I recieved a suspicious e-mail
checked - it - saved it . no problems
scanned it with avast - no problems
opened the entire mail in flat ascii and looked at it …
SURE its a virus
scanned it with
NAV AVG PANDA TRUST MACAFEE and about 7 other online scanenrs
All negative…
Im Still sure its a virus
Scanned it with
Kaspersky
Infected I-Worm-Swen variant.
Copied out the hex and saved it
(still nothing from any of them )
except kaspersky again .
Trust me the hex IS a varient of swen that attempts to autorun on ms mail systems
Have sent it to avast for them to inspect
Secondly
I have avast ( which I am truly happy with)
I have it on maximum settings and the pop scanner on.
The incoming pop scanner says it scans messages but doesn’t ever find a virus – the virus’s are caught only if I try to launch/save them by the standard shield.
did you try runnind the mailprotection wizard again ?
No , it doesn’t work for mozilla 1.6 properly did it manually
is the Mailscanner module shown as active/running ?
Yes
What Mailprogram do you use ? how are the options set there ?
Mozilla 1.6 - set as per instructions
did you try sending yourself the eicar.com testfile ? (from www.eicar.com ) … what happens then ?
Yes - it catches it when I send it - catches it if i try to launch it but ignores it when it is sent to me .
That is point 2 of my mail covered - but I hope I can get it fixed .
Point 1 is a real problem - sent the file to all the av vendors it failed on and I have decomplied the file and im 99% sure its a swen variant - doesnt effect anyone using standard mail clients - only if they use outlook / exchange
Kaspersky detected this but none of the others did? hmm strange
Kaspersky’s unknown virus detection module must have found it.
how are you sure it is a swen variant??? ???
I have it on maximum settings and the pop scanner on.
The incoming pop scanner says it scans messages but doesn’t ever find a virus – the virus’s are caught only if I try to launch/save them by the standard shield.
What mail client do you use?
Have you completed the Mail Protection Wizard? (Start menu → avast antivirus group)
Have you completed the Mail Protection Wizard? (Start menu → avast antivirus group)
It doesn’t work on mozilla 1.6 so I configureed it manually as per the instructions ( ie these are the changes etc etc.)
Mail scanner is running .
I watch it - little icon flashes and i see the file names and it puts its footer on all outgoing messages and detects viruses on them … I watch it recieve messages the box comes up and if you watch the scanner it says the right file names but … doesn’t actually seem to do anything apart from that … no footer no virus detection - it has the file name as the last scanned but every virus gets through – they are ALL caught by the standard shield if attempted to be launched or saved … Extremely impressed with the standard scanner … it caught 7 mydooms that were went / arrived 2.00am GMT on day 1 … ( pop scanner missed them though ) and its stopping the general swens ( apart from the one i mentioned above) brilliantly … the standard scanner cant be faulted !!
So the last scanned file of the Internet Mail provider does show the infected e-mail, but the virus is not detected? :o That’s VERY strange…
Are you sure you have the INCOMING server set to 127.0.0.1 and it’s coming through avast? (i.e. the last scanned file doesn’t refer to an outbound message)?
I think I may have found the problem - and its my fault - not quite sure how to fix it yet .
I have spampal running and i tried at first to get avast to run with it using the help/config options and i may have hurt my ini file ( i changed the default pop server to 9110 ) - but as i couldnt get my mail to send or recieve i used the config setup in spampal to cahne its listening ports as the config is easier and they have a rather good explaination on how to get spampal working with avast http://www.spampal.org/usermanual/antivirus/avast/avast.htm
i had assumed that logging etc. was disabled in home version so have just been using firewall and spampal logs to try to find error - but im thinking now that its what i did to the inin file maybe thats causing a problem ?
Can i get another one or do i have to just reinstall ? - reinstall wont hurt as the outoconfig for mozilla didnt pick up any of my accounts anyway but i thinks thats due to the new structure of prefs.js that has been implementeed in 1.6
okay - i now have avast to the state where it says
wont be able to protect incoming mail pop error code 10049 - can you point me in right direction to resolve ??
Not in incoming it doesnt
header on inc
7bit
X-Bayesian-Result:
Spam (100)
X-Bayesian-Words:
7bit 99 about 99 against 99 attached 99 available 99 clicking 99 delivered 99 description 99 enterprise 99 free 99 help 99 impact 99 install 99 latest 99 linux 99
X-RegEx-Score:
35.9
X-RegEx:
[35.9] UNSUB_PAGE URL of page called “unsubscribe”
X-SpamPal:
PASS
on outgoing
X-Mozilla-Status:
0001
X-Mozilla-Status2:
06000000
User-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.5) Gecko/20031007 Netscape/7.1
X-Accept-Language:
en-gb, en, en-us
MIME-Version:
1.0
Content-Type:
text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding:
7bit
X-Antivirus:
avast! (VPS 29/01/2004), Outbound message
X-Antivirus-Status:
Clean
X-Bayesian-Result:
Spam (100)
X-Bayesian-Words:
7bit 99 alwil 99 antivirus 99 avast 99 avast! 99 clean 99 copyright 99 dominic 99 dominicmd 99 en-gb 99 en-us 99 excalibur 99 fairfax 99 mime-version 99 mta03-svc 99
X-RegEx-Score:
63.5
X-RegEx:
[109.6] FROM_AND_RECEIVED_DO_NOT_MATCH FQDN in From and Received header do not match
X-RegEx:
[-49.8] USER_AGENT_MOZILLA_UA User-Agent header indicates a non-spam MUA (Mozilla)
X-RegEx:
[0.0] X_ACCEPT_LANG Has a X-Accept-Language header
X-RegEx:
[3.7] TO_HAS_SPACES To: address contains spaces
X-SpamPal:
PASS A-WLIST EMAIL
X-Wlist-Pattern:
working fine
In mozilla
Server name
Localhost
Port 9110
username localhost#username@popservername
It just keeps on coming up with password incorrect
Have also tried it with
port 110
to see if bypassing spampal works
If avast uses port 110 and SpamPal uses port 9110, mozilla account should be set to
Server name: localhost
Port: 9110
Username: username#popservername@localhost