Re: [Declude.Virus] New virus out?
I am seeing it also. I already submitted it to Mcafee... My desktop AV (Trend) is detecting it as a Bagle variant... Don - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, May 31, 2005 9:59 AM Subject: [Declude.Virus] New virus out? One of the servers I manage is getting hit with lots of messages being caught with banned exe within zip. They are coming from different IPs John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New virus out?
I have seen the following attachments... 1.zip 5.zip 6.zip 7.zip 8.zip price_new.zip be_not_jealous.zip price_new_16_04_05.zip So far... Don - Original Message - From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, May 31, 2005 10:22 AM Subject: Re: [Declude.Virus] New virus out? John, What do the filenames appear to be - any pattern either filename, subject, body content etc? Darrell John Tolmachoff (Lists) writes: One of the servers I manage is getting hit with lots of messages being caught with banned exe within zip. They are coming from different IPs John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New virus out?
I just received an EXTRA.DAT file from Mcafee...to detect this.. I also submitted it to F-Prot I will try attaching the EXTRA.DAT file to this email Don - Original Message - From: Marc Catuogno [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, May 31, 2005 10:31 AM Subject: RE: [Declude.Virus] New virus out? I've gotten a few: 26KB files named 1.zip, 7.zip and work.zip so far -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, May 31, 2005 11:22 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] New virus out? John, What do the filenames appear to be - any pattern either filename, subject, body content etc? Darrell John Tolmachoff (Lists) writes: One of the servers I manage is getting hit with lots of messages being caught with banned exe within zip. They are coming from different IPs John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] EXTRA.DAT Description: Binary data
Re: [Declude.Virus] F-Prot and HTML object exploit
I am having the same problems here. It all started around 12:30 Central time... Don - Original Message - From: Matt To: Declude.Virus@declude.com Sent: Monday, May 02, 2005 12:56 PM Subject: Re: [Declude.Virus] F-Prot and HTML object exploit John,Thanks a bunch for pointing this out. I have found two of these in the last hour that are tagging what appears to be legitimate E-mail, bother from the same person. This is gatewayed E-mail: 05/02/2005 13:44:21 Q66F5EF3A00E815E6 MIME file: [text/html][quoted-printable; Length=6657 Checksum=558425]05/02/2005 13:44:21 Q66F5EF3A00E815E6 Found potentially dangerous stuff in F:\D66F5EF3A00E815E6.vir\0.!05/02/2005 13:44:21 Q66F5EF3A00E815E6 MIME file: image001.jpg [base64; Length=11748 Checksum=1305364]05/02/2005 13:44:21 Q66F5EF3A00E815E6 MIME file: image002.gif [base64; Length=2184 Checksum=243507]05/02/2005 13:44:22 Q66F5EF3A00E815E6 Scanner 1: Virus=HTML/[EMAIL PROTECTED] Attachment=[HTML segment] [0] O05/02/2005 13:44:22 Q66F5EF3A00E815E6 File(s) are INFECTED [HTML/[EMAIL PROTECTED]: 0]05/02/2005 13:44:22 Q66F5EF3A00E815E6 Deleting file with virus05/02/2005 13:44:22 Q66F5EF3A00E815E6 Deleting E-mail with virus!05/02/2005 13:44:22 Q66F5EF3A00E815E6 Scanned: CONTAINS A VIRUS [MIME: 4 21877]05/02/2005 13:44:22 Q66F5EF3A00E815E6 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from 208.7.179.200]05/02/2005 13:44:22 Q66F5EF3A00E815E6 Subject: RE: NCC Docket 2005 - 2It looks like turning F-Prot off might be a good idea, or at least configuring it to not delete viruses.MattJohn Tolmachoff (Lists) wrote: It appears that something has updated on F-Prot in the last hour. Now, a lot of outbound HTML e-mails are being flagged by F-Prot as having the HTML object exploit. Running the file on www.virustotal.com shows clean. Any one else seeing problems? For now, as I am at a client, I have turned off F-Prot scanning relying on AVG. John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.Virus] F-Prot and HTML object exploit
I have not updated to 3.16b and have this problem... Don - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Monday, May 02, 2005 3:09 PM Subject: RE: [Declude.Virus] F-Prot and HTML object exploit Question: Have you all running the latest v3.16b ? I can't see any appearance of HTML/ObjData in the entire current logfile, but I've still running 3.16a Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, May 02, 2005 7:47 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] F-Prot and HTML object exploit It appears that something has updated on F-Prot in the last hour. Now, a lot of outbound HTML e-mails are being flagged by F-Prot as having the HTML object exploit. Running the file on www.virustotal.com shows clean. Any one else seeing problems? For now, as I am at a client, I have turned off F-Prot scanning relying on AVG. John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] New MyDoom virus
