Andrew.. Why not block any .exe attachments?
In our system AVG is detecting it. Kami -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Saturday, December 30, 2006 12:11 PM To: [email protected] Subject: [Declude.Virus] New virus to add to your banned names in virus.cfg http://isc.sans.org/diary.php?storyid=1988 BANNAME Greeting Card.exe BANNAME Greeting Postcard.exe BANNAME GreetingCard.exe Which may be related to a rash these that my mailserver received on Dec 28th, as the executables are the same size but contain may differences: BANNAME postcard.exe As of this writing, F-Prot detected neither executable, and Trend Micro does not yet, unless you use the "CPR" version to obtain the beta of the next pattern update. Andrew. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Darrell ([EMAIL PROTECTED]) > Sent: Tuesday, December 26, 2006 6:05 AM > To: [email protected] > Subject: Re: [Declude.Virus] How to block an IP > > Joe, > > Just add the IP or CIDR block into the SMTP access control in Imail. > > Darrell > -------------------------------------------------------------- > ---------- > Check out http://www.invariantsystems.com for utilities for Declude > And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI > integration, MRTG Integration, and Log Parsers. > > ----- Original Message ----- > From: "J Porter" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Monday, December 25, 2006 11:06 PM > Subject: [Declude.Virus] How to block an IP > > > Is there a way to block an IP address before analysis by Declude's AV > (Ver > 1.82 - Imail 8.x)? > > I thought I should be able to do this with rules.ima by looking for a > line in the header. So I have a line that says > H~xxx\.yyy\.zz\. > but it doesn't work. (In case you can't see it, the lines read \. = > slash dot per Ipswitch docs) I don't think the H~ (header contains) > command reads everything in the header. > > ~Joe > > > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > > > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
