Is this what you are seeing?
http://www.sophos.com/virusinfo/analyses/w32feebsa.html
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of JT
Sent: Thursday, January 05, 2006 6:44 AM
To: declude.virus@declude.com
Subject:
What I am experiencing is that the server lets the virus go through the
system. It scans and result is clean, the end user gets the email and
their Symantec Enterprise snags it and tags it as [EMAIL PROTECTED]
On Thu, 2006-01-05 at 08:25 -0800, John T (Lists) wrote:
Is this what you are seeing?
That means you are not blocking banned extensions within zip files?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of JT
Sent: Thursday, January 05, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus]
Virus pro only, IIRC.
-Dan Horne
John T (Lists) wrote on Thursday, January 05, 2006 12:31 PM:
Into the Virus.cfg file:
BANEZIPEXTS ON
BANZIPEXTSON
John T
eServices For You
CONFIDENTIALITY NOTICE:
This email message,
John,
Thanks for the help!
Regards,
JT
On Thu, 2006-01-05 at 09:31 -0800, John T (Lists) wrote:
Into the Virus.cfg file:
BANEZIPEXTS ON
BANZIPEXTSON
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of JT
I just saw two today. This may not be what you're seeing, JT, but here
goes:
What I saw were two broken Sober.X messages that were bounced with the
original message (the viral message) truncated. F-Prot didn't trigger
on the broken attachment and the bounce didn't trigger my custom filters
to
I found this blurb on their site saying what is new for version 3.16e
http://www.f-prot.com/news/gen_news/060104_release_win316e_exchange123.h
tml
FRISK Software has released versions 3.16e of F-Prot Antivirus for
Windows and version 1.2.3 of F-Prot Antivirus for Exchange.
These newest
For what it's worth, I just tested the 3.16d and 3.16e versions of
fpcmd.exe and they behaved identically on the single sample I had.
They return errorlevel = 8 (suspicious file found) and here is the text
when run manually (as opposed to within Declude):
c:\virus-quarantine\wmf\bg.wmf Contains
http://www.microsoft.com/technet/security/bulletin/advance.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
Andrew 8)
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe,
Andrew,
I suspected that but we'll see my results. I did what John suggested and
I also have ClamAV and F-Prot running simultaneously. Doing this has
seemed to cut down the Sober.Xs completely but now I have a customer
complaining that trojan.lodear and sober.l variant is getting through, I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: Microsoft Security Response Center Bulletin Notification
Issued: January 05, 2006
Summary
===
Are you using the correct switches for F-Prot?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of JT
Sent: Thursday, January 05, 2006 12:49 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Sober.X Variant
12 matches
Mail list logo