... we have discovered that their products would detect these
viruses if they were executed on a system,
I strongly hope that every AV-engine installed on a local machine is able to
detect any known virus, if this virus was extracted from the encrypted zip
file after the (dumb) user has
Good morning. Here's a new twist.
I got one this morning that read:
The mail server for continentaloffice.com does not accept E-mail with
attachments that contain the readme.zip extension.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Good morning. Here's a new twist.
I got one this morning that read:
The mail server for continentaloffice.com does not accept E-mail with
attachments that contain the readme.zip extension.
That's how the new change works to prevent it from saying ... contain the
. extension, until a better
the minimum that would be practicaly usable for us :
1- Notifications based on banned extension: ONLYSENDIFEXT, SKIPIFEXT
This we hope to add.
2-BANEZIPEXT2 independant from banext, as in
BANEZIPEXT2 exe
BANEZIPEXT2 com
BANEXT scr
BANEZIPEXT ON
This we will likely be adding.
3-
I do believe that JunkMail Pro can be used to look at the base64 code of
the message, and if you can pull the proper header out, you can tag the
attachment type. This is what I was looking to do when I was asking for
someone to send me a copy of the virus early on, apparently there is a
one
By detecting the file type instead of just the extension, and allowing
configurable actions based on detected filetype, we could avoid future
viruses that ask the user to rename the file upon receipt.
But, that prevents people from doing the same for good purposes, too. So
you can no longer say
I am trying to allow standard .zip files but block encrypted/password
protected .zip files. I have the BANEXT ezip line included in the
virus.cfg file, but it still allows the message through. Am I doing
something wrong?
Thanks,
Greg
---
[This E-mail scanned for viruses by Declude Virus]
---
According to AVERT (McAfee's Virus Lab), their Gateway products are
catching the .J (variable password) files, but the desktops are not.
I read by "Gateway products" they are pulling the password from the
body and using that to unpack and check.
Unless there is a "simple/quick" backdoor/crack
Matt,
Would you please provide a description of the switches your are using with the 32-bit
AVG setup.
Thanks,
Bill
-- Original Message --
From: Butch Andrews [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Fri, 05 Mar 2004 09:38:12 -0600
Scott
