RE: [Declude.Virus] Second scanner
I use AVG as the second scanner and am happy with the results. I like BitDefender as they publish updates on average a dozen or more times per day, but it is more resource costly. John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of David Dodell > Sent: Thursday, November 03, 2005 9:25 PM > To: declude.virus@declude.com > Subject: [Declude.Virus] Second scanner > > After many years of using Virus Standard, I upgraded to Virus Pro to > take advantage of a second scanner. I've scanned the previous > threads on what others like for a second scanner to F-Prot, but can't > seem to find any common thread ... > > So I would appreciate what seems to be the next most popular virus > scanner to run as a secondary scanner to F-Prot? > > David > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Second scanner
After many years of using Virus Standard, I upgraded to Virus Pro to take advantage of a second scanner. I've scanned the previous threads on what others like for a second scanner to F-Prot, but can't seem to find any common thread ... So I would appreciate what seems to be the next most popular virus scanner to run as a secondary scanner to F-Prot? David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ban exe in zip file
See "15. Banning files based on extension in the manual" http://www.declude.com/Version/Manuals/EVA/EVA_2.0.6.asp Note that banning files inside zips is only available in EVA Pro. Darin. - Original Message - From: Schmeits, Roger To: Declude.Virus@declude.com Sent: Thursday, November 03, 2005 5:44 PM Subject: [Declude.Virus] ban exe in zip file In light of the latest Beagle variant how can I ban a zip that has a exe inside a zip file? Thanks. ##Roger SchmeitsSr. Network EngineerClarkson Collegehttp://www.clarksoncollege.edu(402) 552-2542##Disclaimer:The information contained in this e-mail is privileged and confidential and is intended only for the use of the addressee(s) indicated above. Use or disclosure of information e-mailed in error is respectfully prohibited. If you have received this e-mail in error, please contact the sender and immediately delete the original message. Thank you.
[Declude.Virus] ban exe in zip file
In light of the latest Beagle variant how can I ban a zip that has a exe inside a zip file? Thanks. ## Roger Schmeits Sr. Network Engineer Clarkson College http://www.clarksoncollege.edu (402) 552-2542 ## Disclaimer: The information contained in this e-mail is privileged and confidential and is intended only for the use of the addressee(s) indicated above. Use or disclosure of information e-mailed in error is respectfully prohibited. If you have received this e-mail in error, please contact the sender and immediately delete the original message. Thank you.
Re: [Declude.Virus] Update your f-prot definition files now!
Our system shows the first of these new Bagel varients hit us at 6:11 a.m. EST and the last to come through without being blocked by the virus scanner was at 9:12 a.m. The volume was rather heavy. Matt Panda Consulting S.A. Luis Alberto Arango wrote: There is a new virus I received today at 7:33 am (ET)(submitted by one of our customers) and f-prot didn't catch it. With the filename sms_text.zip within it there is a file named 5.exe Zone alarm (my desktop) and f-prot didn't catch it. Bitdefender did with the name Win32.ExplorerHijack F-prot updated definition files a few minutes ago.. Now f-prot catches it and sees it like [EMAIL PROTECTED] If you run f-prot update your definition files.. Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Carter Sent: Martes, 01 de Noviembre de 2005 02:07 p.m. To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Blast of zips coming in I forced a Fprot update when I saw them coming it and yes, it started picking them up as Mitglieder variants - at least those not held for spam reasons. (I run AVAFTERJM) John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, Andrew Sent: Tuesday, November 01, 2005 12:01 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Blast of zips coming in Current F-Prot definitions catch this as a Mitglieder variant, and Trend Micro reports that they are investigating Bagle.AB The zip files contain a non-password protected executable; I've noticed the following names: Loader.exe t_535475.exe Here is an F-Prot report on one catch: C:\Temp\Virus\Bagle.New>d:\f-prot\scanonly *.* Virus scanning report - 1 November 2005 @ 9:49 F-PROT ANTIVIRUS Program version: 3.16b Engine version: 3.16.6 VIRUS SIGNATURE FILES SIGN.DEF created 1 November 2005 SIGN2.DEF created 1 November 2005 MACRO.DEF created 25 October 2005 Search: *.* Action: Report only Files: "Dumb" scan of all files Switches: /ARCHIVE /PACKED /SERVER /REPORT=d:\f-prot\ScanReport.txt /NOBOOT /NOMEM /AI Memory was not scanned. Hard disk boot sectors were not scanned. C:\Temp\Virus\Bagle.New\D939EE224010AEFE9.SMD->Business_dealin g.zip->Loa der.exe is a security risk named W32/Mitglieder.FY Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 3 Infected: 0 Suspicious: 1 Disinfected: 0 Deleted: 0 Renamed: 0 Time: 0:00 ErrorLevel returned by fpcmd is: [8] errorlevel 8 = At least one suspicious object was found. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses] [Email escaneado contra virus] __ [Email scanned for viruses] [Email escaneado contra virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Update your f-prot definition files now!
There is a new virus I received today at 7:33 am (ET)(submitted by one of our customers) and f-prot didn't catch it. With the filename sms_text.zip within it there is a file named 5.exe Zone alarm (my desktop) and f-prot didn't catch it. Bitdefender did with the name Win32.ExplorerHijack F-prot updated definition files a few minutes ago.. Now f-prot catches it and sees it like [EMAIL PROTECTED] If you run f-prot update your definition files.. Luis Arango > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Carter > Sent: Martes, 01 de Noviembre de 2005 02:07 p.m. > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] Blast of zips coming in > > I forced a Fprot update when I saw them coming it and yes, it > started picking them up as Mitglieder variants - at least > those not held for spam reasons. (I run AVAFTERJM) > > John C > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew > Sent: Tuesday, November 01, 2005 12:01 PM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] Blast of zips coming in > > Current F-Prot definitions catch this as a Mitglieder > variant, and Trend Micro reports that they are investigating Bagle.AB > > The zip files contain a non-password protected executable; > I've noticed the following names: > > Loader.exe > t_535475.exe > > Here is an F-Prot report on one catch: > > C:\Temp\Virus\Bagle.New>d:\f-prot\scanonly *.* Virus scanning > report - 1 November 2005 @ 9:49 > > F-PROT ANTIVIRUS > Program version: 3.16b > Engine version: 3.16.6 > > VIRUS SIGNATURE FILES > SIGN.DEF created 1 November 2005 > SIGN2.DEF created 1 November 2005 > MACRO.DEF created 25 October 2005 > > Search: *.* > Action: Report only > Files: "Dumb" scan of all files > Switches: /ARCHIVE /PACKED /SERVER > /REPORT=d:\f-prot\ScanReport.txt /NOBOOT /NOMEM /AI Memory > was not scanned. > Hard disk boot sectors were not scanned. > > C:\Temp\Virus\Bagle.New\D939EE224010AEFE9.SMD->Business_dealin > g.zip->Loa > der.exe is a security risk named W32/Mitglieder.FY > > Results of virus scanning: > > Files: 1 > MBRs: 0 > Boot sectors: 0 > Objects scanned: 3 > Infected: 0 > Suspicious: 1 > Disinfected: 0 > Deleted: 0 > Renamed: 0 > > Time: 0:00 > > ErrorLevel returned by fpcmd is: [8] > errorlevel 8 = At least one suspicious object was found. > > > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > __ > [Email scanned for viruses] > [Email escaneado contra virus] > __ [Email scanned for viruses] [Email escaneado contra virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
