Is it not true that EXEs in zip files are inert until opened by the user? We don't ban EXEs in zips because our users sometimes need to receive EXE files, but we constantly remind them to not open anything that is not verified (content expected from the sender).
What do most admins do about this problem? Todd -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, October 21, 2004 1:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MyDoom.o's slipping through. Why are you not banning executable files within zip files? John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Chris Patterson > Sent: Thursday, October 21, 2004 12:42 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] MyDoom.o's slipping through. > > Thanks, I was not aware of the /ARCHIVE=5. I have adjusted that, here > is my current cfg line: > > C:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 > /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt > > If there is something I am missing, please let me know. > > Thanks, > > Chris Patterson, CCNA > Network Engineer > > > > -----Original Message----- > From: R. Scott Perry [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 21, 2004 3:25 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] MyDoom.o's slipping through. > > > >I have had two reports in the last 2 days about a virus coming through. > > > >The customer forwarded these to me on an Exchange mailbox using Mcaffee > >which identified them as MyDoom.o. Tracing the Logs, they were scanned > >and Deemed Virus Free using Prescan. > > Given that it is in a .ZIP file, and you are using F-Prot, do you have > "/ARCHIVE=5 " in the SCANFILE line in the \IMail\Declude\virus.cfg > file? If it is just "/ARCHIVE ", you should change it to "/ARCHIVE=5 ", > > due to a bug in the latest version of F-Prot. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader in > mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