We are many of these since about 5pm central time. Mcafee has definition updates to catch this. We were catching it by the blocked extensions before the Mcafee update was installed. http://vil.nai.com/vil/content/v_131856.htm At this time F-prot is not catching these.. Don -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.8 - Release Date: 2/14/2005 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New MyDoom Variants
FYI - Mcafee is detecting it as a generic Mydoom variant. So far F-prot is not... Don - Original Message - From: Don Hickey To: [EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 8:13 AM Subject: [Declude.Virus] New MyDoom Variants Since these emails come with just a link, will our antivirus scanners be able to detect these messages as viruses? I am running Mcafee and F-Prot. http://www.sarc.com/avcenter/venc/data/[EMAIL PROTECTED] http://www.sarc.com/avcenter/venc/data/[EMAIL PROTECTED] They both exploit an IFRAME vulnerability in Internet Explorer that has not been patched by Microsoft. Thanks Don Hickey
Re: [Declude.Virus] HEADS UP there is something strange out
Symantec has 3 new Bagle variants listed at www.sarc.com this morning... Thanks for the Heads Up Don - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 29, 2004 4:30 AM Subject: [Declude.Virus] HEADS UP there is something strange out My F-prot/Mcafee scanners are detecting a hug enumbers of Unknown Viruses this morning. Looking at the original message headers there are always HELO strings like Beatrix.net Arianna.net Margareth1.org Margareth1.com This moment I've received a warning from my own server that I has send a virus to another local recipient. Looking to thy smtp-logfile the sending IP was not mine. Even if all eml-file (recip, sender_local, sender_remote) contains a line SKIPIFVIRUSNAMEHAS Unknown Virus This warnings are still send out I've tried also to add FORGINGVIRUS Unknown Virus But the warnings are still send out. Thes same thing is happening also on another Imail/declude server. What the hell is going on here? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New Virus?
Looks like a new MyDoom Virus going around. We are seeing a lot of them incoming and the latest Mcafee beta definition files detect is as MyDoom.O http://vil.nai.com/vil/content/v_127033.htm Don - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 10:19 AM Subject: RE: [Declude.Virus] New Virus? It seems to be a new virus/variant. People are going to open it because it looks to them like a domain name (example.com) rather than filename (puppy.com). Up to now I can't find any com.zip in the vir0726.log file But in the meantime I've banned .zip attachments on our server. BANEXT com.zip wouldn't work? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] .CPL file blocked
I submitted one of these to Mcafee. I am seeing a lot more of these than the new Bagle. Don - Original Message - From: Scott Fisher [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 26, 2004 12:52 PM Subject: [Declude.Virus] .CPL file blocked Could be something new going on: I've just blocked my first CPL file at 12:15 today. .CPL is a Windows Control Pane lapplet extension. This was undected by F-Prot, McAfee and AVG. It has the ever-suspicious name of details.cpl Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] .CPL file blocked
Here is Mcafee's response to the .CPL I have been receiving - Don A.V.E.R.T. Sample Analysis Issue Number: 677272 Virus Research Analyst - Hong Kong: V. Nguyen Identified: W32/[EMAIL PROTECTED] AVERT(tm) Labs, Hong Kong Thank you for submitting your suspicious file. Synopsis - - Original Message - From: Scott Fisher [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 26, 2004 12:52 PM Subject: [Declude.Virus] .CPL file blocked Could be something new going on: I've just blocked my first CPL file at 12:15 today. .CPL is a Windows Control Pane lapplet extension. This was undected by F-Prot, McAfee and AVG. It has the ever-suspicious name of details.cpl Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Bagle.M
Look at the added extension that this variant uses Also, the attachment has any of the following extensions: . EXE . PIF . RAR . ZIP I have seen a couple of these so far as .ZIP files, I guess I will have to see what happens when I add .rar to the BANEXT temporarily... Don --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Proxy-Cidra
