Have you a FP from this page ?

To add my point of view: anyone who can cut and paste can save it and eventually execute.... That why we detect it. Even it the source code of the page creates displayed worm code using escape characters.

 

Well I just installed Bit Defender Pro 9 and it does NOT detect anything there. Four top AV do not detect anything there: KAV 2006, F-Prot 6.0.4.1, McAfee VirusScan Enterprise, 8.5i Beta II and Bit Defender Pro 9.5.

I don't believe there is anything there that is dangerous.

 

Have you set the BitDefender RTM to report incomplete virus bodies?

Interestingly, Virus Chaser found this file as 'suspicious' but did not alert me about it. Instead, it simply ignored it (heuristic detections are not reported by VC yet).

 

I don't see how to set the Real Time scanner to report "incomplete virus bodies". I see the setting (which is checked) to do that for the on demand scanner.

 

Yes, there is malware code, but in this form it poses no threat.

AV experts still debate about this issue.

Imo this is one of the cases where there's no false positive and no false negative.

I don't think any AVendor will add detection for this, nor will there be AVendors who will remove detection.

 

The http posted appears to be wrong, and didn't work for me anway. I changed it to hxxp://www.bellamyjc.org/fr/iloveyou.html without the xx's of course, and got there.

http://img143.imageshack.us/img143/7696/v115in.png

As you can see BitDefender does detect and block it. I'm using the latest version BD 9.5 standard.

That websites analysis of iloveyou and with AV alerting code in the page, is very similar to another one i seem to remember from a while back. I'm sure that page was in English though, and the owner responded to questions about in a thread on here !


StevieO

 

http://img161.imageshack.us/img161/3381/iloveyou3qx.png

NOD32 is also feeling itchy on this page

 

As Schouw KL stated already - that is basically a "drawn"
It is NOT a malicious website from the point that something could execute, but it contains well know script parts from the worm. Now the thing is that .HTML files basically are belonging into the AV "Script-Type". Loveletter to.
That means the "matching filetype" condition is even fulfilled It would be worse if someone finds a Windows Executable FileInfector in a HTML file...

However, i ALWAYS adviced to such guys which are trying to explain how Viruses are working NOT TO QUOTE OR PASTE directly source code into HTML files, because this always might lead to false positives. Instead of this a black and white PNG picture with the code is ABSOLUTELY SAFE regarding false positives of text based detections.

Mike

 

I don't see any proof of BD detecting it from you.

BD 9.5 Pro does NOT detect it on my computer. I can't upload a screen shot as Gadwin Print Screen makes it a bit too large for here....isn't it about time this site allow larger screen shots?

 

Or if you just start using Alt+Prt Scrn Or maybe resizing. Or even thumbnails. Countless possibilities

 

That is an excellent idea. Although I wouldn't suggest PNG but JPEG....much nicer pic.

 

See....it is not worth the hassle. I should not have to go through hoops to post a screen shot here. Gadwin Print Screen does it in one fell swoop. I don't have to jump through hoops on ANY website except this one and this one has enough members now to change the stupid policy...charge us for membership if necessary.

Who could read a thumbnail? And if you resize then it is too small to read. I can't read a lot of what is posted here.

PLEASE JUST CHARGE A MEMBERSHIP FEE SO WE CAN POST DECENTLY.

 

I'm not sure what your definition of "larger screen shots" is....but as of a month ago a conversion was made and images uploaded will be dropped in display size to 800 pixels, either in width of height or whichever is larger on the image....which should be more than adequate to retain good quality. Attachments smaller than 800 pixels, will display in real size.

Having said that and realizing I am just as guilty for taking this thread OT with the above explanation....I will ask that we continue with the actual thread topic matter and those having a problem with our "stupid policy" simply continue their concerns by creating a thread in our General Topics Forum where we discuss forum related issues.

Edit
OT posts removed concerning attachments.

While I understand certain posters may have missed my request....I'll ask again that We keep to the thread topic matter and continue the attachment discussion in a more appropriate forum.

Thanks,
Bubba

 

I'm sorry Mele, I was telling you from memory rather then actually looking at BD and finding out.

While this would certainly be a nice thing, several people like to test their AVs with real malware instead of the EICAR test file. I guess the code is copy-pasted so that such people can directly put this code in a Visual Basic Runtime Compiler and test it out.

~snip....'removed possibly off-topic remark'....Bubba~

@Inspector Clouseau:

 

Mele20, i don't whether your remark was pointed towards me, but if it was i can guarantee you that my BD definately detected what it did on that website !

~snip....removed off-topic remark....Bubba~


StevieO