I saw on the NTBugTraq mailing list that its only the exe file that is encrypted and that when viewed it has the extention exe+ and can be missed because of the change in extention. Symantec Corporate Edition 8.1 missed this for me on my laptop with latest definitions. Dave
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Q Jr. Sent: 03 March 2004 20:33 To: Exchange Discussions Subject: Re: BAGEL32.J Varient and ScanMail Engine. That is exactly what I am getting . . . Trend Scanmail and Sophos do not catch it when scanning incoming messages but Trend OfficeScan does catch it. Not sure why mailscanners can't catch password encrypted files but OfficeSacn can. Anyone know . . . ? Otherwise I'm calling Tend. ----- Original Message ----- From: "Pfefferkorn, Pete (pfeffepe)" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Wednesday, March 03, 2004 11:25 AM Subject: RE: BAGEL32.J Varient and ScanMail Engine. > I manually downloaded and updated both the engine as well as the new pattern > that has not been released yet. I guess scanmail cannot scan password > encrypted attachments so back to blocking the Zips. Sophos does not > scan password encrypted either. > > -----Original Message----- > From: Chinnery, Paul [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 03, 2004 1:06 PM > To: Exchange Discussions > Subject: RE: BAGEL32.J Varient and ScanMail Engine. > > Are you sure about the engine? Their sites says 6.810. We got a > couple of > the bagle.j come through. Thankfully, Trend's desktop AV caught them. > > Paul Chinnery > Network Administrator > Mem Med Ctr > > > -----Original Message----- > From: Pfefferkorn, Pete (pfeffepe) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 03, 2004 9:46 AM > To: Exchange Discussions > Subject: BAGEL32.J Varient and ScanMail Engine. > > > > I noticed that Trend has a new engine out there 6.860 and the manual update > does not update to that version. It looks as if the new BAGEL32.J > variant got through on our system and I'm wondering if that engine is > required to catch it? > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: Jupitermedia > Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: Jupitermedia > Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: Jupitermedia > Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
