http://www.f-secure.com/weblog/archives/archive-062006.html#00000909
The writeup is interesting in the follow-on details but the information that Markus posted earlier is more helpful to us in keeping the darn thing out of users' mailboxes. Andrew 8) > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Darrell ([EMAIL PROTECTED]) > Sent: Tuesday, June 27, 2006 12:08 PM > To: declude.virus@declude.com > Subject: Re: [Declude.Virus] New Virus: zipped word doc with > Macro-Virus > > Actually, it is CLAMAV catching it. Not sure about McAfee as > I stop on first virus. F-Prot is def. not catching it though. > > Darrell > > Darrell ([EMAIL PROTECTED]) writes: > > > Mcafee is catching these Trojan.Myno on my systems. > > > > Darrell > > ------------------------------------------- > > Check out http://www.invariantsystems.com for utilities for > Declude, > > Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, > > SURBL/URI integration, MRTG Integration, and Log Parsers. > > > > > > Markus Gufler writes: > > > >> Some of us has noted in the past two hours that messages with an > >> zip-file as attachment has passed our virus filters > >> > >> It's a zip-file containing a MS Word Document named > "my_notebook.doc" > >> > >> Most Virus-Scanners can't catch it. Virustotal has > returned only two > >> scanners with positive results > >> > >> Sophos has found "WM97/Kukudro-A" UNA has found a "Macro Virus" > >> > >> No other AV-Engine has catched the suspicious file. > >> > >> We've added the following lines to our virus.cfg in order > to block as > >> much was we can at the moment. > >> > >> BANNAME prices.zip > >> BANNAME apple_prices.zip > >> BANNAME sony_prices.zip > >> BANNAME hp_prices.zip > >> BANNAME dell_prices.zip > >> BANNAME My_Notebook.doc > >> > >> Regards > >> Markus > >> > >> > >> > >> --- > >> This E-mail came from the Declude.Virus mailing list. To > >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >> type "unsubscribe Declude.Virus". The archives can be found > >> at http://www.mail-archive.com. > >> > > > > ------------------------------------------- > Check out http://www.invariantsystems.com for utilities for > Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow > Queue Monitoring, SURBL/URI integration, MRTG Integration, > and Log Parsers. > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
