RE: [Declude.Virus] Expect new Bagle variants

2005-08-11 Thread Markus Gufler 
> It looks as though the Bagle author is back from his 
> vacation. Today we've detected several new variants (actually 
> old variants which have been repacked) and they are still coming in.


I can see some "unknown virus" detections in the last 24 hours.  

Markus


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: Re[2]: [Declude.Virus] Outlook 'CR' Vulnerability from Thunderbird ???

2005-08-11 Thread Colbeck, Andrew 
David, with your version of Declude Virus, you'd have to turn off all 10
of the CR vulnerability checks at one go.  I'm at the same or similar
version, and that's what I've decided to do.  This directive goes in
your virus.cfg:

BANCRVIRUSESOFF

Andrew 8) 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of David Dodell
> Sent: Thursday, August 11, 2005 10:11 PM
> To: Matt
> Subject: Re[2]: [Declude.Virus] Outlook 'CR' Vulnerability 
> from Thunderbird ???
> 
> Thursday, August 11, 2005, 8:50:32 PM, Matt wrote:
> 
> > With 2.0.6.16, which is available from the Declude site, 
> you can turn 
> > off the Outlook CR Vulnerability.  I have turned off all 
> but a couple 
> > of these because of numerous false positive issues.
> 
> Unfortunately, I'm still at 1.82 due to budget limitations 
> ... our new budget kicks in December, and I'm still debating 
> if I should upgrade Imail and Declude or switch to Smartmail 
> and Declude  (definitely will be staying with Declude 
> virus/spam) ... I thought there was a way to turn off the 
> testing with 1.82 too, but couldn't find it in the control file ??
> 
> > there was ever an exploit spreading actively in the wild, I would 
> > rethink my position.  I believe that Microsoft has long 
> since patched 
> > the flaw, though it can certainly cause parsing issues in virus 
> > scanners that could lead to missing the payloads due to a 
> message that 
> > was improperly formatted.
> 
> My experience is similar, but 99% of the stuff caught has 
> been spam anyway, so I haven't worried about it ... when I 
> realized today it had caught a legitimate email, I was worried.
> 
> Anyone know if there is a way to turn this off in 1.82??
> 
> -
> Internet Dental Forum  www.internetdentalforum.net
> Dentalcast Podcast www.dentalcast.net
> 
> ---
> This E-mail came from the Declude.Virus mailing list.  To 
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
> 
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re[2]: [Declude.Virus] Outlook 'CR' Vulnerability from Thunderbird ???

2005-08-11 Thread David Dodell 
Thursday, August 11, 2005, 8:50:32 PM, Matt wrote:

> With 2.0.6.16, which is available from the Declude site, you can turn
> off the Outlook CR Vulnerability.  I have turned off all but a couple of 
> these because of numerous false positive issues.

Unfortunately, I'm still at 1.82 due to budget limitations ... our new
budget kicks in December, and I'm still debating if I should upgrade
Imail and Declude or switch to Smartmail and Declude  (definitely will
be staying with Declude virus/spam) ... I thought there was a way to
turn off the testing with 1.82 too, but couldn't find it in the
control file ??

> there was ever an exploit spreading actively in the wild, I would
> rethink my position.  I believe that Microsoft has long since patched 
> the flaw, though it can certainly cause parsing issues in virus scanners 
> that could lead to missing the payloads due to a message that was 
> improperly formatted.

My experience is similar, but 99% of the stuff caught has been spam
anyway, so I haven't worried about it ... when I realized today it had
caught a legitimate email, I was worried.

Anyone know if there is a way to turn this off in 1.82??

-
Internet Dental Forum  www.internetdentalforum.net
Dentalcast Podcast www.dentalcast.net

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Outlook 'CR' Vulnerability from Thunderbird ???

2005-08-11 Thread Matt 

David,

With 2.0.6.16, which is available from the Declude site, you can turn 
off the Outlook CR Vulnerability.  I have turned off all but a couple of 
these because of numerous false positive issues.


