For those of us poor saps who don't have Pro, here's a compiled list from a couple of sources of zip filenames to ban.
Due to the variation in filenames, it would be useful to have BANNAME allow some minimal pattern matching. That would have made this list a bit shorter. # Added 11/21/2005 to handle new Sober.X/Z variants BANNAME downloadm.zip BANNAME Ebay.zip BANNAME Ebay-User_RegC.zip BANNAME Email.zip BANNAME Email_text.zip BANNAME injection.zip BANNAME mail.zip BANNAME mailtext.zip BANNAME reg_pass.zip BANNAME reg_pass-data.zip BANNAME Service.zip BANNAME Webmaster.zip BANNAME Postman.zip BANNAME Info.zip BANNAME Hostmaster.zip BANNAME Postmaster.zip BANNAME Admin.zip BANNAME Service-TextInfo.zip BANNAME Webmaster-TextInfo.zip BANNAME Postman-TextInfo.zip BANNAME Info-TextInfo.zip BANNAME Hostmaster-TextInfo.zip BANNAME Postmaster-TextInfo.zip BANNAME Admin-TextInfo.zip BANNAME Downloads.zip BANNAME BKA.zip BANNAME Internet.zip BANNAME Post.zip BANNAME Anzeige.zip BANNAME BKA.Bund.zip BANNAME AkteDownloads.zip BANNAME AkteBKA.zip BANNAME AkteInternet.zip BANNAME AktePost.zip BANNAME AkteAnzeige.zip BANNAME AkteBKA.Bund.zip BANNAME Kandidat.zip BANNAME WWM.zip BANNAME Auslosung.zip BANNAME Casting.zip BANNAME Gewinn.zip BANNAME Info.zip BANNAME RTL-Admin.zip BANNAME RTL.zip BANNAME Webmaster.zip BANNAME RTL-TV.zip BANNAME Kandidat_Text.zip BANNAME WWM_Text.zip BANNAME Auslosung_Text.zip BANNAME Casting_Text.zip BANNAME Gewinn_Text.zip BANNAME Info_Text.zip BANNAME RTL-Admin_Text.zip BANNAME RTL_Text.zip BANNAME Webmaster_Text.zip BANNAME RTL-TV_Text.zip Darin. ----- Original Message ----- From: "John T (Lists)" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, November 21, 2005 4:53 PM Subject: RE: [Declude.Virus] New Virus Strain Pounding my systems If you have Pro version you should be always blocking using "BANZIPEXTS ON" and "BANEZIPEXTS ON". John T eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Rick Davidson > Sent: Monday, November 21, 2005 12:12 PM > To: [email protected] > Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems > > It is coming in with alot of different zip file names and body names now, I > blocked all zip files and submitted samples > > I am really getting hit hard > > Rick Davidson > National Systems Manager > North American Title Group > 440-639-0607 - Office > 951-233-6342 - Mobile > [EMAIL PROTECTED] > - > ----- Original Message ----- > From: "Matt" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Monday, November 21, 2005 2:51 PM > Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems > > > > McAfee is detecting this currently as W32/[EMAIL PROTECTED] F-Prot is still > > missing it. My first hit was at 2:08 p.m. EST, just 40 minutes ago and > > McAfee seems to have had this one tagged prior to the outbreak starting > > since none have slipped through yet. > > > > Matt > > > > > > > > Rick Davidson wrote: > > > >> heads up folks, I am stopping a new zip virus with the following junkmail > >> rules, this is all I have seen so far. Contains an exacutable payload > >> called File-packed_dataInfo.exe > >> > >> Rick Davidson > >> National Systems Manager > >> North American Title Group > >> 440-639-0607 - Office > >> 951-233-6342 - Mobile > >> [EMAIL PROTECTED] > >> - > >> --- > >> This E-mail came from the Declude.Virus mailing list. To > >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >> type "unsubscribe Declude.Virus". The archives can be found > >> at http://www.mail-archive.com. > >> > >> > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > > > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
