Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

virus scanning linux mailbox files

  
   Security Forums (Home) -> General Discussions RSS
Next:  Looking for info on How To Keylogger virus>&gt..  
Author Message
JP

External


Since: Sep 17, 2003
Posts: 2



(Msg. 1) Posted: Wed Sep 17, 2003 10:25 pm
Post subject: virus scanning linux mailbox files
Archived from groups: alt>comp>virus (more info?)
Anyone know if there is a tool to scan a linux mailbox file?

f-prot will scan the file as clean but when an attachment from an email is
saved as a file f-prot will detect the Backdoor.Rado / W32/Tepora.A trojan.

I only ask because AVG and EZ did not pick up the trojan, only F-Prot
identified it.

Cheers

Jules

--
There are 10 types of people in this world...
those that understand binary and those that don't.

 >> Stay informed about: virus scanning linux mailbox files 
Back to top
Login to vote
Ian.H [dS]

External


Since: Jul 04, 2003
Posts: 62



(Msg. 2) Posted: Wed Sep 17, 2003 11:08 pm
Post subject: Re: virus scanning linux mailbox files [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?)
This message is not archived

 >> Stay informed about: virus scanning linux mailbox files 
Back to top
Login to vote
JP

External


Since: Sep 17, 2003
Posts: 2



(Msg. 3) Posted: Thu Sep 18, 2003 2:41 pm
Post subject: Re: virus scanning linux mailbox files [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Ian.H [dS]" <ian.RemoveThis@WINDOZEdigiserv.net> wrote in message
news:pan.2003.09.17.23.09.19.621395@hybris.digiserv.net...
> On Wed, 17 Sep 2003 23:25:27 +0000, JP wrote:
>
> > Anyone know if there is a tool to scan a linux mailbox file?
> >
> > f-prot will scan the file as clean but when an attachment from an email
is
> > saved as a file f-prot will detect the Backdoor.Rado / W32/Tepora.A
> > trojan.
> >
> > I only ask because AVG and EZ did not pick up the trojan, only F-Prot
> > identified it.
> >
> > Cheers
> >
> > Jules
>
>
> f-prot scans my mail dir just fine.. what switches did you use? I use for
> example:
>
>
> f-prot /var/mail -archive -packed -collect -dumb
>
>
> It's detected sobig.f and a few others so far without issue.

Nope, didn't work Sad

I even upgraded f-prot from 3.12 ro 4.2.1 and updated the signatures again.
Output posted below

<Scanning the mail file...>
# ./f-prot /var/spool/mail/jpar -archive -packed -collect -dumb
Virus scanning report - 18 September 2003 @ 8:54
F-PROT ANTIVIRUS
Program version: 4.2.1
Engine version: 3.13.4
VIRUS SIGNATURE FILES
SIGN.DEF created 17 September 2003
SIGN2.DEF created 17 September 2003
MACRO.DEF created 15 September 2003
Search: /var/spool/mail/
Action: Report only

Files: "Dumb" scan of all files
Switches: -ARCHIVE -PACKED -COLLECT

Results of virus scanning:
Files: 1
MBRs: 0
Boot sectors: 0
Objects scanned: 3
Time: 0:32
No viruses or suspicious files/boot sectors were found.

<Scanning a file extracted from the mail file...>
# f-prot DavidKelley.voice.pif -archive -packed -collect -dumb Virus
scanning report - 18 September 2003 @ 9:00
F-PROT ANTIVIRUS
Program version: 4.2.1
Engine version: 3.13.4
VIRUS SIGNATURE FILES
SIGN.DEF created 17 September 2003
SIGN2.DEF created 17 September 2003
MACRO.DEF created 15 September 2003
Search: DavidKelley.voice.pif
Action: Report only
Files: "Dumb" scan of all files
Switches: -ARCHIVE -PACKED -COLLECT
/home/guest/DavidKelley.voice.pif Infection: W32/Tepora.A (exact)
Results of virus scanning:
Files: 1
MBRs: 0
Boot sectors: 0
Objects scanned: 1
Infected: 1
Suspicious: 0
Disinfected: 0
Deleted: 0
Renamed: 0
Time: 0:00
#

Do I need the mail server version?

JP
 >> Stay informed about: virus scanning linux mailbox files 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
about virus - Hello, Help me please. When I browse internet, I often get virus warning messages: Virus name: W32/Deloder.worm Infected file: C:\WINNT\system32\Dvldr32.exe and Virus name: BackDoor-ARG.dr Infected file: C:\WINNT\system32\inst.exe Neither files can be....

Virus SW registration for updates - I have an older version of Norton Antivirus that Norton no longer supports. I do not have to pay a subscription for updating my .dat files. Does all of the newer Software require that users pay such a subscription? Would anyone have any idea why Norto...

Have I a virus? - Avery now and then, randomly, no pattern a loud duck quack sounds from my computer. I have no WAV file ion my system for this and have searched evrywhere for something that would explain it. I have SPY BOT and AD-ware installed. n uptodate virus cvheck....

Unable to delete files - When moving files to a folder on a portable hd, received an error message, and was unable to move files. Upon investigation, found two files in the folder that were strange: g -11124221 G 1128444332 or something like this. I moved the other files....

virus to avoid illegal copy.... please help - Well about polyboot 512... I need that virus becuase I think (yes I use to do that) that could help to fight agains illegal copy from my software... actually I am using license control software to distribute my software along with the hole pc. my BIG...
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]