Suddenly picking up internal mail as exploit.html.objdata??

Forum for support for the Kaspersky AntiVirus for WinGate plugin

Moderator: Qbik Staff

Suddenly picking up internal mail as exploit.html.objdata??

Postby corcoran » Nov 02 04 11:59 pm

Guys.

Yesterday; The Gate started picking up email from Outlook XP/2003 versions (internal) to external addresses as having the above exploit on them.

i've checked a couple sites and the condition is common for SPAM mail; which we're obviously not sending --

here are the headers for one such message:

------------------------------------------------------------
WinGate DataScanning has blocked the following message:

Message: 0000000232
From: "Kate Love" <kate.love@damo******.com>
To: "'Mick Skerratt'" <mick.skerratt@exet*******.co.uk>
Subject: Contract
Size: 262936 bytes
Reason: Kaspersky AV for WinGate - Data stream (0000020132) is infected with Exploit.HTML.ObjData

Please contact the Administrator ( wingate.virus@damo*******d.com ) to release this email.

Headers read:
Received: From BSDHLT003 (unverified [10.233.115.34]) by SMTP Server [10.226.161.2] (WinGate SMTP Receiver v5.2.2 (Build 892)) with SMTP id <0000020132@host217-40-63-185.in-addr.btopenworld.com>;
Mon, 1 Nov 2004 16:30:04 +0000
From: "Kate Love" <kate.love@da*****.com>
To: "'Mick Skerratt'" <mick.skerratt@exe*****.co.uk>
Subject: Contract
Date: Mon, 1 Nov 2004 16:31:33 -0000
Message-ID: <000001c4c030$409c3a00$0100000a@BSDHLT003>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0001_01C4C030.409C3A00"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
corcoran
 
Posts: 94
Joined: Apr 02 04 7:12 am
Location: UK

Postby Pascal » Nov 03 04 9:29 am

http://www.viruslist.com/en/viruses/enc ... usid=50736

That URL gives Kaspersky's view on it. There is an interesting post at the bottom of that page:

Kaspersky Website wrote:Other

If a Kaspersky antivirus product identified this malicious code on your system between 18:00 and 22:00 Moscow time [GMT+3] on 1 November 2004, it is possible that this was a false alarm. We recommend that you update your product and scan again to make sure.
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand


Return to Kaspersky AntiVirus for WinGate

Who is online

Users browsing this forum: No registered users and 3 guests

cron