Anyone else encountering this? I've just got hammered with a
few
>hundred of these in the last hour and a half and I can't quite discern
>what exactly the virii is. There doesn't seam to be a map from ClamAV
>virus naming format to any other. Anyone have a clue of what this virus
>is?
>
> I looked at the quarantine, and it seamed to be just the virii
>payload and no content, file.pif.exe. I've also seen it as a file.zip,
>doc.zip, document.zip, document.pif, rhn.scr, data.zip, message.zip,
>test.zip. There could be more, but I just don't have the time to check
>the payload on all the messages.
>
>-------------------AMAVIS REPORT------------------
>A virus (Worm.SCO.A) was found.
>
>Two banned names (file.pif, .exe) were found.
>
>Scanner detecting a virus: Clam Antivirus-clamd
>
>The mail originated from: <
[email protected]>
>
>According to the 'Received:' trace, the message originated at:
> aol.com (unknown [12.9.171.xxx])
>
>The message WAS NOT delivered to:
><
[email protected]>:
> 550 5.7.1 Message content rejected, id=28441-07 - VIRUS: Worm.SCO.A
>
>Virus scanner output:
> /var/amavisd/tmp/amavis-20040126T141220-28441/parts/part-00002:
>Worm.SCO.A FOUND
>
>The message has been quarantined as:
> /var/amavisd/quarantine/virus-20040126-141800-28441-07
>
>------------------------- BEGIN HEADERS -----------------------------
>Return-Path: <
[email protected]>
>Received: from aol.com (unknown [12.9.171.xxx])
> by mta1.horizonusa.com (Postfix) with ESMTP id DFA572D8106
> for <
[email protected]>; Mon, 26 Jan 2004 14:17:59 -0800
(PST)
>From:
[email protected]
>To:
[email protected]
>Subject:
>Date: Mon, 26 Jan 2004 14:17:47 -0800
>MIME-Version: 1.0
>Content-Type: multipart/mixed;
> boundary="----=_NextPart_000_0010_465EEF13.4CF1817C"
>X-Priority: 3
>X-MSMail-Priority: Normal
>Message-Id: <
[email protected]>
