Ditto.
F-Prot notices that the zip file is password protected and
I can see that there is a very-Bagle-ish gif fileof the
password.
David Barker's earlier response of
using:
BANEXT
EZIP
in your virus.cfg will work
to catch these.
I received a single copy,
and it was from a likely
:
declude.virus@declude.comSubject: RE: [Declude.Virus] another new
virus
Ditto.
F-Prot notices that the zip file is password protected
and I can see that there is a very-Bagle-ish gif fileof the
password.
David Barker's earlier response of
using:
BANEXT
EZIP
in your
to combine this test
with some mailfrom validating test as this addresses are
forged.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Tuesday, April 19, 2005 3:33 AMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] Another new
virus
@declude.com
Subject: Re: [Declude.Virus] Another new virus
FYI, I have found that F-Prot continues to throw Virus Code 8 for what
McAfee is detecting as Bagle.gen even though 4 or so days have past.
I'm not clear on whether or not this is intentional in F-Prot or if
this is one
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Tuesday, April 19, 2005 3:56 PMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] Another new
virus
Markus,This will work great with things like my IPINMX test
which is anything that doesn't hit IPNOTINMX and has
]]
On Behalf Of Matt
Sent: Tuesday, April 19, 2005 3:33 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Another new virus
FYI, I have found that F-Prot continues to throw Virus Code 8 for what
McAfee is detecting as Bagle.gen even though
PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Another new virus
I've seen one sample in the last few minutes. It arrives as jokes.zip,
and
www.virustotal.com describes the enclosed 123456.exe as:
This is a report processed by VirusTotal on 04/16/2005 at 00:11:32 (CET
, 2005 3:14 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Another new virus
I've seen one sample in the last few minutes. It arrives as jokes.zip,
and
www.virustotal.com describes the enclosed 123456.exe as:
This is a report processed by VirusTotal on 04/16/2005
I also wanted to add that the zip file viruses did finally slip
through my server on Saturday morning for a period of a few hours
The Saturday onslaught was unusual in
that they managed to hit multiple accounts and get by multiple systems (F-prot
and Brightmail). The only good thing
Looks like yesterday's RAR's coming in as ZIPs. And my F-Prot/ClamAV and
desktop Trend Micro still don't see anything!! Deleting them nevertheless.
John
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Friday, April 15,
You guys are all pretty funny with your "thankfully" stuff. Remember,
this is all just a collection of opinions. I have no issues, and
haven't for some time.
Anyway, I don't bounce messages for any tagged virus so I haven't been
having issues with Mytob causing backscatter since Declude
I've seen one sample in the last few minutes. It arrives as jokes.zip, and
www.virustotal.com describes the enclosed 123456.exe as:
This is a report processed by VirusTotal on 04/16/2005 at 00:11:32 (CET) after
scanning the file 123456.exe file.
Antivirus Version Update Result
AntiVir
12 matches
Mail list logo
