Ubuntu
nepenthes package

  1. Bug #592871
  2. Comment #12

Comment 12 for bug 592871

Revision history for this message
Thomas Mashos (tgm4883) wrote :

Running a manual scan on the downloaded orig.tar.gz from an apt-get source produces the following 7 alerts.

Scan Type: Manual Scan
Event: Threat Found!
Threat: VBS.LoveLetter.A
File: /home/thomas/code/pymilter-milters_0.8.13.orig.tar.gz>>/home/th...>>pymilter-milters-0.8.13/test/virus1
Location: Quarantine
Computer: earth
User: root
Action Taken: Quarantine succeeded
Date found: Thu 09 Sep 2010 02:02:47 PM PDT

Scan Type: Manual Scan
Event: Threat Found!
Threat: VBS.LoveLetter.A
File: /home/thomas/code/pymilter-milters_0.8.13.orig.tar.gz>>/home/th...>>pymilter...>>LOVE-LETTER-FOR-YOU.TXT.vbs
Location: Quarantine
Computer: earth
User: root
Action Taken: Quarantine succeeded
Date found: Thu 09 Sep 2010 02:02:47 PM PDT

Scan Type: Manual Scan
Event: Threat Found!
Threat: W32.Nimda.enc
File: /home/thomas/code/pymilter-milters_0.8.13.orig.tar.gz>>/home/th...>>pymilter-milters-0.8.13/test/virus4
Location: Quarantine
Computer: earth
User: root
Action Taken: Quarantine succeeded
Date found: Thu 09 Sep 2010 02:02:47 PM PDT

Scan Type: Manual Scan
Event: Threat Found!
Threat: W32.Nimda.enc
File: /home/thomas/code/pymilter-milters_0.8.13.orig.tar.gz>>/home/th...>>pymilter...>>Unknown0000002E.data
Location: Quarantine
Computer: earth
User: root
Action Taken: Quarantine succeeded
Date found: Thu 09 Sep 2010 02:02:47 PM PDT

Scan Type: Manual Scan
Event: Threat Found!
Threat: W32.Aliz.Worm
File: /home/thomas/code/pymilter-milters_0.8.13.orig.tar.gz>>/home/th...>>pymilter-milters-0.8.13/test/virus5
Location: Quarantine
Computer: earth
User: root
Action Taken: Quarantine succeeded
Date found: Thu 09 Sep 2010 02:02:47 PM PDT

Scan Type: Manual Scan
Event: Threat Found!
Threat: W32.Aliz.Worm
File: /home/thomas/code/pymilter-milters_0.8.13.orig.tar.gz>>/home/th...>>pymilter...>>Unknown0000002E.data
Location: Quarantine
Computer: earth
User: root
Action Taken: Quarantine succeeded
Date found: Thu 09 Sep 2010 02:02:47 PM PDT

Scan Type: Manual Scan
Event: Threat Found!
Threat:
File: /home/thomas/code/pymilter-milters_0.8.13.orig.tar.gz
Location: Quarantine
Computer: earth
User: root
Action Taken: Quarantine succeeded
Date found: Thu 09 Sep 2010 02:02:47 PM PDT

Interestingly enough, when I run it on the pymilter-milters directory, I only get the following 3 alerts

Scan Type: Manual Scan
Event: Threat Found!
Threat: W32.Aliz.Worm
File: /home/thomas/code/pymilter-milters-0.8.13/test/virus5
Location: Quarantine
Computer: earth
User: root
Action Taken: Quarantine succeeded
Date found: Thu 09 Sep 2010 02:06:34 PM PDT

Scan Type: Manual Scan
Event: Threat Found!
Threat: VBS.LoveLetter.A
File: /home/thomas/code/pymilter-milters-0.8.13/test/virus1
Location: Quarantine
Computer: earth
User: root
Action Taken: Quarantine succeeded
Date found: Thu 09 Sep 2010 02:06:34 PM PDT

Scan Type: Manual Scan
Event: Threat Found!
Threat: W32.Nimda.enc
File: /home/thomas/code/pymilter-milters-0.8.13/test/virus4
Location: Quarantine
Computer: earth
User: root
Action Taken: Quarantine succeeded
Date found: Thu 09 Sep 2010 02:06:34 PM PDT

As these are Symantec detections, and threat names vary between different AV vendors information for these threats can be found at
http://www.symantec.com/business/security_response/index.jsp