R. Scott Perry wrote:
>> None are catching this. I just updated all the AV definitions and
>> emialed me the same virus that arrived this morning..
>
> This new one -- ("Dear user of your_domain.com e-mail server
> gateway...") likely is not going to get caught by any virus scanners.
> The only
> information that an AV program has about an encrypted .ZIP file is the
> filename, the size, and the CRC (a "fingerprint" of the file). This
> virus (Bagle.J) make the filename, size, and CRC random, so it will
> be nearly impossible for an AV program to detect it.
Running McAfee WebShield 4.5 MR1a on a mailrelay before my mailserver
(with Declude)
with with Scan engine version 4.3.20 DAT version 4.3.4332 and it's
detecting W32/[EMAIL PROTECTED]
Erminio
---
[This E-mail has been scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
