RE: [Declude.Virus] Containing: Possibly a new variant of JS/ virus

[Mark Reimer]

Matt, My config is similar to yours except you have AI/Packed/SERVER. What are the additional benefits to using these switches?   Mark Reimer IT Project Manager American CareSource 214-596-2464 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Matt Sent: Friday, March 24, 2006 5:44 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Containing: Possibly a new variant of JS/ virus Kami, This is F-Prot that is detecting this and not Declude.  I believe that the reason is the "/PARANOID" switch that you are using.  This is not a commonly used switch and it's not documented in the executable's help.  Here's my config for F-Prot.  I believe this should stop your issues if you change to it:     C:\Progra~1\FSI\F-Prot\fpcmd.exe /AI /SILENT /NOBOOT /NOMEM /ARCHIVE=5 /PACKED /SERVER /DUMB /REPORT=report.txt I have no virus hits that match what you are showing for F-Prot using this config. Matt Kami Razvan wrote: Hi Matt..   thanks for your quick reply.  Here is the virus log entries:   03/24/2006 14:34:08.042 q49aa017400001b4f.smd Vulnerability flags = 0 03/24/2006 14:34:10.777 q49aa017400001b4f.smd Virus scanner 1 reports exit code of 0 03/24/2006 14:34:11.871 q49aa017400001b4f.smd Virus scanner 2 reports exit code of 8 03/24/2006 14:34:11.965 q49aa017400001b4f.smd Scanner 2: Virus= Possibly a new variant of JS/ Attachment=[HTML segment] [17] I 03/24/2006 14:34:12.012 q49aa017400001b4f.smd File(s) are INFECTED [ Possibly a new variant of JS/: 8] 03/24/2006 14:34:12.059 q49aa017400001b4f.smd Deleting file with virus 03/24/2006 14:34:12.121 q49aa017400001b4f.smd Deleting E-mail with virus! 03/24/2006 14:34:12.153 q49aa017400001b4f.smd Scanned: CONTAINS A VIRUS [MIME: 1 2652] 03/24/2006 14:34:12.184 q49aa017400001b4f.smd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 10.119.249.109] 03/24/2006 14:34:12.215 q49aa017400001b4f.smd Subject: Response   & here is our entries in the virus.cfg file   SCANFILE1   C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP /PANALYZE /NOBREAK /UNZIP /SILENT /NODDA /REPORT report.txt VIRUSCODE1  13 REPORT1  Found   # F-PROT - 2nd scanner   SCANFILE2  C:\Progra~1\FSI\F-Prot\fpcmd.exe -AI /TYPE /SILENT /server /PARANOID /NOMEM /ARCHIVE=5 /PACKED /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE2  3 VIRUSCODE2  6 VIRUSCODE2  8 REPORT2    Infection:   # AVG - 3rd Scanner SCANFILE3     C:\Progra~1\Grisoft\AVG7\avgscan.exe /NOMEM /NOBOOT /NOHIMEM /NOSELF /ARC /RT /ARCW /RTW /MACROW /REPORT=report.txt VIRUSCODE3 4 VIRUSCODE3 5 VIRUSCODE3 6 VIRUSCODE3 7 VIRUSCODE3 9 REPORT3       identified   # CLAM- 4th Scanner SCANFILE4 C:\clamav-devel\bin\clamscan.exe --quiet --log-verbose --no-summary --max-ratio 0  -l report.txt VIRUSCODE4  1   Hope that helps..   Regards, - Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Friday, March 24, 2006 5:56 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Containing: Possibly a new variant of JS/ virus Kami, You might want to post your full Declude Virus log snippet for one such message and identify both your Declude version and your virus scanners. Matt