|
Why not test the encrypted password protected ECAIR virus from Scott's
test virus sender? BTW, Beagle.J appears to come with a fixed number of variations, and a combination filter in JunkMail would take 5 minutes to work up which should catch this 100% of the time. http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] I think it's impractical to do this for every virus to come, although it is a whole lot easier to do than grabbing a password and then unlocking a file to scan within it. I wouldn't be surprised if some AV companies aren't doing just that, i.e. if the sender is management@, administration@, staff@, noreply@, or support@ and the message contains a password protected zip file, then consider it to be a virus, or just look at the name of the password protected zip file. There are about 10 different patterns with Beagle.J that can be tracked in combination for a positive hit. I would imagine that not all such viruses will have highly reliable patterns, though most will. Matt marc catuogno wrote: If you want I can send it to you, it isn't important but I found it curious. All I know is it is a virus, it is reported as beagle.j by NAV, it is in a passworded .Zip file, there in nothing but the word "test" in the body of the e-mail and it is caught by the e-mail scanning as it goes out.-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Sunday, March 07, 2004 4:30 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] NAV 2003 catches beagleJ in encrypted zip? -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== |
- Re: [Declude.Virus] NAV 2003 catches beagleJ in ... R. Scott Perry
- RE: [Declude.Virus] NAV 2003 catches beagle... marc catuogno
- RE: [Declude.Virus] NAV 2003 catches be... R. Scott Perry
- RE: [Declude.Virus] NAV 2003 catche... marc catuogno
- [Declude.Virus] BANEXT question joe
- Re: [Declude.Virus] BANEXT... Don Hickey
- RE: [Declude.Virus] BANEXT... John Tolmachoff \(Lists\)
- Re: [Declude.Virus] BA... [EMAIL PROTECTED]
- Re: [Declude.Virus] BA... R. Scott Perry
- RE: [Declude.Virus] BA... John Tolmachoff \(Lists\)
- Matt
