[Dshield] do I have a virus?

Doug White doug at clickdoug.com
Fri Mar 5 15:21:50 GMT 2004




----- Original Message ----- 
From: "Rick Klinge" <rick at jaray.net>
To: "'General DShield Discussion List'" <list at dshield.org>
Sent: Friday, March 05, 2004 7:49 AM
Subject: RE: [Dshield] do I have a virus?


:
:
: > I'm on a number of mailing lists and tonight, one of the
: > digests that I'm on came with a message in it from my email
: > addy that I did not send.  The subject was:
: >
: >                          ello! =))
: >
: >  and the text in the message was:
: >
: >                    The access is  open  !!!
: >
: >                    password for archive: 56853
: >
: > Are these symptoms of a known virus or has someone maybe
: > spoofed my email address?  I use NIS, update virus protection
: > almost every other day and use the NIS firewall.  Am running
: > a virus scan right now on my pc.
: >
: > Cheryl
: >
: >
: >
: >
:
: Yes that is virus. Do not open it.  Most AV will not catch this as it uses
: dynamically encrypted zip files.
:
: ~Rick
:

I am not sure how it is working on my system, but my incoming mail routes
through my gateway server which uses ANTIVIR, (not catching the zip files) and
then relays to my primary mail server.  When I POP the mail to my desktop, which
is equipped with ZoneAlarm Pro (with mailsafe)   the contents of the
virus-infected zip files are reduced to zero-byte files. Zone Alarm also renames
the extensions of executable attachments as well as zip files to "ZL0."  I don't
have any specific rules on either server to do this, but it has kept me
protected thus far even with all the new stuff being put into circulation by the
virus warring factions.  I discovered this when trying to submit the new ones to
Symantec as they will not accept the zip file, but only the content.

-Doug
======================================
Stop spam on your domain, Anti-spam solutions
http://www.clickdoug.com/mailfilter.cfm
For hosting solutions http://www.clickdoug.com
======================================
If you woke up breathing, congratulations! You have been given another chance!




More information about the list mailing list