• NETF096.ZIP

    From Janis Kracht@1:261/38 to All on Wed Oct 4 16:15:36 2006
    This file has two suspicious files in it, so it's been removed from distribution (thanks for the report, Vince :) ) I've contacted the author and asked him to check his system, and send me another copy :)

    Normally I wouldn't be so concerned with a 'suspicious' file as I know various checkers can get false positives, but two files bothered me a bit :)

    Take care,
    Janis

    --- BBBS/LiI v4.01 Flag-5
    * Origin: Prism bbs (1:261/38)
  • From mark lewis@1:3634/12 to Janis Kracht on Thu Oct 5 00:13:47 2006

    This file has two suspicious files in it, so it's been removed from distribution (thanks for the report, Vince :) ) I've contacted the
    author and asked him to check his system, and send me another copy
    :)

    the author uploads his netfossil releases directly to my system... i've not had
    any false positives indicated... as a double check, i just extracted his uploaded version of netf096.zip across my lan and my up to date avast scanner didn't fuss... i ran a scan on that specific test folder and still turned up a clean set...

    Normally I wouldn't be so concerned with a 'suspicious' file as I
    know various checkers can get false positives, but two files
    bothered me a bit :)

    which two files?

    )\/(ark


    * Origin: (1:3634/12)
  • From Janis Kracht@1:261/38 to Mark Lewis on Thu Oct 5 22:33:24 2006
    Hi Mark,

    This file has two suspicious files in it, so it's been removed from
    distribution (thanks for the report, Vince :) ) I've contacted the
    author and asked him to check his system, and send me another copy
    :)

    the author uploads his netfossil releases directly to my system... i've not ha
    any false positives indicated... as a double check, i just extracted his uploaded version of netf096.zip across my lan and my up to date avast scanner
    didn't fuss... i ran a scan on that specific test folder and still turned up a
    clean set...

    That's the same report that the author gave me concerning the two files I showed him.. we both knew that false positives happen on occaison.

    Normally I wouldn't be so concerned with a 'suspicious' file as I
    know various checkers can get false positives, but two files
    bothered me a bit :)

    which two files?

    ====== vince's report, same here on my system ==========

    Virus scanning report - 4 October 2006 @ 18:51

    F-PROT ANTIVIRUS
    Program version: 4.6.6
    Engine version: 3.16.14

    VIRUS SIGNATURE FILES
    SIGN.DEF created 2 October 2006
    SIGN2.DEF created 3 October 2006
    MACRO.DEF created 3 October 2006

    Search: FILE_ID.DIZ FOSSIL.CHT FOSSIL.TXT NET2BBS.EXE NET2BBS.INI NETCOM.EXE NETFOSS.COM NETFOSS.DLL NETFOSS.TXT NF.BAT NFELEBBS.TXT UPGRADE.TXT Action: Report only
    Files: "Dumb" scan of all files
    Switches: -ARCHIVE -PACKED -SERVER

    /opt/mbse/var/badtic/a/NET2BBS.EXE->(UPX) Infection: Possibly a new variant
    of W32/Threat-HLLSI-based!Maximus
    /opt/mbse/var/badtic/a/NETCOM.EXE->(UPX) Infection: Possibly a new variant of W32/Threat-HLLSI-based!Maximus

    Results of virus scanning:

    Files: 12
    MBRs: 0
    Boot sectors: 0
    Objects scanned: 12
    Infected: 0
    Suspicious: 2
    Disinfected: 0
    Deleted: 0
    Renamed: 0

    Time: 0:00
    === Cut ===

    When I emailed Mike about it, here's what he said:

    Hi Janis,

    I installed F-Prot here, and I see the same results, not only with NetFoss 0.9.6 but also with every previous version it flags the NETCOM.EXE as suspicious. (NET2BBS.EXE is new to 0.9.6)

    Note that it's simply saying the files are suspicious, and could be a possible >new variant of an existing threat. I suspect it sees that both files are doin
    Winsock communications using ASM which is why it flags them.

    NETCOM.EXE is a telnet communication engine.
    NET2BBS.EXE is a telnet server.

    I can assure you 100% that neither file contains any spyware/adware/trojans or
    backdoors of any sort.

