FYI:
I just noticed my Mcafee installs have a new Scan engine.
The new Mcafee scan engine - 4.1.50 was released on the 9/26.
CHECK YOUR VERSION. Some versions of Mcafee's auto-update only update the
.dat files and and not the engine.
Most important addition from a Declude perspective -- TNEF support!
Jerry
Excerpt from the 4.1.50 release notes:
----------------------------------------------
The v4.1.50 McAfee scan engine included with this
SuperDAT package installer release has these
enhancements and new features:
- Support for ACE (WinACE) Archiver
The engine can now detect virus infections
within files compressed by WinACE.
- Support for additional packers
The engine can now detect virus infections
within files packed by PKLITE32, ELiTeWrap,
Joiner, PEBundle, PEBundle Write-To-Disk,
and tElock.
- Support for newer versions of packers
The engine can now detect virus infections
within files packed by newer versions of
Petite, ASPack, UPX, NeoLite, and PECompact.
- Support for BZIP compression format
The engine can now detect virus infections
within files compressed by BZIP.
- Support for additional LHA compression formats,
LH6 and LH7
The engine can now detect virus infections
within files compressed by LH6 and LH7 variants
of LHA.
- Support for zcompress compression format
The engine can now detect virus infections
within files compressed by zcompress.
- Support for PDF 5.0 files
The engine can now detect virus infections
in embedded objects within Adobe Acrobat
PDF 5.0 files.
- Default scanning for MIME formats
Files in MIME format are now scanned by default.
A 'nomime' switch has been added to command-line
scanners to prevent MIME scanning, if required.
- Improved scanning for MIME formats
The engine can now detect virus infections
within e-mail messages with non-standard
MIME formats. The engine now scans all
attachments and also any content that is
not plain text.
- Support for Unicode and Unicode big-endian
saved scripts
The engine can now detect virus infections
within VBS and Java scripts saved in Unicode
or Unicode big-endian format. (This format
is found in Macintosh and UNIX files).
- Support for Compiled Help files
The engine can now detect virus infections
within compiled HTML help files (Microsoft's
.CHM files). This compressed format requires
that the /UNZIP switch is used.
- Support for Microsoft Exchange internal
data-transfer format
The engine can now detect virus infections
within Microsoft Exchange e-mail files that use
Transport-Neutral Encapsulation Format (TNEF).
- Support for Internet Message Connector (IMC)
Archive format.
The engine can now detect virus infections
within IMC mail archives.
- Support for uncompressed VBA in Visio files
The engine can now detect virus infections
within uncompressed Visual Basic for
Applications scripts in Visio files.
- Improved heuristic analysis for 32-bit Windows
applications
The engine uses improved heuristic analysis
within Microsoft Windows 32-bit executables
enabling it to detect unknown virus infections.
- Support for compressed RTF and HTML in
Microsoft Outlook messages
The engine can now detect virus infections
within compressed data in Microsoft Outlook
and Exchange e-mail messages.
- Support for Outlook Express e-mail files
The engine now scans within Outlook Express
e-mail message (.EML) files by default.
- Support for Script Component Type Libraries
The engine can now detect virus infections
within Script Component Type Libraries
(.HTA files).
- Support for NTFS streams (Applicable to
Windows 2000 and Windows NT only)
The command-line scanner can now detect virus
infections within NTFS streams in an NTFS file.
The colon (:) notation is understood, and
a new switch, /STREAMS has been introduced.
- Improved performance when scanning Windows 32 applications
A new technology has been created for virus
analysis within Windows 32 applications written
in high-level languages.
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