Actually, I think this might be a new variant. I submitted it to Mcafee last night and they sent back an extra.dat file to me. The filename is different than the one in their write-up. Also the ones we were seeing were caught by the banned extension until I copied over the extra.dat file. Ahh just went to Mcafee again... --Update Mar 10, 2004-- A new variant has been spammed to a large number of email addresses with subject similar to: This your photo? The file usb_d2.exe has been re-packed using UPX and attached as a ZIP file. This new variant will be detected by the 4336 DATS Also the file I saw were p_usb.exe in a .zip file. Don - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 2:23 AM Subject: [Declude.Virus] Proxy-Cidra This morning I've seen several Proxy-Cidra Trojans hold on our server. The discovery date of this trojan is 12/27/2003 and so every AV engine should be able to detect it. http://vil.nai.com/vil/content/v_100939.htm All infected messages I've seen are comming from different IPs. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot version
Ok I took up the Guinea Pig slack, and installed the latest version of F-prot.. I have not seen the winmail.dat error since I installed it about 10 minutes ago. I have caught many viruses during that time. So far so good. Don - Original Message - From: Darin Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 8:21 AM Subject: Re: [Declude.Virus] F-Prot version Actually, F-Prot released a new version of 3.14c (3.14c previously errored on winmail.dat files) on Monday. Haven't tried it out yet. Has anyone taken on the task of being a guinea pig...? Darin. - Original Message - From: Robert Grosshandler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 1:51 AM Subject: RE: [Declude.Virus] [EMAIL PROTECTED] cannot be caught Also - f-prot 3.14b is the current version. It's an important upgrade if I recall correctly. terry ip wrote: Hi All, Desktop Norton caught but declude didn't. I'm using Declude 1.75 + F-prot 3.14a with the latest virus pattern. Anyone have the same problem as I'm? or any cure on this? Thanks. Terry _ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] eicar in a .zip file
Scott, Using the test virus sender on your website, the eicar plain file gets caught as a virus, where the eicar in a .zip file gets caught as a banned extension. I am running Declude 1.78i14 - I just tried 1.78.i20 also, same results.. Here is a section of the log file.. 03/10/2004 08:42:40 Q295c000501aa26d2 Banning .ZIP file with encrypted COM extension. 03/10/2004 08:42:47 Q295c000501aa26d2 Scanned: Banned file extension. [MIME: 2 889] 003/10/2004 08:42:53 Q295c000501aa26d2 From: you-declude.com To: me-knox.edu 03/10/2004 08:42:53 Q295c000501aa26d2 Subject: Test eicar.com file [eicarencodedzip] On the site is mentions it should be caught as a virus. Don --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot version
Spoke too Soon!! 03/10/2004 08:46:35 Q2a4000b700e8a069 Could not find parse string Infection: in report.txt 03/10/2004 08:46:35 Q2a4000b700e8a069 Error 5 in virus scanner 1. 03/10/2004 08:46:36 Q2a4000b700e8a069 Scanned: Error in virus scanner. [MIME: 2 4472] This is with F-Prot 3.14c that was released the other day. Don - Original Message - From: Don Hickey [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 8:41 AM Subject: Re: [Declude.Virus] F-Prot version Ok I took up the Guinea Pig slack, and installed the latest version of F-prot.. I have not seen the winmail.dat error since I installed it about 10 minutes ago. I have caught many viruses during that time. So far so good. Don - Original Message - From: Darin Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 8:21 AM Subject: Re: [Declude.Virus] F-Prot version Actually, F-Prot released a new version of 3.14c (3.14c previously errored on winmail.dat files) on Monday. Haven't tried it out yet. Has anyone taken on the task of being a guinea pig...? Darin. - Original Message - From: Robert Grosshandler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 1:51 AM Subject: RE: [Declude.Virus] [EMAIL PROTECTED] cannot be caught Also - f-prot 3.14b is the current version. It's an important upgrade if I recall correctly. terry ip wrote: Hi All, Desktop Norton caught but declude didn't. I'm using Declude 1.75 + F-prot 3.14a with the latest virus pattern. Anyone have the same problem as I'm? or any cure on this? Thanks. Terry _ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot version
I have moved back to F-Prot 3.14b as more of these errors started showing up. Don - Original Message - From: Don Hickey [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 8:58 AM Subject: Re: [Declude.Virus] F-Prot version Spoke too Soon!! 03/10/2004 08:46:35 Q2a4000b700e8a069 Could not find parse string Infection: in report.txt 03/10/2004 08:46:35 Q2a4000b700e8a069 Error 5 in virus scanner 1. 