Well, if you're already banning zip files entirely, there's no purpose in my suggestion *today*.
However, I would posit that you'll change that policy at some point, and then this suggestion may be useful to you. Bad guys certainly recycle their techniques, so there's no telling how long this ban would be useful. I'm guessing that we'll see a few more iterations of this technique, and given that antivirus patterns always lag the actual viruses... I'm keeping this entry in my virus.cfg file. I hope that helps, Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Stillwell Sent: Tuesday, February 22, 2005 12:20 PM To: [email protected] Subject: Re: [Declude.Virus] Yet another MyDoom in the wild soo.... I should remove my ZIP that I already ban.. ----- Original Message ----- From: "Colbeck, Andrew" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, February 22, 2005 3:02 PM Subject: [Declude.Virus] Yet another MyDoom in the wild For the writeup from TrendMicro, see http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYD OOM.BE And for a practical tip, add to your virus.cfg: BANNAME example.com.zip Where example.com is of course replaced by your own Internet domain(s). Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com --- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
