RE: [Declude.Virus] JS.Downloader.Trojan
Now this morning, we get a W32.Netsky.P.dam virus via a data.zip file. I've submitted everything to F-Prot, but I'm surprised that it didn't catch these things. UGH! Do I need to change the virus.cfg file since upgrading to v1.81? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze Sent: Tuesday, October 12, 2004 8:33 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] JS.Downloader.Trojan Hello, This got through on two messages.. Since I wasn't checking messages via a Linux box, I can't find the messages that they came through since NIS 2005 automatically deleted the messages.. Any ideas? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] JS.Downloader.Trojan
Now this morning, we get a W32.Netsky.P.dam virus via a data.zip file. I've submitted everything to F-Prot, but I'm surprised that it didn't catch these things. UGH! The .dam means damaged, another term for a corrupt, non-viable variant. Since these are harmless, many AV programs do not detect them (but some -- usually Norton -- do). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] JS.Downloader.Trojan
OK.. Thanks for the info Scott.. I tried to look it up on the Symantec site, but there wasn't any info on it, so I didn't know.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, October 13, 2004 8:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] JS.Downloader.Trojan Now this morning, we get a W32.Netsky.P.dam virus via a data.zip file. I've submitted everything to F-Prot, but I'm surprised that it didn't catch these things. UGH! The .dam means damaged, another term for a corrupt, non-viable variant. Since these are harmless, many AV programs do not detect them (but some -- usually Norton -- do). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] JS.Downloader.Trojan
I have F-prot marking my Thunderbird mail program files as JS.Downloader.Trojan. Symantec Corp 8.0 sees nothing suspicious about the files. Then today F-prot looked in some static Office 2000 files and determined that AGENTANM.DLL AGENTCTL.DLL AGENTDP2.DLL AGENTDPV.DLL AGENTMPX.DLL AGENTPSH.DLL AGENTSR.DLL All had the W32/[EMAIL PROTECTED] Again Symantec claims they are clean and they are flat storage and have not been accessed for over 18 months. I think F-prot is repotrted a little too many false positives lately. I will email them now. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, October 13, 2004 8:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] JS.Downloader.Trojan Now this morning, we get a W32.Netsky.P.dam virus via a data.zip file. I've submitted everything to F-Prot, but I'm surprised that it didn't catch these things. UGH! The .dam means damaged, another term for a corrupt, non-viable variant. Since these are harmless, many AV programs do not detect them (but some -- usually Norton -- do). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Spool Dir
I was wondering what everyone does with the Imail\spool\virus directory. Do you delete all the files regularly? I've got 7000 files in there since I installed Declude (2 weeks ago). --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Spool Dir
I was wondering what everyone does with the Imail\spool\virus directory. Do you delete all the files regularly? I've got 7000 files in there since I installed Declude (2 weeks ago). ICTCleaner (www.zcom.it/decludeupdater/ictcleaner.zip) can be scheduled as daily task to delete all files in the virus folder older then x days. Open the ini-file and set the example line as you need. You can set as many lines as you want if you have also other folder where you want to delete files. Keep in mind that ICTCleaner will automatically process all subfolders. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.