Confirmed. I commented out # BANEZIPEXTS ON
I left in: BANEXT EZIP And resent myself the virus and it was blocked. Marc -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Ryan Sent: Wednesday, March 03, 2004 11:18 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Passworded zip files still getting through! Scott, I think there may still be a problem with this. Hear me out.... I've been running 1.75 waiting until the next full release. This morning, I downloaded 1.78i8 (and declude.exe -diag verifies this) to try to catch these ezip viruses. My virus.cfg previously had this (along with others BANEXT entries): BANEXT scr BANEXT pif BANEXT vbs BANEXT bat BANEXT CEO BANEXT EXE BANEXT COM BANEXT CMD .... I updated it to this: BANEZIPEXTS ON BANEXT scr BANEXT pif BANEXT vbs BANEXT bat BANEXT CEO BANEXT EXE BANEXT COM BANEXT CMD ..... I sent myself a zip with a password protected .exe in it from a yahoo account. It came through. I then tried your eicarencodedzip file from the web site and it too came through. The virus log shows this entry for the one I sent from yahoo: 03/03/2004 11:06:49 Q029800550082312d Scanned: Virus Free [MIME: 2 147788] And this for the one from your site: 03/03/2004 11:07:51 Q02d7003600222735 Scanned: Virus Free [MIME: 2 983] I then remove the BANEZIPEXTS ON line and replaced it with BANEXT EZIP just so I could stop these things (I know this also now blocks EZIPs with non-BANned extensions inside). It now blocks both attachments I tested earlier and my yahoo account gets my virus.eml message correctly. So I think there IS a problem with BANEZIPEXTS ON *and* extensions that have BANEXT <type> entries. Anything I can do to help diagnose this? Just ask! --Todd. R. Scott Perry wrote: > >> F.Y.I. I am running the latest interim release: 1.78i.8 and have >> >> BANEZIPEXTS ON >> >> In my config file but several people have complained to me that they are >> still getting the zipped files. > > > Please read the information on the list very, very carefully. That is > the expected behavior. BANEZIPEXTS ON will *not* block .ZIP files, it > will not block encrypted .ZIP files. Previous posts cover both this > and the information you must include before we can assist with any > issues related to these new features. > > I apologize for my tone, but there is an incredible amount of work > that needs to be done here, and a high volume of unnecessary posts > that are going to cause people to leave the list that need the good > information from this list. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail > mailservers since 2000. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
