don't you need to put in /tnef too? or just /archive can someone tell me what this means too .......
VIRUSCODE 3 VIRUSCODE 6 in the virus.cfg file... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jerry Murdock Sent: Friday, October 05, 2001 11:24 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] New Mcafee Scan Engine Released - 4.1.50 /archive is all that appears to be needed. Jerry ----- Original Message ----- From: "Dan Spangenberg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 05, 2001 2:11 PM Subject: RE: [Declude.Virus] New Mcafee Scan Engine Released - 4.1.50 > Oh - TNEF.... > > I thought it was typo and you were saying TGIF! And I said yessirree to > that! > I'm glad it is Friday too.... :-) > > Seriously now. So on FProt, what lines do we add? /TNEF and also /archive ? > > Thanks > Dan > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Jerry Murdock > > Sent: Friday, October 05, 2001 11:39 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.Virus] New Mcafee Scan Engine Released - 4.1.50 > > > > > > Transport-Neutral Encapsulation Format (TNEF). > > > > MS Outlook (not OE) will encapsulate attachments and message text > > into a .dat > > file if the user has selected to send the message in .rtf format. The > > attachment is either att###.dat or winmail.dat in TNEF format. > > Usually there > > is a .txt attachment as well with the plain text version of the message. > > > > In OE these messages usually appear as a blank message with one > > .txt and one > > .dat attachment. > > > > It has been a thorn in my side for a while in dealing with > > Outlook / Exchange > > centric environments. The worms generally don't spread that way, but mail > > coming in from other companies with (otherwise legitimate)infected office > > files have been a problem. Generally it's the more benign stuff > > like Laroux > > or Myna that has probably been on the sender's machine unnoticed > > for a long > > time, and the recipient's desktop scanner catches it without > > problems. But the > > "Why did this get through..." type questions still have to be handled. > > > > I had wedged in my own TNEF extraction at the top of my Declude > > scanner batch > > file a while back. Now I can strip out that kludge. Turns out I probably > > could have done so a couple of months ago with F-Prot if the > > support had been > > announced. > > > > Jerry > > > > > > ----- Original Message ----- > > From: "Mark Chadwick" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, October 05, 2001 1:15 PM > > Subject: RE: [Declude.Virus] New Mcafee Scan Engine Released - 4.1.50 > > > > > > > What's TNEF!!?? > > > > > > Mark Chadwick > > > IT Support Engineer > > > Science International > > > Bateman House > > > 82-88 Hills Road > > > Cambridge > > > UK > > > CB2 1LQ > > > > > > Tel: +44 (0)1223 326512 > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Jerry Murdock > > > Sent: Friday, October 05, 2001 4:51 PM > > > To: [EMAIL PROTECTED] > > > Subject: [Declude.Virus] New Mcafee Scan Engine Released - 4.1.50 > > > > > > > > > FYI: > > > > > > I just noticed my Mcafee installs have a new Scan engine. > > > > > > The new Mcafee scan engine - 4.1.50 was released on the 9/26. > > > > > > CHECK YOUR VERSION. Some versions of Mcafee's auto-update only > > update the > > > .dat files and and not the engine. > > > > > > Most important addition from a Declude perspective -- TNEF support! > > > > > > Jerry > > > > > > > > > > > > > > > Excerpt from the 4.1.50 release notes: > > > ---------------------------------------------- > > > > > > The v4.1.50 McAfee scan engine included with this > > > SuperDAT package installer release has these > > > enhancements and new features: > > > > > > > > > - Support for ACE (WinACE) Archiver > > > > > > The engine can now detect virus infections > > > within files compressed by WinACE. > > > > > > > > > - Support for additional packers > > > > > > The engine can now detect virus infections > > > within files packed by PKLITE32, ELiTeWrap, > > > Joiner, PEBundle, PEBundle Write-To-Disk, > > > and tElock. > > > > > > > > > - Support for newer versions of packers > > > > > > The engine can now detect virus infections > > > within files packed by newer versions of > > > Petite, ASPack, UPX, NeoLite, and PECompact. > > > > > > > > > - Support for BZIP compression format > > > > > > The engine can now detect virus infections > > > within files compressed by