I have the latest everything with all of them. But the problem I have with
both f-prot and cai innoculateit is that if I run them from the command line
against any variation of anna then neither product reports a virus. And
that's running quite a few different arguemnt combinations although I
certainly wouldn't say I'd exhausted all possible combinations.
Once it was finally updated for the 2nd time on Monday InnoculateIt refused
me to permission to open (or mail or antyhing else) the same anna attachment
that it still will not report from command line. So I assume something in
their program is detecting the environment and that makes a difference. I
don't have the f-prot Window's program, only the command line. So I don't
know if it works similarly or not. I would like to know if someone has made
it work and if so what arguments you gave it. I understand the reasoning
that as a text file they aren't dangerous but for working with declude it
does not seem valid to me.
I assume if I can't get a program to report anything to me from command line
that it would not report anything to declude or is there some way that
declude interfaces that I am missing?
Terry
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Friday, February 16, 2001 12:22 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Problem with f-prot
>My problem with f-prot was with email attachments like anna but not just
>anna. I asked f-prot about it and they replied that "it only worked with
>Outlook". I think what they meant that if I had been running their windows
>product it might have caught it if I tried to open the anna file.
You might want to try v1.14 with F-Prot, if you haven't yet. It's possible
that McAfee was able to catch viruses in files that were slightly different
than the way the virus was originally created (for example, a carriage
return and linefeed (CRLF) instead of just a carriage return (CR)).
But I was impressed that McAfee was able to catch the "Anna" virus as soon
as it hit on Monday.
>Unless there is something I'm missing I can't make either f-prot or
>InoculateIt catch anna in any format I've tried.
You may want to check our "Test Mail Sender" at
http://www.declude.com/tools , and use the "eicarquoted" one, and make sure
it gets caught. If properly decoded, it will get caught by the virus
scanner.
>McAffee command line on the other hand found it from the beginning but
>declude didn't act properly until Scott fixed it.
Actually, it would depend on the specific encoding type used. Most viruses
are spread using the MIME base64 encoding type. This one was sometimes
sent using base64, and sometimes using the "quoted-printable" type, which
had varying results.
[ This E-mail came from the Declude.Virus mailing list. To ]
[ unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ]
[ type "unsubscribe Declude.Virus yourname". You can E-mail ]
[ [EMAIL PROTECTED] for assistance. You can visit our web ]
[ site at http://www.declude.com . ]
