Info on Bagle virus that has no cream cheese.. just rotten butter.
Turns out that the ZIP file format that all of these beasties are > using is a little bit non-standard. Specifically they are all version > 1.0 zip archives and the first (and only) component is not > compressed. > At MIT we are matching these two strings to recognize the infected ZIP > files while letting most (actually I have seen no false positives) if > not all "real" ZIP files. We are matching them anywhere within an > attachment (well, within the first 16K). However you really only need > to see if they are the beginning characters (this is a ZIP file > header). > What follows are the base64 encoded strings. I have put an asterisk > between the first and second character, so my own filters won't reject > this message, do remove that before using... > U*EsDBAoAAAAAA <= Matches unencrypted ZIP file > U*EsDBAoAAQAAA <= Matches encrypted version. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, March 03, 2004 5:37 PM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] New virus Bagle.J can't be caught by some standard virus scanners >How do you check to see what version you are running? I just updated to the >latest interim release, but can't fine where it says which version I'm >running of declude Please ask Declude questions on the Declude lists. You can type "\IMail\Declude" from a command prompt to see which version you are running. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