    While I have never used F-Prot before, I scanned the same files using the following
    Virus and adware scanners:

    Norton Antivirus
    NOD32 Antivirus
    AVG Antivirus
    Avast Antivirus
    Ewido Antivirus
    Housecall Antivirus/AntiSpyware
    SpyBot Anti-Spyware
    AdAware Anti-Adware

    NETF096.ZIP gets a clean result using all of the above.


    I've got another version now from Mike's system so I'll be sending that out most likely tomorrow to replace the replacement file :)

    Take care,
    Janis

    --- BBBS/LiI v4.01 Flag-5
    * Origin: Prism bbs (1:261/38)
  • From mark lewis@1:3634/12 to Janis Kracht on Fri Oct 6 05:38:53 2006

    That's the same report that the author gave me concerning the two
    files I showed him.. we both knew that false positives happen on
    occaison.

    yup... a quick google for "W32/Threat-HLLSI-based!Maximus" turned up several reports of fprot falsing on numerous different non-infected files...

    have you also looked into clamav? that'd at least give you two to check with...
    really need a third so that you can better rely on when two say the same thing and the third doesn't agree ;)

    i run clamav on my smoothwall based firewall... all email coming in thru my smtp server gets a scan with dspam and clamav before going on further... i don't scan files and such with it, though...

    [trim]

    I've got another version now from Mike's system so I'll be sending
    that out most likely tomorrow to replace the replacement file :)

    cool...

    )\/(ark


    * Origin: (1:3634/12)
  • From Janis Kracht@1:261/38 to mark lewis on Fri Oct 6 14:03:28 2006
    Hi Mark,

    That's the same report that the author gave me concerning the two
    files I showed him.. we both knew that false positives happen on
    occaison.

    yup... a quick google for "W32/Threat-HLLSI-based!Maximus" turned up several reports of fprot falsing on numerous different non-infected files...

    hehe... I never think to do that :)

    have you also looked into clamav? that'd at least give you two to check with..

    True - can't hurt :)

    really need a third so that you can better rely on when two say the same thing
    and the third doesn't agree ;)

    :)

    I'm pretty sure it's available for gentoo's linux distribution.. you know what gentoo is like.. you can compile packages on your own and use them, but to do it right you write your own emerge file.. if you don't know much about gentoo then that's probably all greek to you :) :)

    i run clamav on my smoothwall based firewall... all email coming in thru my smtp server gets a scan with dspam and clamav before going on further... i don't scan files and such with it, though...

    I'll check it out.

    I've got another version now from Mike's system so I'll be sending
    that out most likely tomorrow to replace the replacement file :)

    cool...

    :)

    Take care,
    Janis

    --- BBBS/LiI v4.01 Flag-5
    * Origin: Prism bbs (1:261/38)
  • From mark lewis@1:3634/12 to Janis Kracht on Fri Oct 6 15:49:36 2006

    That's the same report that the author gave me concerning the two
    files I showed him.. we both knew that false positives happen on
    occaison.

    yup... a quick google for "W32/Threat-HLLSI-based!Maximus" turned up
    several reports of fprot falsing on numerous different non-infected
    files...

    hehe... I never think to do that :)

    hahaha... for your punishment, you get to write 1000 times on the blackboard "google is my friend"... i expect to see your work completed by the end of the day, today LOL!

    have you also looked into clamav? that'd at least give you two to
    check with..

    True - can't hurt :)

    really need a third so that you can better rely on when two say the
    same thing and the third doesn't agree ;)

    :)

    I'm pretty sure it's available for gentoo's linux distribution..
    you know what gentoo is like.. you can compile packages on your own
    and use them, but to do it right you write your own emerge file..
    if you don't know much about gentoo then that's probably all greek
    to you :) :)

    i've not done a gentoo system but have thought about looking into it... i have three (i think) different flavors of linux running here, now... smoothwall and an old mandrake which are based on red hat's stuff... this box dualboots into kubuntu's dapper dan release... i also have debian sarge or woody, whichever is
    the newest but i don't have it installed anywhere right now... when i did, i (finally) did an update on it and it "blew up" the install and wouldn't run... so that box became the smoothwall firewall box... i'm wanting to say that i also have a copy of another big name in linux distributions but for the life of
    me i can't remember it or lay my hands on the disks :(

    )\/(ark


    * Origin: (1:3634/12)
  • From Janis Kracht@1:261/38 to mark lewis on Fri Oct 6 16:31:22 2006
    Hi Mark,

    yup... a quick google for "W32/Threat-HLLSI-based!Maximus" turned up
    several reports of fprot falsing on numerous different non-infected
    files...

    hehe... I never think to do that :)

    hahaha... for your punishment, you get to write 1000 times on the blackboard
    "google is my friend"... i expect to see your work completed by the end of the
    day, today LOL!

