Thank you Edward,
It looks like the newer version of Clam do indeed find it. Now to look up
cleaning instructions, I have a few users that I didn't warn in time.
The output is as follows:
ClamAV Version running:
ClamAV 0.87.1/1254/Fri Jan 27 18:22:39 2006
ClamAV scans the file ...
Clamav-Output:
/tmp/php8xhSKX: Trojan.Brepibot.L FOUND
And found something:
Trojan.Brepibot.L
Since clamav already recognizes the content you submitted there is no reason
to resubmit it.
/-----------------------------------------
| Bryan Murphy, CISSP
| Information Technology Coordinator
| MSU Plant Research Lab and Plant Biology
| http://infotech.prl.msu.edu
\-----------------------------------------
-----------[ 1/27/06 1:29 PM [log in to unmask] ]--------------
>
> Bryan,
>
> This is definitely a virus. It was just recently added to ClamAV virus
> definitions as Trojan.Brepibot.L, BehavesLike:Win32.IRC-Backdoor
> (Bitdefender).
>
> Looks to be a variant of this virus from November.
> "A backdoor Trojan that is remotely controlled via Internet Relay Chat
> (IRC). It exploits Sony BMG Digital Rights Management (DRM) software to hide
> its presence."
>
> The mail.msu.edu system is catching these now as of around 1pm. If anyone
> would like to help out with updates to ClamAV, we first try the online
> scanner to make sure there's nothing wrong with our version of ClamAV:
> http://test-clamav.power-netz.de/
>
> and if the online scanner doesn't detect the file/message as a virus we then
> submit the sample at: http://cgi.clamav.net/sendvirus.cgi (all links from
> the main www.clamav.net webpage)
>
> You can also send possible virus samples to [log in to unmask] if you'd rather
> have us look at the virus and submit it to ClamAV.
>
> -Ed
>
|