[Mailman-Users] ?? MM2.1b2 Contains code of W32/Nimda.eml ??
Ron Jarrell
jarrell at vt.edu
Thu Jul 11 09:16:36 CEST 2002
At 11:32 PM 7/10/02 -0700, you wrote:
>==============
> mailman-2.1b2.tgz
> ArchiveType: GZ
> --> mailman-2.1b2.tar
> Contains code of W32/Nimda.eml
>==============
>
>Someone please put my mind at ease. Is this a false virus find?
>Before testing the beta (2 mo's ago) I checked with symantec -- No virus.
>With AntiVir (current personal release) the above Nimda virus is 'found'.
>I do not remember the mirror on
><http://sourceforge.net/project/showfiles.php>http://sourceforge.net/project/showfiles.php
>used but I believe it to be the same as Virginia, North America or
>telia.dl.sourceforge.net_sourceforge ...
>
>I repeated the virgina download and rescanned .. same 'virus' code found...
>
>should I be concerned?
>
There's an inactive piece of a nimda file in one of the test files, not
even complete, it's just the mime wrapper that a nimda once came, in, with
the payload replaced by XXXXX; apparently it's just enough to trigger
*that* scanner, but the other scanners realize that it's not the same
file. Your scanner is operating on a *really* narrow pattern, since
there's no payload in the note, it has to be picking up either the subject
of the message in the test file, or the filename of the fake mime attachment...
More information about the Mailman-Users
mailing list