 |
 | Win server 2003...help with log?? |  |
|
blueteg01
|
|
OK guys I just downloaded clamwin and this is what my first scan log came up with!
What do I do about the email.phishing.bank-18?????? Any help? Scan started: Mon Nov 13 16:38:17 2006 C:\Documents and Settings\All Users\.clamwin\quarantine\infected.0AFB9CCFd01: HTML.Phishing.Gold FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\000004440160811200600000DDC.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\0003e1449160811200600000DEA.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\0005d4440160811200600000DDD.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\00148422219031120060000067C.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\001961120130811200600000D7C.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\002324509130811200600000D79.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\002421729160811200600000DCC.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\002424340160811200600000DD5.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\00251013001271020060000063F.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\002611729160811200600000DCD.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\002804340160811200600000DD6.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\002902225160811200600000DCB.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\002bf4340160811200600000DD7.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\002ce542516121120060000042C.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\002ee1349160811200600000DE6.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\002ee3844160811200600000DE2.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\002fd5233160811200600000DD0.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\0030d1349160811200600000DE7.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\0030d4340160811200600000DD8.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\0032c0456160811200600000DEE.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\0032c5233160811200600000DD1.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\0033c3844160811200600000DE3.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\0033c4340160811200600000DD9.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\0034b0456160811200600000DEF.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\0034b1349160811200600000DE8.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\0036b4340160811200600000DDA.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\0037a5233160811200600000DD2.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\00399560620121120060000048F.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\003a94340160811200600000DDB.BAD: Email.Phishing.Bank-18 FOUND C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\003b91349160811200600000DE9.BAD: Email.Phishing.Bank-18 FOUND -- summary -- Known viruses: 76734 Engine version: 0.88.5 Scanned directories: 3037 Scanned files: 122590 Infected files: 31 |
|||||||||||
|
|||||||||||||
 |
| |
|
budtse
|
|
Reading the log, i believe you set the behaviour of clamwin to "Report only". Therefore, infected files will not be moved or removed.
I advize you to set the preference (Configure ClamWin > General tab) to "Move to quarantine folder" and then scan the directories listed in the log again. This should move the files to the quarantine folder. If your system works correctly after that, you can manually delete the files from quarantine. PS: there currently is a known bug that causes some files not to be moved if a a file with the same name is in quarantine. If you see that in the log ("file excluded"), just delete the file manually. The next version will have a fix for this. |
|||||||||||
|
|||||||||||||
|
| |
|
sherpya
|
|
the bug happens when filename are identicals, I think it's not so dangerous, it seams that the email server received a lot of phishing emails not really viruses
|
|||||||||||
|
|||||||||||||
|
| Phishing Found | |
|
GuitarBob
|
|
You probably should use anti-spyware/phishing along with ClamWin. Malware is beginning to straddle the line between virus/spyware/phishing/malware. That should give you some extra measure of protection.
Regards, |
|||||||||||
|
|||||||||||||
|
 | Win server 2003...help with log?? | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.