[Declude.Virus] McAfee 4241 missing w32/SoBig
f-prot scanner caught 8 messages yesterday with the w32/SoBig.A@mm virus that Mcafee (NAI) passed. Mcafee dat is at 4241 released 1/8. I scanned the smd file with NAV and it also reported soBig. Reviewing NAI for information on w32/soBig.A http://vil.nai.com/vil/content/v_99950.htm indicates minimum dat is 4242 release date 1/15. As far as I know there is no extra dat on nai's site for this. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Lentin virus passing Declude and f-prot but caught by local f-prot but caught by local f-prot
John, You make a good point. But let me say that I do have Banext scr in the config file. So that add to the question why did the message go through, Lenny Bauman - Original Message - From: John Tolmachoff To: [EMAIL PROTECTED] Sent: Friday, January 10, 2003 8:38 PM Subject: RE: [Declude.Virus] Lentin virus passing Declude and f-prot but caught by local f-prot but caught by local f-prot I have a customer that is infected with the mailto:w32/Lentin.H@mmw32/Lentin.H@mm virus. He is sending messages to my Billing manger and they are going through. I should point out atthis time that to message does not set off f-prot on her computer. She has forwaeded the message to me as an attchment. As soon as I open the message that is attched it sets off my f-prot. The message still opens and I can see the attchment of *.scr. I have saved the attched file and sent it to my billing mangers e-mail address and declude and f-prot stop it at the imail server. I don't understand why the message get through when it is sent from the infected computer but is caught when I send it. I would all so thing that the message shoulf be stop when it is forwarded as an attachment to me. I still have the forwarded email if you want to see it or if you think I should send it to f-prot. I am lost as to why this is happening and am looking for a good answer.This is also makes one more point for blocking harmful attachments, such asscreen savers, which are really programs.John Tolmachoff MCSE, CSSAIT Manager, Network EngineerRelianceSoft, Inc.Fullerton, CA 92835www.reliancesoft.com---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com.---[This E-mail scanned for viruses by LRBCG.COM, Inc.]
Re: [Declude.Virus] Lentin virus passing declude and f-prot but caught by local f-prot but caught by local f-prot
Scott,
I am running v1.53. I will look into
getting the .mbx file from the billing managers mail box if I can.
Lenny
Bauman
- Original Message -
From:
R. Scott
Perry
To: [EMAIL PROTECTED]
Sent: Friday, January 10, 2003 6:38
PM
Subject: Re: [Declude.Virus] Lentin virus
passing declude and f-prot but caught by local f-prot but caught by local
f-prot
I have a customer that is
infected with the mailto:w32/Lentin.H@mmw32/Lentin.H@mm
virus. He is sending messages to my Billing manger and they are
going through. I should point out at this time that to message
does not set off f-prot on her computer. She has forwaeded the
message to me as an attchment. As soon as I open the message
that is attched it sets off my f-prot. The message still opens
and I can see the attchment of *.scr. I have saved the attched file and
sent it to my billing mangers e-mail address and declude and f-prot
stop it at the imail server. I don't understand why the message
get through when it is sent from the infected computer but is caught
when I send it. I would all so thing that the message shoulf be
stop when it is forwarded as an attachment to me. I still
have the forwarded email if you want to see it or if you think I
should send it to f-prot. I am lost as to why
this is happening and am looking for a good answer.What version of
Declude Virus are you running ("\IMail\Declude -diag" from a command
prompt will show you)? Some older versions (a year old or older
typically) may not catch all variants of some modern viruses, as some new
viruses now spread in non-RFC-compliant ways.The best way to
determine the problem is if you can get one of the viruses in an .mbx file
before it is downloaded, you can send it to us for analysis (if the
original E-mail is still in the .mbx file, it will have the raw E-mail
headers, and we can test it
here).
-Scott---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This
E-mail came from the Declude.Virus mailing list. Tounsubscribe, just
send an E-mail to [EMAIL PROTECTED], andtype
"unsubscribe Declude.Virus". The archives can be foundat
http://www.mail-archive.com.---[This
E-mail scanned for viruses by LRBCG.COM,
Inc.]
Re: [Declude.Virus] Lentin virus passing declude and f-prot but caught by local f-prot but caught by local f-prot
i had the same problem with lentin while running
declude 1.61
upgrading to 1.65 fixed the problem
- Original Message -
From:
Lenny Bauman
To: [EMAIL PROTECTED]
Sent: Saturday, January 11, 2003 3:57
PM
Subject: Re: [Declude.Virus] Lentin virus
passing declude and f-prot but caught by local f-prot but caught by local
f-prot
Scott,
I am running v1.53. I will look into
getting the .mbx file from the billing managers mail box if I
can.
