As a followup to this, in my virus.cfg I have BANEXT EZIP. Shouldn't this have caught the password-protected .rar file? Declude passed the message to SmarterMail without holding it. I'm running Declude 4.3.46.
-------- Original Message -------- > From: "Gary Steiner" <[EMAIL PROTECTED]> > Sent: Wednesday, April 25, 2007 1:31 PM > To: [email protected] > Subject: new virus with .rar attachment > > I started getting some messages today that were picked up as spam, but were > not being identified as viruses. They looked suspicious, having subject > lines of > > Virus Activity Detected! > Spyware Alert! > > It containes a .gif message that tells the user to open the .rar file and run > the patch there to protect them from the virus/spyware. > > I ran it on www.virustotal.com, and the only scanner that picked it up was > McAfee, and it identified it as "W32/[EMAIL PROTECTED]". > > http://vil.nai.com/vil/content/v_142094.htm > > Since this a password protected .rar file, should we now be blocking these? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
