The sign*.def files have been updated to: 05/02/2005 11:46 PM
Which I'm pretty sure is UTC. However, these still have the false-positive. As of this writing, I've received no reply to my ticket with F-Prot. Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Monday, May 02, 2005 2:03 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] F-Prot and HTML object exploit F-Prot may have pulled the latest defs do to the number of complaints received, which could explain why the app reports that you have the latest version. Bill ----- Original Message ----- From: "Kevin Rogers" <[EMAIL PROTECTED]> To: <Declude.Virus@declude.com> Sent: Monday, May 02, 2005 1:54 PM Subject: Re: [Declude.Virus] F-Prot and HTML object exploit > I also filled out the form at FProt's site. Thanks for the defs. > When I open up FProt, though, it says that my defs are up-to-date, > even though I replaced the newest ones with the ones that you sent. I > hope that that message indicates whether we've downloaded the latest - > not whether we are actually using the latest defs. > > > > Colbeck, Andrew wrote: > > >I don't think the engine version matters, just the pattern file. > > > >I've confirmed that the culprit is this, the most recent sign.def > >from > > > >05/02/2005 01:32 PM > > > >And yes, I've sent in a support request via their web page; I'd like > >to supply them with several samples. > > > >I've also played around with the switch settings and found that there > >are no relevant switches that can be used as a workaround (i.e. "/ai" > >"/noheur" and "/server" make no difference in the detection or not of > >this false-positive). > > > >All of the messages detected either had Office 10 or Office 11 > >headers or were replies to messages created with Office 10 or Office > >11. > > > >Andrew 8) > > > >-----Original Message----- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler > >Sent: Monday, May 02, 2005 1:10 PM > >To: Declude.Virus@declude.com > >Subject: RE: [Declude.Virus] F-Prot and HTML object exploit > > > > > >Question: Have you all running the latest v3.16b ? > > > >I can't see any appearance of "HTML/ObjData" in the entire current > >logfile, but I've still running 3.16a > > > >Markus > > > > > > > > > >>-----Original Message----- > >>From: [EMAIL PROTECTED] > >>[mailto:[EMAIL PROTECTED] On Behalf Of John > >>Tolmachoff (Lists) > >>Sent: Monday, May 02, 2005 7:47 PM > >>To: Declude.Virus@declude.com > >>Subject: [Declude.Virus] F-Prot and HTML object exploit > >> > >>It appears that something has updated on F-Prot in the last hour. > >>Now, a lot of outbound HTML e-mails are being flagged by F-Prot as > >>having the HTML object exploit. Running the file on > >>www.virustotal.com shows clean. > >> > >>Any one else seeing problems? > >> > >>For now, as I am at a client, I have turned off F-Prot scanning > >>relying on AVG. > >> > >>John T > >>eServices For You > >> > >> > >> > >>--- > >>This E-mail came from the Declude.Virus mailing list. To > >>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >>type "unsubscribe Declude.Virus". The archives can be found > >>at http://www.mail-archive.com. > >> > >> > >> > > > >--- > >This E-mail came from the Declude.Virus mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.Virus". The archives can be found > >at http://www.mail-archive.com. > >--- > >This E-mail came from the Declude.Virus mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.Virus". The archives can be found > >at http://www.mail-archive.com. > >--- > >[This E-mail was scanned for viruses.] > > > > > > > > > > > > --- > [This E-mail was scanned for viruses.] > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.