So if you put F-Prot into /SERVER mode, what exactly will it report on, and what code will it report (6 or 8)? And something else; did they reverse some words here?
"Those heuristics will for example complain about encrypted executable files within archives"
Maybe this is an advance? Maybe it combines too many things under one result code and isn't useful since Declude already gives us some capabilities here? If anyone tests this stuff out, please share.
Matt
Adrian Titei wrote:
I thought that these notes for the last 2 releases of F-Prot would be interesting. Here you go, fresh from F-Prot tech Support:
Cheers, Adrian
--- snip ---
MAJOR ENHANCEMENTS
------------------
Version 3.14d changes some defaults
The default of the /ARCHIVE switch is now to scan only "one level deep" into
archives, that is archives within archives will not be scanned. The default
behavior can be changed with /ARCHIVE=n, where "n" is the desired scanning
depth, for example /ARCHIVE=3 will scan archives within archives within
archives.
The reason for this change is to prevent the scanner from taking unacceptably
long to scan so-called "zip bombs", some of which use ove 40 levels of
archives, or include tens of thousands of archives nested within each other.
The /SERVER switch is a new addition. It will put F-PROT in mail server
mode, enabling some heuristics which are only enabled by default in the mail
server versions (Linux and others) and the fpcmd program (Windows command-line
version of F-PROT). Those heuristics will for example complain about
encrypted executable files within archives.
Changes in version 3.14e
Version 3.14e includes only some minor changes
We had to make a minor engine change to detect some replicants of the
Bagle.P virus.
When the /SERVER or /PARANOID switches are used, F-PROT will alert on
encrypted files in ZIP archives in more cases than previously.
Scanning of Access databases has been speeded up significantly.
The total number of viruses and Trojans that are detected with version
3.14e is somewhere over 112300.
--- snip --- --- [This E-mail scanned for viruses by Declude Virus]
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