BZIP. > > > > > > > > > - Support for additional LHA compression formats, > > > LH6 and LH7 > > > > > > The engine can now detect virus infections > > > within files compressed by LH6 and LH7 variants > > > of LHA. > > > > > > > > > - Support for zcompress compression format > > > > > > The engine can now detect virus infections > > > within files compressed by zcompress. > > > > > > > > > - Support for PDF 5.0 files > > > > > > The engine can now detect virus infections > > > in embedded objects within Adobe Acrobat > > > PDF 5.0 files. > > > > > > > > > - Default scanning for MIME formats > > > > > > Files in MIME format are now scanned by default. > > > A 'nomime' switch has been added to command-line > > > scanners to prevent MIME scanning, if required. > > > > > > > > > - Improved scanning for MIME formats > > > > > > The engine can now detect virus infections > > > within e-mail messages with non-standard > > > MIME formats. The engine now scans all > > > attachments and also any content that is > > > not plain text. > > > > > > > > > - Support for Unicode and Unicode big-endian > > > saved scripts > > > > > > The engine can now detect virus infections > > > within VBS and Java scripts saved in Unicode > > > or Unicode big-endian format. (This format > > > is found in Macintosh and UNIX files). > > > > > > > > > - Support for Compiled Help files > > > > > > The engine can now detect virus infections > > > within compiled HTML help files (Microsoft's > > > .CHM files). This compressed format requires > > > that the /UNZIP switch is used. > > > > > > > > > - Support for Microsoft Exchange internal > > > data-transfer format > > > > > > The engine can now detect virus infections > > > within Microsoft Exchange e-mail files that use > > > Transport-Neutral Encapsulation Format (TNEF). > > > > > > > > > - Support for Internet Message Connector (IMC) > > > Archive format. > > > > > > The engine can now detect virus infections > > > within IMC mail archives. > > > > > > > > > - Support for uncompressed VBA in Visio files > > > > > > The engine can now detect virus infections > > > within uncompressed Visual Basic for > > > Applications scripts in Visio files. > > > > > > > > > - Improved heuristic analysis for 32-bit Windows > > > applications > > > > > > The engine uses improved heuristic analysis > > > within Microsoft Windows 32-bit executables > > > enabling it to detect unknown virus infections. > > > > > > > > > - Support for compressed RTF and HTML in > > > Microsoft Outlook messages > > > > > > The engine can now detect virus infections > > > within compressed data in Microsoft Outlook > > > and Exchange e-mail messages. > > > > > > > > > - Support for Outlook Express e-mail files > > > > > > The engine now scans within Outlook Express > > > e-mail message (.EML) files by default. > > > > > > > > > - Support for Script Component Type Libraries > > > > > > The engine can now detect virus infections > > > within Script Component Type Libraries > > > (.HTA files). > > > > > > > > > - Support for NTFS streams (Applicable to > > > Windows 2000 and Windows NT only) > > > > > > The command-line scanner can now detect virus > > > infections within NTFS streams in an NTFS file. > > > The colon (:) notation is understood, and > > > a new switch, /STREAMS has been introduced. > > > > > > > > > - Improved performance when scanning Windows 32 applications > > > > > > A new technology has been created for virus > > > analysis within Windows 32 applications written > > > in high-level languages. > > > > > > > > > > > > > > > > > > > > > This E-mail came from the Declude.Virus mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > type "unsubscribe Declude.Virus". You can E-mail > > > [EMAIL PROTECTED] for assistance. You can visit our web > > > site at http://www.declude.com . > > > > > > This E-mail came from the Declude.Virus mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > type "unsubscribe Declude.Virus". You can E-mail > > > [EMAIL PROTECTED] for assistance. You can visit our web > > > site at http://www.declude.com . > > > > > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". You can E-mail > > [EMAIL PROTECTED] for assistance. You can visit our web > > site at http://www.declude.com . > > > > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". You can E-mail > [EMAIL PROTECTED] for assistance. You can visit our web > site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
