This brings up one additional thought for blocking this sort of virus in the future, would there be anyway to have declude be able to detect that a zip file includes a .scr file inside and block it when you use the :banext scr" option in the virus.cfg file? Is this possible, perhaps in a future release?
Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] ----- Original Message ----- From: "Jim Matuska" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, January 26, 2004 2:33 PM Subject: Re: [Declude.Virus] New, fast-spreading virus: MyDoom > F-Prot just released new Definitions that pick up W32/[EMAIL PROTECTED] as well. > > Jim Matuska Jr. > Computer Tech II > CCNA > Nez Perce Tribe > Information Systems > [EMAIL PROTECTED] > ----- Original Message ----- > From: "Andy Schmidt" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, January 26, 2004 2:06 PM > Subject: RE: [Declude.Virus] New, fast-spreading virus: MyDoom > > > Hi, > > I just got my hourly update - it's now detected by McAfee as: > > w32/[EMAIL PROTECTED] > > > Best Regards > Andy Schmidt > > H&M Systems Software, Inc. > 600 East Crescent Avenue, Suite 203 > Upper Saddle River, NJ 07458-1846 > > Phone: +1 201 934-3414 x20 (Business) > Fax: +1 201 934-9206 > > http://www.HM-Software.com/ > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff > (Lists) > Sent: Monday, January 26, 2004 05:00 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] New, fast-spreading virus > > > This is going to be a bad one. The file I got was fssgf.zip with a fssgf.scr > inside of it. > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > > [EMAIL PROTECTED] On Behalf Of Andy Schmidt > > Sent: Monday, January 26, 2004 1:46 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [Declude.Virus] New, fast-spreading virus > > > > Yep - just gone one. The "readme.zip" contains a "readme.scr" screen > > saver. No doubt a virus. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry > > Sent: Monday, January 26, 2004 04:34 PM > > To: [EMAIL PROTECTED] > > Subject: [Declude.Virus] New, fast-spreading virus > > > > > > FYI, there is a new fast-spreading virus out there, that is too new to > > be caught by AV programs yet. > > > > So far we have seen filenames of "body", "data", "document", "file", > > "glszfj", "message", "readme", "test", "text", "vgsu042a", and > > "vncexdl", with extensions of .pif, .scr, .zip. > > > > It may be a wise idea to temporarily ban .pif and .scr files (and > > possibly .zip as well), if you do not already. You can use "BANEXT > > PIF" and "BANEXT SCR" in the virus.cfg file to do this. > > > > -Scott > > --- > > Declude JunkMail: The advanced anti-spam solution for IMail > > mailservers. Declude Virus: Catches known viruses and is the leader in > > mailserver vulnerability detection. Find out what you've been missing: > > Ask about our free 30-day evaluation. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > > just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > > just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, just > send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.