[Mailman-Users] ?? MM2.1b2 Contains code of W32/Nimda.eml ??

[Ron Jarrell]

At 11:32 PM 7/10/02 -0700, you wrote:
>==============
>   mailman-2.1b2.tgz
>   ArchiveType: GZ
>     --> mailman-2.1b2.tar
>         Contains code of W32/Nimda.eml
>==============
>
>Someone please put my mind at ease. Is this a false virus find?
>Before testing the beta (2 mo's ago) I checked with symantec -- No virus.
>With AntiVir (current personal release) the above Nimda virus is 'found'. 
>I do not remember the mirror on 
><http://sourceforge.net/project/showfiles.php>http://sourceforge.net/project/showfiles.php 
>used but I believe it to be the same as Virginia, North America or 
>telia.dl.sourceforge.net_sourceforge ...
>
>I repeated the virgina download and rescanned .. same 'virus' code found...
>
>should I be concerned?
>

There's an inactive piece of a nimda file in one of the test files, not 
even complete, it's just the mime wrapper that a nimda once came, in, with 
the payload replaced by XXXXX; apparently it's just enough to trigger 
*that* scanner, but the other scanners realize that it's not the same 
file.  Your scanner is operating on a *really* narrow pattern, since 
there's no payload in the note, it has to be picking up either the subject 
of the message in the test file, or the filename of the fake mime attachment...