RE: [Declude.Virus] stration work

[John T \(Lists\)]

Andrew, wouldn’t the second line include the first meaning only the second line is needed?   John T eServices For You   "Seek, and ye shall find!"   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Monday, October 02, 2006 3:49 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] stration work   Those of us still running F-Prot* as a primary virus scanner will want to add one or both of these to their virus.cfg in order to block notifications for detection of the Stration malware:   FORGINGVIRUS W32/Tricky-Malware-based!Maximus FORGINGVIRUS Tricky-Malware-based!   The first is the most explicit, and the second is a fragment that will catch future detections that are based on heuristics.   And in the unlikely event that someone is using Trend Micro OfficeScan or SysClean:   FORGINGVIRUS Possible_Strat-2 FORGINGVIRUS Possible_     Andrew 8)   * The "new" price is unjustifiably high for using fpcmd on a mailserver.  Plan to switch to a different vendor before you renew this licence.     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Monday, October 02, 2006 7:27 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] stration work It looks like the Stration worm is causing backscatter today:   The W32/Stration.dr virus drops the mass mailing worm W32/[EMAIL PROTECTED]. that uses its own SMTP engine to send itself to the email addresses that it harvests on the infected computer. The W32/Stration.dr is written using Microsoft Visual C++ and also contains functionality to connect to a remote web server to download a file.   I've added it as a forging virus FORGINGVIRUS Stration ----------------------------------------------------- Scott Fisher Director of IT Farm Progress Companies 191 S Gary Ave Carol Stream, IL 60188 630-462-2323   This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Although Farm Progress Companies has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments.     --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.