[Dshield] Possible virus

Neil Richardson neilr at ieee.org
Thu Jun 20 17:51:23 GMT 2002

At 08:40 AM 6/20/2002, you wrote:
>Errhhh, who's sending vcf's
>This was caught by John's Sanitizer just now.............
>REPORT: Trapped poisoned executable "MercyMail at mindspring.com.vcf"
>REPORT: Not a document, or already poisoned by filename. Not scanned for
>STATUS: Message quarantined in /var/spool/mail/quarantine, not delivered to
>Headers from message:
> > From list-admin at dshield.org  Thu Jun 20 17:35:55 2002
> > Return-Path: <list-admin at dshield.org>

    The original message was from Mercymail at mindspring.com, with the 
subject line of "[Dshield] Questions from list newbie".

    My Norton A/V (2002, definitions current as of this moment) doesn't 
report the file as infected, and it contains the following plaintext:

---------- Begin Cut 'n Paste ----------
N:;MercyMail at mindspring.com
FN:MercyMail at mindspring.com
EMAIL;PREF;INTERNET:MercyMail at mindspring.com
---------- End Cut 'n Paste ----------

    My guess is that the file/message is not actually infected, but that 
your A/V program got nervous (which isn't a bad idea) when it saw the 
.com.xyz double-extension.

-Neil R.

Supreme Lord High Commander and Keeper of the Holy Potato
Random thought for the day:

    WindowError:01D Unable to figure out our own code.

More information about the list mailing list