My servers are sending out the ban notify messages on the cpl and hta extensions, I use Fprot, shouldnt it be caught as a virus and respect the SKIPIFVIRUSNAMEHAS Beagle? (or bagle)
I am seeing ALOT of these over the past few hours Rick Davidson National Systems Manager North American Title Group - ----- Original Message ----- From: "John Olden" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 27, 2004 12:58 PM Subject: Re: [Declude.Virus] .CPL file blocked > Above and beyond the ones just listed, we also block these: Of course > these are specific to our company only. > > BANEXT ad > BANEXT adb > BANEXT adp > BANEXT asd > BANEXT asp > BANEXT cab > BANEXT ceo > BANEXT chm > BANEXT crt > BANEXT data > BANEXT dbx > BANEXT dll > BANEXT hlp > BANEXT inf > BANEXT ins > BANEXT isp > BANEXT js > BANEXT jse > BANEXT lnk > BANEXT link > BANEXT mch > BANEXT mde > BANEXT mdx > BANEXT msc > BANEXT nch > BANEXT nws > BANEXT pcd > BANEXT php > BANEXT pl > BANEXT pi > BANEXT ocx > BANEXT ods > BANEXT shb > BANEXT shs > BANEXT sht > BANEXT SWF > BANEXT sys > BANEXT unk > BANEXT url > BANEXT uue > BANEXT vbx > BANEXT vsd > BANEXT vst > BANEXT vss > BANEXT vsw > BANEXT wab > BANEXT ws > BANEXT xml > > John Olden - Systems Administrator > Champaign Park District > > > ----- Original Message ----- > From: "Bill" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, April 27, 2004 11:18 AM > Subject: RE: [Declude.Virus] .CPL file blocked > > > > Is this the list that everyone else is using? > > > > BANEXT BAS > > BANEXT BAT > > BANEXT CMD > > BANEXT COM > > BANEXT CPL > > BANEXT HTA > > BANEXT EXE > > BANEXT MSI > > BANEXT MSP > > BANEXT MST > > BANEXT PIF > > BANEXT REG > > BANEXT SCR > > BANEXT SCT > > BANEXT VB > > BANEXT VBE > > BANEXT VBS > > BANEXT WSC > > BANEXT WSF > > BANEXT WSH > > BANEXT EZIP > > > > BANZIPEXTS ON > > BANEZIPEXTS ON > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Greg Little > > Sent: Tuesday, April 27, 2004 9:17 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.Virus] .CPL file blocked > > > > > > Reminder > > If your not yet blocking CPL, your over due. > > (Also HTA, VBS, exe, scr and com) > > > > Greg > > > > > > >From http://vil.nai.com/vil/content/v_122415.htm > > > > > > > > > > > > Attachment: May be one of the follwing: > > > > * Script dropper - using one of the following file extensions: > > > > > > * HTA > > > > * VBS > > > > * Password-protected ZIP archive (detected as > > W32/Bagle.gen!pwdzip) > > > > * Executable, using one of the following file extensions: > > > > > > * exe > > > > * scr > > > > * com > > > > * cpl > > > > * Executable dropper, CPL file with .CPL file extension. > > > > The executable uses the following icon: > > > > > > > > The CPL file uses the following icon: > > > > > > > > > > Don Hickey wrote: > > > > > > Here ya go - New Description > > > > > > > > http://us.mcafee.com/virusInfo/default.asp?id=description > > > <http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=12241 > > 5> &virus_k=122415 > > > > > > > > Don > > > > > > > > > > > > > > > > > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