03/10/2004 08:46:36 Q2a4000b700e8a069 Scanned: Error in virus scanner. [MIME: 2 4472] This is with F-Prot 3.14c that was released the other day. Don - Original Message - From: Don Hickey [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 8:41 AM Subject: Re: [Declude.Virus] F-Prot version Ok I took up the Guinea Pig slack, and installed the latest version of F-prot.. I have not seen the winmail.dat error since I installed it about 10 minutes ago. I have caught many viruses during that time. So far so good. Don - Original Message - From: Darin Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 8:21 AM Subject: Re: [Declude.Virus] F-Prot version Actually, F-Prot released a new version of 3.14c (3.14c previously errored on winmail.dat files) on Monday. Haven't tried it out yet. Has anyone taken on the task of being a guinea pig...? Darin. - Original Message - From: Robert Grosshandler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 1:51 AM Subject: RE: [Declude.Virus] [EMAIL PROTECTED] cannot be caught Also - f-prot 3.14b is the current version. It's an important upgrade if I recall correctly. terry ip wrote: Hi All, Desktop Norton caught but declude didn't. I'm using Declude 1.75 + F-prot 3.14a with the latest virus pattern. Anyone have the same problem as I'm? or any cure on this? Thanks. Terry _ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] what is p_usb.zip
I am not sure about F-prot, but Mcafee updated their definition files last night to catch this. Mcafee calls it Proxy-Cidra http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=100939 Don - Original Message - From: Bennie [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 6:32 PM Subject: [Declude.Virus] what is p_usb.zip Hey guys... What is p_usb.zip... my Norton on my computer just caught this that means declude and f-prot missed it. opps .. guess i jumped the gun... my norton says it is Trojan.Download.Inor.B. but why did declude not catch it... Bennie --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT question
Scott, posted this last week: With the latest interim release, you can use: BANEXT EZIP - This line will ban all .ZIP files with an encrypted file in them BANZIPEXTS ON - This line (Pro version only) will ban all file extensions listed in BANEXT lines, if they appear in non-encrypted .ZIP files BANEZIPEXTS ON - This line (Pro version only) will ban all file extensions listed in BANEXT lines, if they appear in encrypted .ZIP files Also, the latest interim (with the Pro version only) will detect bogus .BAT/.COM/.PIF/.SCR files (automatically as vulnerabilities, with no need for config file entries). If you are having any troubles with these, please re-read the information on them, and then be very clear what is happening. There are a lot of possibilities here. You'll need to specify [1] Whether you are using BANZIPEXTS ON or BANEZIPEXTS ON (or the not-recommended-but-still-useful BANEXT EZIP), [2] Whether you have a BANEXT line to block the appropriate file (BANEXT com, for example), [3] What type of file you are sending through (.com? .com within a .zip?), [4] If it is a .ZIP file, is the file inside it encrypted, and [5] What version of Declude Virus are you running (Lite/Standard/Pro, and which version # such as 1.78i8)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 07, 2004 7:22 PM Subject: [Declude.Virus] BANEXT question I'm currently using: BANEXT EZIP, becuase BANEZIP ON does not work for me. I'm running the latest intrum version of Declude w/ F-Prot. I have a Standard Declude license. Does BANEZIP ON only work for the Pro version of Declude? If yes, I guess I should just continue to use BANEXT EZIP ? (Such a wonderful product!) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files
I tried this with 1,2,3 spaces and tabs between the BANZIPEXTS, BANZIPEXTS and the ON. Then I send myself a compress .pif file both pw protected and not pw proteced and every single one was caught (eight total) (as banned extensions ZIP-PIF). All my BANEXT lines have one space between it and the actual extension name...example- BANEXTSPEXE #Regular Zip File BANZIPEXTS ON #Password Protected Zip File BANEZIPEXTS ON Don - Original Message - From: Matt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 10:30 AM Subject: Re: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files Here's a thought. Since this is working in some cases and not in others, maybe there is a syntax bug. I have the following: BANEZIPEXTStabON BANEXTtabEXE BANEXTtabCOM etc. What if someone had spaces, multiple spaces or multiple tabs? How about a space or tab following one of the lines? Maybe Declude isn't parsing this correctly from the config file??? I think it's worth a quick look. Matt R. Scott Perry wrote: I apologize for the flood of emails to you as I know your time is precious. However, I pulled the following that BANZIPEXTS and BANEZIPEXTS was added in i7: Sorry, my mistake. I am unsure on the .zip to .zi_ as I have no issues with Declude with versions 1.78i7 and prior. It was only with i8 that Declude was not seeing the zip with hiding file extensions any longer. Unfortunately, I'm not sure what you are referring to regarding the hiding file extensions. Again, it is vital that people be very clear in their posts. I'm very close to turning this into a moderated list until this all blows over. What we are looking for is to get as much information about bugs in the new interim as quickly as possible on this list, while at the same time minimizing the amount of posts to this list. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New virus Tanx