    LOL :) :) Boy, I _never_ had to do that in school <laugh>


    I'm pretty sure it's available for gentoo's linux distribution..
    you know what gentoo is like.. you can compile packages on your own
    and use them, but to do it right you write your own emerge file..
    if you don't know much about gentoo then that's probably all greek
    to you :) :)

    i've not done a gentoo system but have thought about looking into it... i have

    Sadly, I've found that their packages have started getting a tad sloppy as far as emerging goes.. dependencies are sometimes not included in the emerge script, so when the compile fails, you go searching for the 'missing' package or whatever.. bums me out because this distro is so or was so neat... When we got back from that Sco conference this August, I swore I was gonna install Open
    Server 6 <grin>.. I haven't done it yet though haha.. one of these days <g>.

    three (i think) different flavors of linux running here, now... smoothwall and
    an old mandrake which are based on red hat's stuff...

    I think RH5 was the first linux I installed seriously.. that's when I made the jump from OS/2.. boy that was a while ago now <grin>

    this box dualboots into
    kubuntu's dapper dan release... i also have debian sarge or woody, whichever i
    the newest but i don't have it installed anywhere right now... when i did, i
    (finally) did an update on it and it "blew up" the install and wouldn't run...

    ouch :(

    so that box became the smoothwall firewall box... i'm wanting to say that i
    also have a copy of another big name in linux distributions but for the life o
    me i can't remember it or lay my hands on the disks :(

    Hmm.. Slackware? I had that installed a long long time ago, but mostly for playing around... that was fun :) I've got Kubuntu here somewhere.. haven't installed it yet though.

    Take care,
    Janis

    --- BBBS/LiI v4.01 Flag-5
    * Origin: Prism bbs (1:261/38)
  • From mark lewis@1:3634/12 to Janis Kracht on Fri Oct 6 17:20:04 2006

    so that box became the smoothwall firewall box... i'm wanting to say that i >also have a copy of another big name in linux distributions but for
    the life of me i can't remember it or lay my hands on the disks :(

    Hmm.. Slackware?

    /me smacks self in forehead!

    yes... that's it... i don't know why i can't remember it... as slack as i can get at times, it ought to be the first one on my tongue LOL!!

    )\/(ark


    * Origin: (1:3634/12)
  • From Jeff Smith@1:14/0 to Janis Kracht on Mon Oct 9 03:56:48 2006
    Hello Janis.

    06 Oct 06 16:31, you wrote to mark lewis:

    Hi Mark,

    yup... a quick google for "W32/Threat-HLLSI-based!Maximus" turned
    up several reports of fprot falsing on numerous different
    non-infected files...

    hehe... I never think to do that :)

    hahaha... for your punishment, you get to write 1000 times on the
    blackboard "google is my friend"... i expect to see your work
    completed by the end of the day, today LOL!

    LOL :) :) Boy, I _never_ had to do that in school <laugh>


    I'm pretty sure it's available for gentoo's linux distribution..
    you know what gentoo is like.. you can compile packages on your own
    and use them, but to do it right you write your own emerge file..
    if you don't know much about gentoo then that's probably all greek
    to you :) :)

    i've not done a gentoo system but have thought about looking into
    it... i have


    I did a gentoo install awhile back but had trouble getting the
    emerge to update correctly.

    Sadly, I've found that their packages have started getting a tad
    sloppy as far as emerging goes.. dependencies are sometimes not
    included in the emerge script, so when the compile fails, you go
    searching for the 'missing' package or whatever.. bums me out because
    this distro is so or was so neat... When we got back from that Sco conference this August, I swore I was gonna install Open Server 6
    <grin>.. I haven't done it yet though haha.. one of these days <g>.



