Hi, Just as the last few times, this one was being caught by McAfee right from the start. (It had been proactively detected for the last 10 weeks or so.) I don't understand how other its gotten past Declude for other customers?
Every occurrence I've seen came from "admin@" the user's domain and it always through the secondary MX! McAfee initially detected it as (starting around noon Eastern time): 08/01/2003 12:37:57 Q97643bbb00a2acc7 Warning: file#=309 (0000309c.js ... ) 08/01/2003 12:37:57 Q97643bbb00a2acc7 Scanner 1: Virus= the Exploit-CodeBase trojan !!! Attachment=[Unknown: Err] [10] I 08/01/2003 12:37:57 Q97643bbb00a2acc7 File(s) are INFECTED [ the Exploit-CodeBase trojan !!!: 13] 08/01/2003 12:37:57 Q97643bbb00a2acc7 Scanned: CONTAINS A VIRUS [MIME: 2 18174] 08/01/2003 12:37:57 Q97643bbb00a2acc7 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] 08/01/2003 12:37:57 Q97643bbb00a2acc7 Subject: your account uzdueive With the hourly update at 3:00 PM it started to be classified as: 08/01/2003 15:05:20 Qb9ee18b1008e98b2 Scanner 1: Virus= the W32/[EMAIL PROTECTED] virus !!! Attachment=message.zip [10] I 08/01/2003 15:05:20 Qb9ee18b1008e98b2 File(s) are INFECTED [ the W32/[EMAIL PROTECTED] virus !!!: 13] 08/01/2003 15:05:20 Qb9ee18b1008e98b2 Scanned: CONTAINS A VIRUS [MIME: 2 20318] 08/01/2003 15:05:20 Qb9ee18b1008e98b2 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] 08/01/2003 15:05:20 Qb9ee18b1008e98b2 Subject: your account vrkvbveb Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
