I also filled out the form at FProt's site. Thanks for the defs. When
I open up FProt, though, it says that my defs are up-to-date, even
though I replaced the newest ones with the ones that you sent. I hope
that that message indicates whether we've downloaded the latest - not
whether we are actually using the latest defs.
Colbeck, Andrew wrote:
I don't think the engine version matters, just the pattern file.
I've confirmed that the culprit is this, the most recent sign.def from
05/02/2005 01:32 PM
And yes, I've sent in a support request via their web page; I'd like to
supply them with several samples.
I've also played around with the switch settings and found that there
are no relevant switches that can be used as a workaround (i.e. "/ai"
"/noheur" and "/server" make no difference in the detection or not of
this false-positive).
All of the messages detected either had Office 10 or Office 11 headers
or were replies to messages created with Office 10 or Office 11.
Andrew 8)
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
Sent: Monday, May 02, 2005 1:10 PM
To: [email protected]
Subject: RE: [Declude.Virus] F-Prot and HTML object exploit
Question: Have you all running the latest v3.16b ?
I can't see any appearance of "HTML/ObjData" in the entire current
logfile, but I've still running 3.16a
Markus
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Tolmachoff (Lists)
Sent: Monday, May 02, 2005 7:47 PM
To: [email protected]
Subject: [Declude.Virus] F-Prot and HTML object exploit
It appears that something has updated on F-Prot in the last
hour. Now, a lot of outbound HTML e-mails are being flagged
by F-Prot as having the HTML object exploit. Running the file
on www.virustotal.com shows clean.
Any one else seeing problems?
For now, as I am at a client, I have turned off F-Prot
scanning relying on AVG.
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses.]
---
[This E-mail was scanned for viruses.]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
