The Declude/Fprot catches Anna if running Declude 1.14 for me.
What version F-Prot are you running. What are the dates on your .def files?
----- Original Message -----
From: "OurLists" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 16, 2001 2:16 PM
Subject: RE: [Declude.Virus] Problem with f-prot
> I have the latest everything with all of them. But the problem I have with
> both f-prot and cai innoculateit is that if I run them from the command line
> against any variation of anna then neither product reports a virus. And
> that's running quite a few different arguemnt combinations although I
> certainly wouldn't say I'd exhausted all possible combinations.
>
> Once it was finally updated for the 2nd time on Monday InnoculateIt refused
> me to permission to open (or mail or antyhing else) the same anna attachment
> that it still will not report from command line. So I assume something in
> their program is detecting the environment and that makes a difference. I
> don't have the f-prot Window's program, only the command line. So I don't
> know if it works similarly or not. I would like to know if someone has made
> it work and if so what arguments you gave it. I understand the reasoning
> that as a text file they aren't dangerous but for working with declude it
> does not seem valid to me.
>
> I assume if I can't get a program to report anything to me from command line
> that it would not report anything to declude or is there some way that
> declude interfaces that I am missing?
>
>
> Terry
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
> Sent: Friday, February 16, 2001 12:22 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.Virus] Problem with f-prot
>
>
>
> >My problem with f-prot was with email attachments like anna but not just
> >anna. I asked f-prot about it and they replied that "it only worked with
> >Outlook". I think what they meant that if I had been running their windows
> >product it might have caught it if I tried to open the anna file.
>
> You might want to try v1.14 with F-Prot, if you haven't yet. It's possible
> that McAfee was able to catch viruses in files that were slightly different
> than the way the virus was originally created (for example, a carriage
> return and linefeed (CRLF) instead of just a carriage return (CR)).
>
> But I was impressed that McAfee was able to catch the "Anna" virus as soon
> as it hit on Monday.
>
> >Unless there is something I'm missing I can't make either f-prot or
> >InoculateIt catch anna in any format I've tried.
>
> You may want to check our "Test Mail Sender" at
> http://www.declude.com/tools , and use the "eicarquoted" one, and make sure
> it gets caught. If properly decoded, it will get caught by the virus
> scanner.
>
> >McAffee command line on the other hand found it from the beginning but
> >declude didn't act properly until Scott fixed it.
>
> Actually, it would depend on the specific encoding type used. Most viruses
> are spread using the MIME base64 encoding type. This one was sometimes
> sent using base64, and sometimes using the "quoted-printable" type, which
> had varying results.
>
>
> [ This E-mail came from the Declude.Virus mailing list. To ]
> [ unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ]
> [ type "unsubscribe Declude.Virus yourname". You can E-mail ]
> [ [EMAIL PROTECTED] for assistance. You can visit our web ]
> [ site at http://www.declude.com . ]
[ This E-mail came from the Declude.Virus mailing list. To ]
[ unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ]
[ type "unsubscribe Declude.Virus yourname". You can E-mail ]
[ [EMAIL PROTECTED] for assistance. You can visit our web ]
[ site at http://www.declude.com . ]
