The BANZIPEXTS and BANEZIPEXTS just tell it to ban files inside the zip file if they match on of the BANEXT extensions. Therefore it will not catch encrypted zip files unless it has a file with any of those extensions in it. If you want to catch ALL encrypted Zip files you need to add BANEXT EZIP to your list.
Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Donn Bly Sent: Monday, March 22, 2004 4:10 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] [EMAIL PROTECTED] got past declude & fprot I'm running Declude 1.78i27 I'm running FProt 3.14e I just had a customer send me an email that they received that was questionable, and Norton on my desktop caught it as [EMAIL PROTECTED] -- which has been out for a couple of weeks. Since this is an encrypted EXE inside of a zip file, it doesn't suprise me that FProt didn't catch it (actually, according to the log it gave an errorlevel 8), but I thought I had it banned by declude. I have the following in my virus.cfg. BANEXT ocx BANEXT scr BANEXT bat BANEXT vbs BANEXT dll BANEXT pif BANEXT wsh BANEXT cmd BANEXT nws BANEXT exe BANZIPEXTS OFF BANEZIPEXTS ON The idea was that I will let anything go through in a standard zip, but not as a stand-alone file or encrypted in an archive. Where did I screw up? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
