At 09:28 AM 3/26/2002, R. Scott Perry wrote:
I had a user's infected PC send a copy of the W32.FBound.gen@mm worm to a mailing list on my Declude-protected IMail 6 server, which then dutifully distributed the worm to everyone on the mailing list, without Declude seeing a thing. I'm running the most recent Declude, F-Prot and F-Prot definitions, and it continues to trap other viruses and worms just fine. Anyone else have this experience with this worm?
Are you running Declude v1.45 or higher? FBound uses illegally formatted MIME segments that some mail clients may be able to decode while others can not. Declude v1.45 will be able to detect these bogus MIME segments, and decode them the same way that those mail clients would, allowing the virus to get caught.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
_______________________
Scott MacLean
[EMAIL PROTECTED]
ICQ: 9184011
http://www.nerosoft.com
