What do you want me to do? I still have BANEXT CHM in my virus.cfg, and i successfully block .chm attachments. Here it is not working because of the "encryption" of the filename, as you can see in the mail.
I show you the virus logfile: vir1215.log: 12/15/2004 04:06:29 Qaa3414bd035a6555 MIME file: =?koi8-r?B?UmVjaG51bmcxODc0NTUxNC5j?==?koi8-r?B?aG0=?= [base64; Length=33018 Checksum=3232477] vir1215.log: 12/15/2004 04:06:29 Qaa3414bd035a6555 Scanned: Virus Free [MIME: 2 33569] Hermann > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of William > Stillwell > Sent: Wednesday, December 15, 2004 2:00 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] Blocked Extension getting through > > > BANEXT CHM > > > > ----- Original Message ----- > From: "Hermann Strassner" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, December 15, 2004 4:12 AM > Subject: [Declude.Virus] Blocked Extension getting through > > > > Hello! > > > > I have blocked a few extensions in Declude Virus, e.g. zip, > exe, bat, > > scr, pif, chm and a few others. Normally that workes. > > > > But since a few days some mails (with virus) are getting through. > > They have an attachment like Rechnung18745514.chm, it is > displayed as > > Rechnung18745514.chm in Outlook or other mail clients, but > in virus scan > > or in raw mail format its name is: > > ------------86BA342CB7A4 > > Content-Type: CHEMICAL/X-CS-CHEMDRAW; > > name="=?koi8-r?B?UmVjaG51bmcxODc0NTUxNC5j?= > > =?koi8-r?B?aG0=?=" > > Content-transfer-encoding: base64 > > Content-Disposition: attachment; > > filename="=?koi8-r?B?UmVjaG51bmcxODc0NTUxNC5j?= > > =?koi8-r?B?aG0=?=" > > > > What can i do to block this? This is a new worm yet not > detected from > > virus scanners. This happens often. But this mails are blocked by > > extension filtering. Now they are getting through to the clients. > > > > Hermann > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > --- > > This email has been scanned for possible viruses by Declude > Antivirus. > > For more information on Declude Antivirus, Visit www.declude.com > > > > > > --- > This email has been scanned for possible viruses by Declude Antivirus. > For more information on Declude Antivirus, Visit www.declude.com > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
