It sounds like this virus is double-zipping files, and that this technique is tricking the virus scanners. Is that correct?
If so, BANZIPEXTS, which will by default ban double-zips in addition to other banned extensions, is the presumeably best work-around? If not that, then custom filters in Declude?
I'm seeing a fair number of MyDoom.M (F-Prot)/MyDoom.N(McAfee), but no MyDoom.O that the scanners have picked up on. Am I missing something?
Thanks,
Matt
R. Scott Perry wrote:
Maybe even a BANZIPEXT ON (not just e-zip) so that people can get zipped .JPGs but not zipped .exe's
BANZIPEXTS ON is in v1.79. For any file extension that you ban with the BANEXT option, it will then be blocked if it is in a .ZIP file as well.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
