Results 1 to 7 of 7
  1. #1
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Possibly infected email from WOPR

    It's a false positive warning, probably caused by code snippets in the thread starting at <post#=457,772>post 457,772</post: >. You can tell Postini to deliver the message without cleaning it, or just read the thread in the Lounge itself.

  2. #2
    2 Star Lounger
    Join Date
    Jul 2004
    Location
    Hampton, New Hampshire, USA
    Posts
    120
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Possibly infected email from WOPR

    Edited by HansV to reduce image to 640 pixels wide.

    I was not sure where to post this so I will start here. Where I work we pre-filter our email through a third-party operation called Postini. This morning I received a notice from them that it had detected some suspicious emails that it had quarantined. When I logged in to Postini I found that it had quarantined to emails from WOPR. I have attached an image of the information provided by Postini. I just thought someone might want to know about this.
    Attached Images Attached Images
    • File Type: jpg x.jpg (22.0 KB, 1 views)
    <font face="Comic Sans MS">MickeyMouse</font face=comic>
    How best to describe the Lounge-
    "Coming together is a beginning, staying together is progress, working together is success"

  3. #3
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Possibly infected email from WOPR

    This would affect anyone using McAfee's scan engine, which is what Postini uses. Other scan engines do not seem to object to that particular digest.

  4. #4
    5 Star Lounger
    Join Date
    Mar 2001
    Location
    Pickering, Ontario
    Posts
    642
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Possibly infected email from WOPR

    NOD32 also picked up on what appears to be a false positive. My daily archives of Outlook for three days signaled a possible problem. Here's a snap shot of the last one:

    Cheers, Bob
    Attached Images Attached Images
    Regards,
    Bob

  5. #5
    5 Star Lounger
    Join Date
    Mar 2001
    Location
    Pickering, Ontario
    Posts
    642
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Possibly infected email from WOPR

    Just performed a test. It is the message posted <!post=In Outlook,499551>In Outlook<!/post> that is causing NOD32 to report a script problem.

    Here's NOD32's message:
    Attached Images Attached Images
    Regards,
    Bob

  6. #6
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Possibly infected email from WOPR

    It's a bit of a balancing act for AV vendors. In <post#=488,327>post 488,327</post: > it was reported that NOD32 was the best at detecting new, previously unknown viruses. But as you can see, guessing whether code is benign or malign still is an inexact science...

  7. #7
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Salt Lake City, Utah, USA
    Posts
    9,508
    Thanks
    0
    Thanked 6 Times in 6 Posts

    Re: Possibly infected email from WOPR

    Gosh, I'm kind of honored!

    I suppose auntyvirus software that sees something trying to grab the GAL might get a bit nervous. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>
    -John ... I float in liquid gardens
    UTC -7ąDS

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •