----- Original Message ----- From: "Bill Landry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 21, 2003 9:27 PM Subject: Re: [Declude.Virus] SoBig.E
> Virus scanners will scan inside of compressed and archived files (if > configured to do so), so I don't see how this should be an issue. The > default configurations that Scott has set for the different Declude Virus > supported virus scanners are setup to scan inside of these types of files. > > Did you find a virus (SoBig.E) that was inside a zip file that made it past > Declude Virus? I think the point was that there is a window between a virus existing and definitions being available. In the past we could rest easy knowing viruses couldn't zip themselves so if you ban all the exe's and such then you would protect your users even during that window. Unfortunately now that viruses can zip themselves there is a window of potential for exposure. I get pages from Symantec when nasties come out because I have platinum support. When I hear of a virus that will mail itself as a zip, but there are no defs yet then the action I am going to take is to put all the subject lines and such that it does in a filter so it will be banned by Declude JunkMail with high enough value that it won't bounce, but will be held. Usually www.sarc.com (symantec) is good about documenting them. -Josh --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
