virus holding pen on
!  mail server server-4.tower-1.london-2.starlabs.net (id 
!  528387_959916650)
!  and will be held for 30 days before being destroyed.
!  
!  
!  ------------------------------------------------------------
!  What should you do now?
!  ------------------------------------------------------------
!  
!  If you sent the email from a corporate network, you should first 
!  contact your local Helpdesk or System Administrator for advice. 
!  They will be able to help you disinfect your workstation.
!  
!  If you sent the email from a personal or home account, you will 
!  need to disinfect your computer yourself. To do this you will 
!  need an anti-virus program. We suggest using one of the leading 
!  industry anti-virus packages such as McAfee, F-Secure or Cybersoft, 
!  which cost £15-£30 per copy. 
!   
!  
!  ------------------------------------------------------------
!  Getting more help
!  ------------------------------------------------------------
!  
!  You may like to read the Support FAQs at 
!  http://www.messagelabs.com/support/FAQs.htm 
!  These will answer many of the most common queries. 
!  
!  If you believe this message to be a false alarm or you require 
!  further assistance, you can email MessageLabs Support at:-
!  
!      support () messagelabs com
!  
!  or contact MessageLabs Helpdesk by telephone on:-
!  
!         +44 (0) 1285 884466
!  
!  Please quote the following Virus Pen ID when contacting Support.
!  <<< mail server server-4.tower-1.london-2.starlabs.net (id 
!  528387_959916650) >>>
!  
!  
!  _____________________________________________________________________
!  This message has been checked for all known viruses by the 
!  MessageLabs Virus Control Centre. For further information visit
!  http://www.messagelabs.com/stats.asp
!  
!