Vulnerability Development mailing list archives
Re: WARNING. You sent a potential virus or unauthorised code
From: mrousseau () LABCAL COM (Maxime Rousseau)
Date: Fri, 2 Jun 2000 08:51:59 -0400
In Anti-Virus we trust (not). Its cute to see that my message triggered this Anti-Viral stuff. If I knew who was that I would be tempted to try again but using the GUID of the FSO instead of the name itself "FileSystemObject". An also interesting note is that the anti-virus software did not seem to realise or maybe does not make the difference between an 'active' script and script being typed in a plain text message. Anyone ever tried to use the GUIDs to avoid virus detection? or are they smart enough to detect them via guid also? M. ! -----Original Message----- ! From: support () messagelabs com [mailto:support () messagelabs com] ! Sent: Thursday, June 01, 2000 11:31 PM ! To: owner-vuln-dev () SECURITYFOCUS COM; mrousseau () LABCAL COM; ! VULN-DEV () SECURITYFOCUS COM ! Subject: WARNING. You sent a potential virus or unauthorised code ! ! ! The MessageLabs Virus Control Centre discovered a possible ! virus or unauthorised code (such as a joke program or trojan) ! in an email sent by you. ! ! Please read this whole email carefully. It explains what has ! happened to your email, which suspected virus has been caught, ! and what to do if you need help. ! ! ! ------------------------------------------------------------ ! Some details about the infected message ! ------------------------------------------------------------ ! ! To help identify the email: ! ! The message was titled 'Re: Outlook/HTML "proggie"' ! The message date was Thu, 1 Jun 2000 11:07:52 -0400 ! The message identifier was ! <9D55A50A449AD311BCDB00E018C124FD0CAEFB@SRV4> ! The message recipients were ! stan.woods () US GASES BOC COM ! ! ! To help identify the virus: ! ! Scanner 1 (Skeptic) reported the following: ! ! Skeptic searching for 22 viruses ! /var/qmail/queue/split/0/ ! ! >>> Possible Virus 'HTML.Worm' variant FileSystemObject ! found in file '528387A_1.txt'. ! Heuristics score: 742 ! ! ! The message was diverted into the virus holding pen on ! mail server server-4.tower-1.london-2.starlabs.net (id ! 528387_959916650) ! and will be held for 30 days before being destroyed. ! ! ! ------------------------------------------------------------ ! What should you do now? ! ------------------------------------------------------------ ! ! If you sent the email from a corporate network, you should first ! contact your local Helpdesk or System Administrator for advice. ! They will be able to help you disinfect your workstation. ! ! If you sent the email from a personal or home account, you will ! need to disinfect your computer yourself. To do this you will ! need an anti-virus program. We suggest using one of the leading ! industry anti-virus packages such as McAfee, F-Secure or Cybersoft, ! which cost £15-£30 per copy. ! ! ! ------------------------------------------------------------ ! Getting more help ! ------------------------------------------------------------ ! ! You may like to read the Support FAQs at ! http://www.messagelabs.com/support/FAQs.htm ! These will answer many of the most common queries. ! ! If you believe this message to be a false alarm or you require ! further assistance, you can email MessageLabs Support at:- ! ! support () messagelabs com ! ! or contact MessageLabs Helpdesk by telephone on:- ! ! +44 (0) 1285 884466 ! ! Please quote the following Virus Pen ID when contacting Support. ! <<< mail server server-4.tower-1.london-2.starlabs.net (id ! 528387_959916650) >>> ! ! ! _____________________________________________________________________ ! This message has been checked for all known viruses by the ! MessageLabs Virus Control Centre. For further information visit ! http://www.messagelabs.com/stats.asp ! !
Current thread:
- Re: WARNING. You sent a potential virus or unauthorised code Maxime Rousseau (Jun 02)