[Declude.Virus] sample configs

2004-03-13 Thread Douglas Cohn 
Are there any sample configs around to get some ideas on what works well.

I just setup Declude AV and it worked right out of the box.  Nice feeling.

Thanks for the great product.

Doug

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] Encrypted password

2004-03-13 Thread Douglas Cohn 
I read that there are two products capable of this. Aladdin and Network Box
or something like that.

http://www.ealaddin.com/news/2004/esafe/Bagel_virus.asp  and another
http://www.tmcnet.com/usubmit/2004/Mar/1024780.htm 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Serge
Sent: Saturday, March 13, 2004 12:45 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Encrypted password

not directly relevent to declude
scott had mentioned that certains gateway scanners parse the message body
looking for the password, use that password to open the zip file and scan it
now they can do that anymore it would be intersting to see if these gateway
products will catch this type of message


- Original Message -
From: Kami Razvan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, March 13, 2004 5:15 PM
Subject: RE: [Declude.Virus] Encrypted password


 Hi Serge:

 Could you please elaborate on this?

 I am confused.. The virus is password protected zip file?

 If so then we are covered with

 BANEXT EZIP

 Or is this different?

 Kami

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Serge
 Sent: Saturday, March 13, 2004 12:11 PM
 To: [EMAIL PROTECTED]
 Subject: [Declude.Virus] Encrypted password

 Now they have it in a BMP file so antivirus programs wont be able to find
 it:

 Note:  Use password img src=cid:wjqkastket.bmp; to  open  archive


 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.Virus mailing list.  To unsubscribe,
just
 send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.Virus.The archives can be found
 at http://www.mail-archive.com.

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.Virus mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.Virus.The archives can be found
 at http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus]


---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Bagle.M

2004-03-13 Thread Don Hickey 
Look at the added extension that this variant uses

Also, the attachment has any of the following extensions:
. EXE
. PIF
. RAR
. ZIP

I have seen a couple of these so far as .ZIP files, I guess I will have to
see what happens when I add .rar to the BANEXT temporarily...

Don


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.