01-10-2001, 08:21 PM
I'm getting some strange email messages lately and they are not the usual spam.

To deal with the obvious first, I have Norton AV 2001 installed with all options including email scanning enabled and running. I update daily (or more often if live-update asks) and do a full scheduled scan every week. Just in case, I have just completed a full all-files scan and all that picked up was an EICAR test virus signature that I have on the disk to keep Norton honest. (That way I always get one virus reported just to let me know it is all working.)

I do not recognise the send or receive addresses and one sequence of six (two messages between yahoo.com & aol.com repeated three times)were sent to me as apparent returns from a mail server that could not deliver 'my message'. Checking the options info obtained by right-clicking the message, I see that one line says auto- submitted:auto-replied.

I have also had a message from a free.net subscriber (not known to me and not in my addesss book) querying a message supposedly received from me and definitely using one of my email addresses.

This all sounds very virus-like to me but I've only had one virus-related contact in recent times that I know of which was via an address-book heist on a friend. That was a simple text message & had no attachments. he later told mre his computer was infected with the master or magister virus (he didn't know which).

Anybody got any ideas?

03-10-2001, 12:05 AM
Sorry Peter - no idea. I have a question for you though. [backwards aye! :-)]

Where can I get a copy of the EICAR test virus you mentioned so that I too can see if my virus checker is working?



03-10-2001, 02:24 PM
No worries Graham

Go to eicar.org and follow the instructions. They also have a 'virus in an archive' version to check that your AV is getting into zip files.

You may need to disable your AV program while you download and install these as they might cause hiccups during downloading.

I keep copies in folders named Eicar on every drive and partition that I want my AV to scan. If I don't get the correct check number of viruses found then I know something is wrong. My Norton AV program seems to swirch off some options occaionally so it is good to be able to check that everything is working.

You will have to disble any auto-clean function in your AV program or it will wipe out your test files first time you run it.

I have mine set to report viruses and ask me what I want to do. The final window of the scan program identifies the viruses foundso provided nothing new turns up I just click cancel, and ignore the warning.

It gives me the warm fuzzies to see my AV at work instead of the cold dreads you get from the real thing.

Now, all I need is somebody to give me an opinion on my strange emails. I have just received another three. They look perfectly normal apart from a string of gibberish on part of one line but it doessn't look like code.