I just had a email slip by my IMail server to my PC with the Inor.D in a .zip (with a .exe inside)
Both are running latest .C version of F-Prot.
What could I have in my virus.cfg that allowed this? I still have the .zip if anyone wants it.
The first question is why it was not caught by F-Prot. The second is why it was not caught by other options (banning .ZIP files, etc.).
My guess is that it was not caught by F-Prot because it is a trojan, which can't spread on its own. That means that if you open it, it will not spread to other computers. It's a bad program, but not one that would normally be considered a virus (so some scanners may block it while others will not).
As for why it was not blocked as an .exe within a .zip, that all depends on your settings -- if you use "BANEXT ZIP" or both "BANEXT EXE" and "BANZIPEXTS" with the latest interim, it should get caught (if you are using the Standard/Pro version, depending on which technique you are using).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