I will second this once again, I submitted this to Mcafee and the extra.dat file I got mentioned W32/[EMAIL PROTECTED] I haven't received anything back from them since about 1/2 hour ago. So for the .exe name has changed on the ones we have seen. Here is an example from one of the messages we have received - To: [EMAIL PROTECTED] Subject: ID ulkkhfrbtr... thanks From: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=552752223023604 X-Declude-Sender: [EMAIL PROTECTED] [80.146.90.39] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: None [0] X-Note: This E-mail was sent from ([80.146.90.39]). X-Note: Total spam weight of this E-mail is 0 --552752223023604 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Yours ID pysemjfq -- Thank --552752223023604 Content-Type: application/x-msdownload; name=abuj.exe Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=jmbfsarpnpk.exe - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 9:01 AM Subject: [Declude.Virus] New virus Tanx Don FYI, there is a new virus that was discovered several hours ago, and we've already seen several copies come in here. Details are at http://www.sophos.com/virusinfo/analyses/w32tanxa.html . -Scott --- --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New virus Tanx
Mcafee's write up on it... http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=101030 Don - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 9:01 AM Subject: [Declude.Virus] New virus Tanx FYI, there is a new virus that was discovered several hours ago, and we've already seen several copies come in here. Details are at http://www.sophos.com/virusinfo/analyses/w32tanxa.html . -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Incredible.. W32/Mydoom.A@mm
Title: Message I just ran my loganalyzer and yesterday we caught 1566 infected messages and so this am we are at 1400+. Scott, you have given us an awesome tool togive us the ability to stop things cold.I noticed my banext messagesyesterday picking up (a usual sign of a new virus) and your message to the list shortly after that. That gave me time to add the .zip extension and contain this quickly. Iknow some made it through, but it would have been much worse without the features you keep adding and making things more easier on us. Thanks, Don Hickey Knox College - Original Message - From: Kami Razvan To: [EMAIL PROTECTED] Sent: Tuesday, January 27, 2004 7:40 AM Subject: RE: [Declude.Virus] Incredible.. W32/[EMAIL PROTECTED] Hi Andy: Yes... but after the update last night we have caught over 200 of this virus.. Before 5:30 p.m. when we manually updated none of the virus protections were catching it. Of course it is old story by now.. Fascinating.. absolutely fascinating.. Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy SchmidtSent: Monday, January 26, 2004 9:10 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.Virus] Incredible.. W32/[EMAIL PROTECTED]
Re: [Declude.Virus] new forging worm: Bagle
We have seen about 35 so far this morning. Mcafee says it is a Forging virus... Don - Original Message - From: Fritz Squib [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 19, 2004 7:38 AM Subject: RE: [Declude.Virus] new forging worm: Bagle F-Prot reports it as [EMAIL PROTECTED], we've caught 7 so far this morning. http://www.f-prot.com/news/vir_alert/bagle_a.html Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Monday, January 19, 2004 8:27 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] new forging worm: Bagle Today we've hold some mails containing Bagle, a new Mailworm http://vil.nai.com/vil/content/v_100965.htm Please update your virus.cfg file with FORGINGVIRUS Bagle Looks like Symantec's name is Beagle, not Bagle. AVG, Symantec, Nai, F-Secure, Trend and Sophos has updates. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] New Virus - MiMail.C - spreading fast
We started seeing these are 8am this morning The attachment comes as photos.zip and so far neither Mcafee or F-prot is catching them. From: james@current domain (The from address may be spoofed to appear that it is coming from the current domain) - our had knox.edu there. Subject: Re[2]: our private photos Message: Hello Dear!, Finally i've found possibility to right u, my lovely girl :) All our photos which i've made at the beach (even when u're without ur bh:)) photos are great! This evening i'll come and we'll make the best SEX :) Right now enjoy the photos. Kiss, James. Attachment: photos.zip I added BANNAME PHOTOS.zip to my virus.cfg fileuntil the av software updates Don Hickey --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] W32.Mimail.A@mm Virus Fprot Definitions??
