• Infection

    From Ben Ritchey@1:393/68 to All on Mon May 29 10:34:51 2017
    Hi All,

    My ClamWin AntiVirus program reports:

    DB399SRD.ZIP: Win.Virus.Virut-5914242-0 FOUND

    This file has been submitted to ClamAV.Net as a false-positive. Until this has been verified, SR13 has been quarantined. Better safe than sorry, right?


    .- Keep the faith, --------------------------------------------------.
    | |
    | Ben aka cMech Web: http|ftp|binkp|telnet://cmech.dynip.com |
    | Email: fido4cmech(at)lusfiber.net |
    | Home page: http://cmech.dynip.com/homepage/ | `----------- WildCat! Board 24/7 +1-337-984-4794 any BAUD 8,N,1 ---'

    ... A violent, unwanted clown on the global stage.
    --- GoldED+/W32-MSVC v1.1.5-b20170303 ... via Mystic BBS!
    * Origin: FIDONet - The Positronium Repository (1:393/68)
  • From Nick Andre@1:229/426 to Ben Ritchey on Mon May 29 16:11:21 2017
    On 29 May 17 10:34:51, Ben Ritchey said the following to All:

    My ClamWin AntiVirus program reports:

    DB399SRD.ZIP: Win.Virus.Virut-5914242-0 FOUND

    This file has been submitted to ClamAV.Net as a false-positive. Until this been verified, SR13 has been quarantined. Better safe than sorry, right?

    Ben, I replied to your Netmail about all of this, and if I am not mistaken, you are a programmer as well.

    The way that the D'Bridge code is compiled for publication is impossible for a virus to be injected in any way shape or form. The compiler generates machine-language code from the many source files... all of it DOS based, so a "Win" virus would be impossible. Any competant programmer, system administrator or operator of a major mail/file distribution would know this.

    BinkD generates a false-positive for Avira as a "TR/Downloader Virus"... is anyone quarantining their work? Or is just Clam that counts here?

    Nick

    --- Renegade vY2Ka2
    * Origin: Joey, do you like movies about gladiators? (1:229/426)
  • From Ben Ritchey@1:393/68 to Nick Andre on Mon May 29 16:09:36 2017
    * An ongoing debate between Nick Andre and Ben Ritchey rages on ...

    DB399SRD.ZIP: Win.Virus.Virut-5914242-0 FOUND
    Virus"... is anyone quarantining their work? Or is just Clam that
    counts here?

    ClamAV just happens to be what I use for backup scans and verifying results for

    Janis when she gets a hit on occasion. My main A/V is Microsoft Security Essentials and Windows Defender plus McAfee Security Scan Plus (on demand). You

    may very well be right and it's false and clean as a whistle but as long as the

    mechanics to verify hits are available, I use them. Will keep ya posted :)


    .- Keep the faith, --------------------------------------------------.
    | |
    | Ben aka cMech Web: http|ftp|binkp|telnet://cmech.dynip.com |
    | Email: fido4cmech(at)lusfiber.net |
    | Home page: http://cmech.dynip.com/homepage/ | `----------- WildCat! Board 24/7 +1-337-984-4794 any BAUD 8,N,1 ---'

    ... A billion dollars isn't what it used to be. - Nelson Bunker Hunt
    --- GoldED+/W32-MSVC v1.1.5-b20170303 ... via Mystic BBS!
    * Origin: FIDONet - The Positronium Repository (1:393/68)
  • From Joe Delahaye@1:249/303 to Ben Ritchey on Mon May 29 21:05:34 2017
    Re: Infection
    By: Ben Ritchey to All on Mon May 29 2017 10:34:51

    DB399SRD.ZIP: Win.Virus.Virut-5914242-0 FOUND

    This file has been submitted to ClamAV.Net as a false-positive. Until this has been verified, SR13 has been quarantined. Better safe than sorry, right?



    I guess you missed the earlier message on this. Its quite safe, and a false positive. AVG saw nothing wrong with it, nor did Windows Defender.


    Joe
    --- SBBSecho 3.00-Win32
    * Origin: The Lions Den BBS, Trenton, On, CDN (1:249/303)
  • From Ben Ritchey@1:393/68 to Joe Delahaye on Mon May 29 21:08:27 2017
    * An ongoing debate between Joe Delahaye and Ben Ritchey rages on ...

    DB399SRD.ZIP: Win.Virus.Virut-5914242-0 FOUND
    This file has been submitted to ClamAV.Net as a false-positive.
    Until this has been verified, SR13 has been quarantined. Better
    safe than sorry, right?

    I guess you missed the earlier message on this. Its quite safe, and a false positive. AVG saw nothing wrong with it, nor did Windows
    Defender.

