You are not logged in.
i was running avast antivirus for windows when it found a virus in the mailcap package
extract the mailman package..
browse to /home/mailman/tests/msgs/nimda.txt
i suppose that the virus scanner went crazy cause of the title of the file, but is that supposed to happen..?weird..(note: i set the scan to "thorough scan" and "scan within archives")
anyway, for anyone who's interested..the contents of the file are :
------------------------------------------------------------------------
Received: from tom.interq.or.jp (tom.interq.or.jp [210.172.128.229])
by imap.interq.or.jp with ESMTP id f8J1sCHb006936
for <ben@gmo.jp>;
Wed, 19 Sep 2001 10:54:13 +0900 (JST)
Received: from master.debian.org (mail@master.debian.org [216.234.231.130])
by tom.interq.or.jp with ESMTP id f8J1sAS04533
for <ben@gmo.jp>; ) Wed, 19 Sep 2001 10:54:11 +0900 (JST)
Date: Wed, 19 Sep 2001 10:54:11 +0900 (JST)
From: <crt@kiski.net>
Subject: C:WINNTmmc.exebqinsghtmstaskicwconnhtml helpdialerhypertrmgotodlgmsicwie6bakieexbqqviewie6bakeudcediticwdldwintlreadmehypertrmmsicwnpbqv32hypertrmicwhelpieexmscreatehmmapiwrite32npbqs32fixiehtml helpicwconn1write32ie6setupicwtutorieexsupportsetuphtml helplover.com.install
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="====_ABC1234567890DEF_===="
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1
--====_ABC1234567890DEF_====
Content-Type: multipart/alternative;
boundary="====_ABC0987654321DEF_===="
--====_ABC0987654321DEF_====
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD><BODY bgColor=3D#ffffff>
<iframe src=3Dcid:EA4DMGBP9p height=3D0 width=3D0>
</iframe></BODY></HTML>
--====_ABC0987654321DEF_====--
--====_ABC1234567890DEF_====
Content-Type: audio/x-wav;
name="readme.exe"
Content-Transfer-Encoding: base64
Content-ID: <EA4DMGBP9p>
XXXX
--====_ABC1234567890DEF_====
-----------------------------------------------------------------------------------
i dont understand any of this at all..so can anyone please explain what this means, and why the scanner might have picked up this file... thanks ..
Offline
According to this [URL=http://www.cert.org/advisories/CA-2001-26.html]security advisory[/URL], Nimda was a worm in late 2001. I guess that file in the package is for testing mailman's worm blocking (judging from the filename, I've never seen/used mailman before).
Ailen:
Kernel: Linux 2.6.14-rc4-ck1 #1 PREEMPT
Built on: Mon Oct 17 14:51:37 CEST 2005
Hardware: Mobile AMD Sempron(tm) Processor 2800+ AuthenticAMD
WM: E17 snapshot 20051016
Offline