Scott, Thanks for the information. I'm using BANEZIPEXTS and BANZIPEXTS in my configuration already with i25 and it is working well. I was curious why the other AV scanners weren't picking this variant up and which one it was. Now I know. I must have been catching these previously with great new BANEZIPEXTS and BANZIPEXTS feature of Declude.
Thanks for adding the RAR protection to Declude, by the way. Bill ---------- Original Message ---------------------------------- From: "R. Scott Perry" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Tue, 16 Mar 2004 17:07:53 -0500 > >>I'm running F-Prot, McAfee, and AVG. Only McAfee is picking this up. Has >>anyone else noticed this as well? >> >>Declude Virus v1.78i25 caught the the W32/Bagle.gen!pwdzip virus in Info.zip > >According to McAfee's website, that's Bagle.K (although I don't know why >they don't simply identify it as Bagle.K). As far as I know, that's always >in an encrypted .ZIP file, which should be blocked with the latest interim >( http://www.declude.com/interim ), and a "BANEXT EZIP" line in your >\IMail\Declude\virus.cfg file. > >My guess is that McAfee found that there are only a small amount of >possible ways that the file is dynamically encrypted, which would let them >catch some/most/all of them. > >--- >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > >--- >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". The archives can be found >at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
