[TAG] (forw) Re: Trojan files on TLDP server? (fwd)
rick at linuxmafia.com
Mon Apr 4 21:27:36 MSD 2005
----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----
Date: Mon, 4 Apr 2005 10:27:01 -0700
To: discuss at en.tldp.org
Cc: bwildasi at dslextreme.com
From: Rick Moen <rick at linuxmafia.com>
To: TAG <tag at lists.linuxgazette.net>
Subject: Re: Trojan files on TLDP server? (fwd)
X-Spam-Status: No, score=-3.4 required=5.0 tests=AWL,BAYES_00 autolearn=ham
Quoting Machtelt Garrels (tille at xalasys.com):
> Can somebody look into this? It never happened to me...
> Please confirm if this is fake or not.
What you have there is a pair of false positives. I'm not sure what in
_Linux Gazette_ issue 86 Clamwin thought was an instance of
"Exploit.IFrame.Gen", which I gather is an MS-Outlook exploit. The
_Gazette_ has a feature near the end of many issues where the text of
particularly hilarious spam and/or virus mail is published and mocked,
so that might well be it.
I would guess that the "HTML.Phishing.Bank-1" Clamwin thought it found,
I'd guess it was (likewise) erroneously triggering on the "Spam
Cuteness" item in Jimmy O'Regan's "Linux Launderette" column.
Brian, there's nothing wrong with paying close attention to your
anti-virus software if you're on MS-Windows, but you'll want to read the
results with at least a little skepticism: For one thing, given that
the _Linux Gazette_ files are a magazine, and that you read the contents
rather than executing it as a program, it's unclear to me how -- even if
every issue were packed chock-a-block with MS-Windows worms, trojans,
viruses, and exploits -- those could have been anything but inert
You may indeed have an alarmingly open "port 5400" on your MS-Windows XP
box, of course -- for entirely independent reasons. Good luck with that.
Cheers, * Contributing Editor, Linux Gazette *
Rick Moen -*- See the Linux Gazette in its new home: -*-
rick at linuxmafia.com <http://linuxgazette.net/>
----- End forwarded message -----
More information about the TAG