Re: [Declude.Virus] Another new virus

[Matt]

You guys are all pretty funny with your "thankfully" stuff.  Remember, this is all just a collection of opinions.  I have no issues, and haven't for some time. Anyway, I don't bounce messages for any tagged virus so I haven't been having issues with Mytob causing backscatter since Declude doesn't seem to have added that as a forging virus yet.  I figure that over 99% of all viruses are forging viruses and this is really only necessary when you are blocking things that might for instance contain a macro virus in an otherwise legitimate document, and I haven't had issues not bouncing for such things.   Again, that's just my take on things, you guys can do whatever you want :) I also noted that the new Bagle is apparently prone to corruption, and while F-Prot is missing this, McAfee continues to pick it up: 04/15/2005 17:32:52 Q33049a10011849b8 MIME file: [text/html][7bit; Length=51 Checksum=3488] 04/15/2005 17:32:52 Q33049a10011849b8 MIME file: Jokes.zip [base64; Length=19311 Checksum=2484229] 04/15/2005 17:32:52 Q33049a10011849b8 Warning: file#=123456 (123456.EXE ...      ) 04/15/2005 17:32:52 Q33049a10011849b8 Scanner 2: Virus=the W32/[EMAIL PROTECTED] Attachment=[Unknown: Err] [0] I 04/15/2005 17:32:52 Q33049a10011849b8 File(s) are INFECTED [the W32/[EMAIL PROTECTED]: 13] 04/15/2005 17:32:52 Q33049a10011849b8 Deleting file with virus 04/15/2005 17:32:52 Q33049a10011849b8 Deleting E-mail with virus! 04/15/2005 17:32:52 Q33049a10011849b8 Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 2 19428] 04/15/2005 17:32:52 Q33049a10011849b8 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 208.7.179.200] 04/15/2005 17:32:52 Q33049a10011849b8 Subject:  I saw only one zip file from a virus in my Hold range today, but it was a zero byte file with a zip extension.  The pattern that this virus uses results in an automatic hold on my system based on filters designed for zombies (for instance it forges the HELO to match the recipient domain), but most will also fail some DUL or other such tests.  I think Sniffer hit that example if I recall correctly. Matt John Tolmachoff (Lists) wrote: I am getting lots of banned attachment notices and lots of bounces in the last 90 minutes. THANKFULLY, I am blocking zip files which contain executables otherwise these would have all be delivered to users. Any one have an idea of what this one is, it is kind of acting like Bagle. John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================