Lenny
Bauman
- Original Message -
From:
R. Scott
Perry
To: [EMAIL PROTECTED]
Sent: Friday, January 10, 2003 6:38
PM
Subject: Re: [Declude.Virus] Lentin
virus passing declude and f-prot but caught by local f-prot but caught by
local f-prot
I have a customer that is
infected with the mailto:w32/Lentin.H@mmw32/Lentin.H@mm
virus. He is sending messages to my Billing manger and they
are going through. I should point out at this time that to
message does not set off f-prot on her computer. She has
forwaeded the message to me as an attchment. As soon as I open the
message that is attched it sets off my f-prot. The message
still opens and I can see the attchment of *.scr. I have
saved the attched file and sent it to my billing mangers e-mail
address and declude and f-prot stop it at the imail server. I
don't understand why the message get through when it is sent from
the infected computer but is caught when I send it. I would
all so thing that the message shoulf be stop when it is forwarded
as an attachment to me. I still have the forwarded email if
you want to see it or if you think I should send it to
f-prot. I am lost as to why this is
happening and am looking for a good answer.What version of Declude
Virus are you running ("\IMail\Declude -diag" from a command prompt will
show you)? Some older versions (a year old or older typically) may
not catch all variants of some modern viruses, as some new viruses now
spread in non-RFC-compliant ways.The best way to determine the
problem is if you can get one of the viruses in an .mbx file before it
is downloaded, you can send it to us for analysis (if the original
E-mail is still in the .mbx file, it will have the raw E-mail headers,
and we can test it
here).
-Scott---[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]---This
E-mail came from the Declude.Virus mailing list. Tounsubscribe,
just send an E-mail to [EMAIL PROTECTED], andtype
"unsubscribe Declude.Virus". The archives can be
foundat http://www.mail-archive.com.---[This
E-mail scanned for viruses by LRBCG.COM,
Inc.]
Re: [Declude.Virus] Lentin virus passing declude and f-prot but caught by local f-prot but caught by local f-prot
Scott, I have the .mbx file with the infected mail in it. What address do you me to send it to. Lenny Bauman - Original Message - From: R. Scott Perry To: [EMAIL PROTECTED] Sent: Saturday, January 11, 2003 11:49 AM Subject: Re: [Declude.Virus] Lentin virus passing declude and f-prot but caught by local f-prot but caught by local f-prot I am running v1.53. I will look into getting the .mbx file from the billing managers mail box if I can.I would recommend upgrading to v1.65, as there have been a number of improvements since 1.53.If you can get a copy of the E-mail in an .mbx file, that would be very helpful, as I can then make sure that gets handled properly with the latest release. -Scott---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com.---[This E-mail scanned for viruses by LRBCG.COM, Inc.]
RE: [Declude.Virus] Outlook 'MIME segment in MIME Postamble' Vulnerability
I used Eudora, and discovered that on my unfiltered account, we were passing some of these problem messages on. When they did, they occasionally caused problems on the receivers end. So I quit using Eudora and went back to Outlook. Kendra Customer Support http://www.kendra.com/support [EMAIL PROTECTED] 425-397-7911 This Email was scanned for viruses Junk Email filtered ISP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Marc Catuogno Sent: Friday, January 10, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Outlook 'MIME segment in MIME Postamble' Vulnerability I think I'm going to seriously start looking at Eudora as it appears that most of these vulnerabilities are always in Outlook or Outlook express. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] McAfee 4241 missing w32/SoBig
NAI just sent me an extra.dat but I had to request it. After installation of the extra.dat the Mcafee scanner is now detecting this virus: Scanner 2: Virus= the W32/Sobig@MM (ED) virus !!! Attachment=Sample.pif [0] I Getting several of these now. Based on what I am seeing the treat assessment may be a little low. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Lentin virus passing declude and f-protbut caught by local f-prot but caught by local f-prot
I have the .mbx file with the infected mail in it. What address do you me to send it to. If you could send it to [EMAIL PROTECTED], that would be great. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Lentin virus passing declude and f-prot but caught by local f-prot but caught by local f-prot
Scott I have sent the message with infected .mbxas you have asked. Lenny Bauman - Original Message - From: R. Scott Perry To: [EMAIL PROTECTED] Sent: Saturday, January 11, 2003 1:46 PM Subject: Re: [Declude.Virus] Lentin virus passing declude and f-prot but caught by local f-prot but caught by local f-prot I have the .mbx file with the infected mail in it. What address do you me to send it to.If you could send it to [EMAIL PROTECTED], that would be great. -Scott---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com.---[This E-mail scanned for viruses by LRBCG.COM, Inc.]