    A little pricy for my taste (OpenServer 6). That and the lack of 64 bit support and think it had some USB support issues. I do like to test OS's though.

    three (i think) different flavors of linux running here, now...
    smoothwall and an old mandrake which are based on red hat's stuff...

    I think RH5 was the first linux I installed seriously.. that's when I
    made the jump from OS/2.. boy that was a while ago now <grin>


    I still like OS/2. When I get the time to update the install drivers
    on the floppies or create a bootable CD for my current hardware. I may
    install it again on a test PC.

    this box dualboots into
    kubuntu's dapper dan release... i also have debian sarge or woody,
    whichever i the newest but i don't have it installed anywhere right
    now... when i did, i (finally) did an update on it and it "blew up"
    the install and wouldn't run...

    ouch :(

    so that box became the smoothwall firewall box... i'm wanting to say
    that i also have a copy of another big name in linux distributions
    but for the life o me i can't remember it or lay my hands on the
    disks :(

    Hmm.. Slackware? I had that installed a long long time ago, but
    mostly for playing around... that was fun :) I've got Kubuntu here somewhere.. haven't installed it yet though.


    Ahhh yes... Slackware. <g> BSD wasn't too bad either.


    Take care,
    Janis

    --- BBBS/LiI v4.01 Flag-5
    * Origin: Prism bbs (1:261/38)

    Jeff

    --- FMail/Win32 1.60
    * Origin: Twin_Cities_Metronet - MN USA (1:14/0)
  • From Janis Kracht@1:261/38 to Jeff Smith on Mon Oct 9 08:51:36 2006
    Hi Jeff,

    i've not done a gentoo system but have thought about looking into
    it... i have

    I did a gentoo install awhile back but had trouble getting the
    emerge to update correctly.

    This seems to happen to now and again.. pia when it happens ...

    When we got back from that Sco
    conference this August, I swore I was gonna install Open Server 6
    <grin>.. I haven't done it yet though haha.. one of these days <g>.


    A little pricy for my taste (OpenServer 6). That and the lack of 64 bit support and think it had some USB support issues. I do like to test OS's though.

    Understand that.. this was a free copy they gave to everyone who attended the SCO conference.. Ron won a raffle for a 19" monitor - he was shocked.. he said it's the first time he's every won anything in his life and it was :)

    three (i think) different flavors of linux running here, now...
    smoothwall and an old mandrake which are based on red hat's stuff...

    I think RH5 was the first linux I installed seriously.. that's when I
    made the jump from OS/2.. boy that was a while ago now <grin>


    I still like OS/2. When I get the time to update the install drivers
    on the floppies or create a bootable CD for my current hardware. I may install it again on a test PC.

    I haven't tried reinstalling it since I abandoned it years ago.. heard good things about the latest though :)

    so that box became the smoothwall firewall box... i'm wanting to say
    that i also have a copy of another big name in linux distributions
    but for the life o me i can't remember it or lay my hands on the
    disks :(

    Hmm.. Slackware? I had that installed a long long time ago, but
    mostly for playing around... that was fun :) I've got Kubuntu here
    somewhere.. haven't installed it yet though.

    Ahhh yes... Slackware. <g> BSD wasn't too bad either.

    Early on Slackware was a little testy .. but I guess any linux would have been <grin>

    Take care,
    Janis

    --- BBBS/LiI v4.01 Flag-5
    * Origin: Prism bbs (1:261/38)
  • From Benny Pedersen@2:237/53 to Janis Kracht on Fri May 11 04:52:16 2007
    Hello Janis!

    05 Oct 06 22:33, Janis Kracht wrote to Mark Lewis:

    F-PROT ANTIVIRUS
    Program version: 4.6.6
    Engine version: 3.16.14

    emerge -av clamav

    clamav is known to have less false positives then the alternatives :-)

    Regards Benny

    ... there can only be one way of life, and it works :)

    --- Msged/LNX 6.1.2 (Linux/2.4.20-43_41.rh8.0.at (i686))
    * Origin: There is no place like 127.0.0.1 if its not for (2:237/53)