There's still no attachment to hand off to the mail server's virus scanner(s).
If the body was VERY standard, it could be pattern matched by Declude. Add a little random action to the body (and the port used) and here we go again.
The latest batch of Bagle's (Q,R,S,T) can be blocked because, while not a virus, it breaks the rules.
(Auto run using a hole in MS outlook)
The next version may be the same, except the user has to run it by hand. Just a 1 K e-mail with a link to a recently compromised PC.
When will it end?????????? (or at least slow down)
PS Scott, Thanks for the recently added Vulnerability blocking. (for Q R S & T)
--
Greg Little
--- [This E-mail scanned for viruses by Findlay Internet]
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