    Nope, Quarantined until ClamAV verifies it either way :)


    .- Keep the faith, --------------------------------------------------.
    | |
    | Ben aka cMech Web: http|ftp|binkp|telnet://cmech.dynip.com |
    | Email: fido4cmech(at)lusfiber.net |
    | Home page: http://cmech.dynip.com/homepage/ | `----------- WildCat! Board 24/7 +1-337-984-4794 any BAUD 8,N,1 ---'

    ... He posts in FIDO - you know how THOSE people are...
    --- GoldED+/W32-MSVC v1.1.5-b20170303 ... via Mystic BBS!
    * Origin: FIDONet - The Positronium Repository (1:393/68)
  • From Nick Andre@1:229/426 to Ben Ritchey on Mon May 29 21:12:03 2017
    On 29 May 17 16:09:36, Ben Ritchey said the following to Nick Andre:

    ClamAV just happens to be what I use for backup scans and verifying results for
    Janis when she gets a hit on occasion. My main A/V is Microsoft Security Essentials and Windows Defender plus McAfee Security Scan Plus (on demand). You
    may very well be right and it's false and clean as a whistle but as long as the
    mechanics to verify hits are available, I use them. Will keep ya posted :)

    The problem is nothing to do with the false-positive. I notice none of you are up in arms over BinkD failing the Avira test on virustotal.com. Whoops,
    did you know about this one? Will you be quarantining files from that project? Will she be telling them to clean up their mess and publish CLEAN files? "Oh those Russians", you can't trust 'em, what with all the garlic aroma?

    Because that is the VERY FIRST Netmail I received from her. Uh oh, looks like Nick has a mess to clean up and I'm deleting his files until they're CLEAN.

    I find it very amusing that she needs your help to determine if a file has a legitimate virus infection or not. That is System Administration 101. If she cannot do that herself, she has no business running a mail/file hub system.

    Nick

    --- Renegade vY2Ka2
    * Origin: Joey, do you like movies about gladiators? (1:229/426)
  • From Roger Nelson@1:3828/7 to Ben Ritchey on Tue May 30 07:06:23 2017
    On Mon May-29-2017 21:08, Ben Ritchey (1:393/68) wrote to Joe Delahaye:

    * An ongoing debate between Joe Delahaye and Ben Ritchey rages on
    ...

    DB399SRD.ZIP: Win.Virus.Virut-5914242-0 FOUND
    This file has been submitted to ClamAV.Net as a false-positive.
    Until this has been verified, SR13 has been quarantined. Better
    safe than sorry, right?

    I guess you missed the earlier message on this. Its quite safe, and a false positive. AVG saw nothing wrong with it, nor did Windows
    Defender.

    Nope, Quarantined until ClamAV verifies it either way :)

    Then how would you explain that it is still available on filegate?


    Roger
    --- timEd/386 1.10.y2k+
    * Origin: NCS BBS - Houma, LoUiSiAna - (1:3828/7)
  • From Janis Kracht@1:261/38 to Roger Nelson on Tue May 30 13:19:28 2017
    On Mon May-29-2017 21:08, Ben Ritchey (1:393/68) wrote to Joe Delahaye:

    * An ongoing debate between Joe Delahaye and Ben Ritchey rages on
    ...

    DB399SRD.ZIP: Win.Virus.Virut-5914242-0 FOUND
    This file has been submitted to ClamAV.Net as a false-positive.
    Until this has been verified, SR13 has been quarantined. Better
    safe than sorry, right?

    I guess you missed the earlier message on this. Its quite safe, and a
    false positive. AVG saw nothing wrong with it, nor did Windows
    Defender.

    Nope, Quarantined until ClamAV verifies it either way :)

    Then how would you explain that it is still available on filegate?

    It is online here because I tested the file to my satisfaction given a different Linux tool named sigtool. Ben owns his own system and he has decided
    to wait until he hears from ClamAv. That is his choice, correct?

    --- BBBS/Li6 v4.10 Toy-3
    * Origin: Prism bbs (1:261/38)
  • From Roger Nelson@1:3828/7 to Janis Kracht on Tue May 30 13:32:42 2017
    On Tue May-30-2017 13:19, Janis Kracht (1:261/38) wrote to Roger Nelson:

    On Mon May-29-2017 21:08, Ben Ritchey (1:393/68) wrote to Joe Delahaye:

    [...]

    Nope, Quarantined until ClamAV verifies it either way :)

    Then how would you explain that it is still available on filegate?

    It is online here because I tested the file to my satisfaction
    given a different Linux tool named sigtool. Ben owns his own
    system and he has decided to wait until he hears from ClamAv. That
    is his choice, correct?

    D'Bridge has never had a virus in it. I've used it for three months on a trial
    kee before I finally registered it and became a node in 1991.

    Did you remove the previous releases of it?


    Regards,

    Roger
    --- timEd/386 1.10.y2k+
    * Origin: NCS BBS - Houma, LoUiSiAna - (1:3828/7)