RE: [Declude.Virus] Swen not tagged as forging?

[John Tolmachoff \(Lists\)]

SWEN is not known to be forging. Every one that I have seen came from the sender that was indeed infected.   John Tolmachoff Engineer/Consultant/Owner eServices For You   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Sunday, March 07, 2004 6:27 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Swen not tagged as forging?   I just had a client ask me to turn off all virus notifications, and the message that they sent back was for Swen.A.        Date: 03/07/2004 17:37:53        Subject: Abort Notice        Host: cybermatsa.com.mx [148.233.93.6]        Attachment: enqofe.exe        Virus: W32/[EMAIL PROTECTED] Is it possible that this isn't in the forging database, or could this have been a failed lookup, or is it possible that this is a bug in the version of Declude Virus that I am running.  I'm on 1.78i14 currently.  I'm thinking that maybe the combination of the 'MIME Header' vulnerability along with the virus being detected might have caused the SKIPIFFORGING to be bypassed: 03/07/2004 17:37:53 Qa43c661500982fd2 MIME file: [text/html][quoted-printable; Length=228 Checksum=17379] 03/07/2004 17:37:53 Qa43c661500982fd2 Outlook 'MIME Header' Vulnerability: type=audio/x-wav, name=enqofe.exe. 03/07/2004 17:37:53 Qa43c661500982fd2 MIME file: enqofe.exe [base64; Length=106496 Checksum=9384207] 03/07/2004 17:37:53 Qa43c661500982fd2 Banning file with EXE extension [audio/x-wav]. 03/07/2004 17:37:53 Qa43c661500982fd2 Scanner 1: Virus=W32/[EMAIL PROTECTED] Attachment=enqofe.exe [1] O 03/07/2004 17:37:53 Qa43c661500982fd2 Scanner 2: Virus=I-Worm/Swen.A Attachment=enqofe.exe [1] O 03/07/2004 17:37:53 Qa43c661500982fd2 File(s) are INFECTED [W32/[EMAIL PROTECTED]: 6] 03/07/2004 17:37:53 Qa43c661500982fd2 Deleting file with virus 03/07/2004 17:37:53 Qa43c661500982fd2 Deleting E-mail with virus! 03/07/2004 17:37:53 Qa43c661500982fd2 Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 2 106748] 03/07/2004 17:37:53 Qa43c661500982fd2 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from 148.233.93.6] 03/07/2004 17:37:53 Qa43c661500982fd2 Subject: Abort Notice Thanks, Matt -- =====================================================MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=====================================================