I wonder what the heck has happend to F-prot...I have lost all my confidence in them.. Four days is way to long to take to solve this problem. Their website hasn't been updated for a while now... Don - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 04, 2003 9:59 PM Subject: Re: [Declude.Virus] [EMAIL PROTECTED] Virus Fprot Definitions?? Ditto! - Original Message - From: Fritz Squib [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 04, 2003 7:52 PM Subject: RE: [Declude.Virus] [EMAIL PROTECTED] Virus Fprot Definitions?? Yep, I save the attachment from one that got through before. Had f-prot scan it manually and it said it was clean. Fritz Frederick P. Squib, Jr. Network Operations Citizens Telephone Company of Kecksburg Citizens Internet Services http://www.wpa.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Marchette Sent: Monday, August 04, 2003 10:42 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] [EMAIL PROTECTED] Virus Fprot Definitions?? Has anyone bothered to try running the fprot exe scanner on the infected file directly? It may be interesting to see if there is an odd issue with the way Declude is pulling the mail apart before it scans the attachment. --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New interim release of Declude Virus to block Mimail's message.zip
This is an awesome feature to add. This will also help with future virus outbreaks that have us waiting for definition files to be updated from our antivirus vendors... Thanks Don Hickey - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 12:19 PM Subject: Re: [Declude.Virus] New interim release of Declude Virus to block Mimail's message.zip You can download the Declude.exe file from http://www.declude.com/release/175i/Declude.exe and replace your existing \IMail\Declude.exe file. Then, add a line BANNAME message.zip to your \IMail\Declude\virus.cfg file. I forgot to mention that although this feature will likely only be available in the Standard and Pro versions, given the circumstances, it is available in the interim release for all versions of Declude Virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Two scanners?
Take a look the the log file and you can see what scanner detected the virus... Scanner 2: Virus= the W32/[EMAIL PROTECTED] virus !!! Attachment=message.zip [2] This is from this morning and F-Prot is still not catching it... Don Hickey - Original Message - From: Hirthe, Alexander [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 04, 2003 2:38 AM Subject: [Declude.Virus] Two scanners? Hello, since there is no update for F-Prot I installed AVG on my Imail Server. Can I see which scanner worked? Alex --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] SoBig.E
Title: Message Another variant is making it's rounds. This time it comes in a .zip file named your_details.zip. We have received 5 of these in the last twenty minutes. F-Prot catches it with today's signatures. Don
[Declude.Virus] DSN:Conflicting Encoding Vulnerability
Is there a link I can go to to get more information on this vulnerability? I installed 1.63beta this morning and two messages were caught with this vulnerability. I took a look at the messages and here is what happened. The user (using a macintosh and Netscape 4.74) forwarded the message (that was from one of our lists) to another user saying lets go to this. Pretty unevenfull message, but Declude caught this and stopped it Thanks Don Hickey --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] BANEXT notify
I have the BANEXT and the notify working fine. My question is there a way to send the notify email to the postmaster (me) also to let me know that someone tried to send a banned extension? Thanks Don Hickey --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Declude and InoculateIt 6.0
Thanks, I do have it working with inocucmd.exe, I jsut have to work out updating the signature files. I was hoping ot use inocmd32.exe so that they would update automatically. Thanks Don - Original Message - From: Stan Buck To: [EMAIL PROTECTED] Sent: Wednesday, June 12, 2002 1:44 PM Subject: Re: [Declude.Virus] Declude and InoculateIt 6.0 There was a thread about this last month. The statement I got from CA support about inocmd32.exe: "The scan from the DOS mode will not able to report the virus name, even thesummary will display about the infection and will take necessary action, theonly way to find out is using scan from the windows mode." There is an older version called inocucmd.exe which will report the virus name. It was distributed with Inoculan 4.0 (or thereabouts). I don't know if it will work with InoculateIT 6.0, though one of these days I intend to find out. Stan Buck - Original Message - From: Don Hickey To: [EMAIL PROTECTED] Sent: Wednesday, June 12, 2002 2:29 PM Subject: [Declude.Virus] Declude and InoculateIt 6.0 Is anyone running declude and InoculteIT 6.0 and able to receive the virusname in the message. I am close but wasn't sure if anyone has had any luckgetting this to work. If so could you please send your command lineI am trying to use inocmd32.exe to do the scanning.ThanksDon Hickey---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". You can E-mail[EMAIL PROTECTED] for assistance. You can visit our website at http://www.declude.com .