Is the command FORGINGVIRUS still used? It doesn't seem to be mentioned in the new manuals on the Declude web site, or in the knowledgebase either.
My main question is how does FORGINGVIRUS work? Is it looking for any string within the virus name? For example, will the statement FORGINGVIRUS Stration pick up both "Worm.Stration.YY" and "I-Worm.Stration" as matches? Also, how is FORGINGVIRUS different from SKIPIFVIRUSNAME? Do you need to have both statements in the virus.cfg or is that redundant? Thanks, Gary -------- Original Message -------- > From: "Colbeck, Andrew" <[EMAIL PROTECTED]> > Sent: Friday, October 27, 2006 3:56 PM > To: declude.virus@declude.com > Subject: RE: [Declude.Virus] AUTOFORGE > > I suggested adding STRATION a week or more ago. > > Likewise, the string > > WAREZOV > > should be added to the AUTOFORGE database (or your own virus.cfg e.g. > FORGINGVIRUS WAREZOV). There have been many interations of this virus, > and according to F-Secure, the creators are still pumping out new > versions. > > Andrew. > > > > _____ > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Andy Schmidt > Sent: Friday, October 27, 2006 6:03 AM > To: 'Declude Virus List' > Subject: [Declude.Virus] AUTOFORGE > > > Hi, > > is this still being actively maintained? > > If so, > > W32/Stration.dldr > > should be added as forging. Based on bounces that I'm seeing > (from inbound-only mailboxes on our domain) it is forging the sender. > > Best Regards > Andy Schmidt > > Phone: +1 201 934-3414 x20 (Business) > Fax: +1 201 934-9206 > > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
