Scott: I guess considering the concept is forging does not apply to blocking the zip files we should STOP sending banned extension notifications.
True? Regards, Kami -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, March 03, 2004 9:05 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Update- New virus >None are catching this. I just updated all the AV definitions and >emialed me the same virus that arrived this morning.. This new one -- ("Dear user of your_domain.com e-mail server gateway...") likely is not going to get caught by any virus scanners. The only information that an AV program has about an encrypted .ZIP file is the filename, the size, and the CRC (a "fingerprint" of the file). This virus (Bagle.J) make the filename, size, and CRC random, so it will be nearly impossible for an AV program to detect it. We are now recommending that people block encrypted .ZIP files. You can do this by addding a line "BANEXT EZIP" in the \IMail\Declude\virus.cfg file if you are using the latest interim release at http://www.declude.com/interim . -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