As far as this message goes, it is almost definitely their antivirus 
scanning product that munged the headers (X-AntiVirus: gadoyanvirus 
0.3), but it could be something else that adds or rewrites headers.  
They certainly look strange to me, and possibly not RCF compliant 
outside of the CR issues.


Thunderbird definitely has no issues with this, nor does almost every 
legitimate E-mail client out there, but people that script E-mail 
generation (especially PHP stuff) or use obscure products seem to have 
issues with this frequently enough that it is not worth the trouble.  If 
there was ever an exploit spreading actively in the wild, I would 
rethink my position.  I believe that Microsoft has long since patched 
the flaw, though it can certainly cause parsing issues in virus scanners 
that could lead to missing the payloads due to a message that was 
improperly formatted.


Matt





David Dodell wrote:


Had email from a company today (Photodex) rejected due to the Outlook
'CR' Vulnerability but from the headers it looks like the email
originated from Thunderbird as the email client ... see headers below
...

Is it time to drop the Outlook vunerbility test??

David

Received: from eman.photodex.com 
[64.132.190.157]
by drdodell.com 
(SMTPD32-8.05) id AB6E1D23028A; Thu, 11 Aug 2005 10:31:26 -0700

Received: (qmail 7712 invoked from network); 11 Aug 2005 17:31:26 -
X-AntiVirus: gadoyanvirus 0.3
Received: from unknown (HELO ?10.10.0.149?) (10.10.0.149
) by eman.vpn.photodex.com  with SMTP; 11 Aug
2005 17:31:26 -

Message-ID: <[EMAIL PROTECTED]>
X-Photodex-Original-Date: Thu, 11 Aug 2005 12:32:11 -0500
From: Photodex Corporation - Chris <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Subject: Re: ProShow Gold Support Request
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 11 Aug 2005 12:31:26 -0500 David,
X-Declude-Sender: [EMAIL PROTECTED] [64.132.190.157
]X-Spam-Tests-Failed: None [0]
X-Country-Chain:
X-Note: This E-mail was sent from ([64.132.190.157 
]).
X-Hello:
X-Declude-Virus: Detected [ Outlook 'CR' Vulnerability].

-
Internet Dental Forum  www.internetdentalforum.net
Dentalcast Podcast www.dentalcast.net

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


 


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Outlook 'CR' Vulnerability from Thunderbird ???

2005-08-11 Thread David Dodell 
Had email from a company today (Photodex) rejected due to the Outlook
'CR' Vulnerability but from the headers it looks like the email
originated from Thunderbird as the email client ... see headers below
...

Is it time to drop the Outlook vunerbility test??

David

Received: from eman.photodex.com 
[64.132.190.157]
by drdodell.com 
(SMTPD32-8.05) id AB6E1D23028A; Thu, 11 Aug 2005 10:31:26 -0700

Received: (qmail 7712 invoked from network); 11 Aug 2005 17:31:26 -
X-AntiVirus: gadoyanvirus 0.3
Received: from unknown (HELO ?10.10.0.149?) (10.10.0.149
) by eman.vpn.photodex.com  with SMTP; 11 Aug
2005 17:31:26 -

Message-ID: <[EMAIL PROTECTED]>
X-Photodex-Original-Date: Thu, 11 Aug 2005 12:32:11 -0500
From: Photodex Corporation - Chris <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Subject: Re: ProShow Gold Support Request
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 11 Aug 2005 12:31:26 -0500 David,
X-Declude-Sender: [EMAIL PROTECTED] [64.132.190.157
]X-Spam-Tests-Failed: None [0]
X-Country-Chain:
X-Note: This E-mail was sent from ([64.132.190.157 
]).
X-Hello:
X-Declude-Virus: Detected [ Outlook 'CR' Vulnerability].

-
Internet Dental Forum  www.internetdentalforum.net
Dentalcast Podcast www.dentalcast.net

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Expect new Bagle variants

2005-08-11 Thread Colbeck, Andrew 
>From the Kaspersky Lab blog at http://www.viruslist.com/en/weblog

Bagle's author back at work

Yury  August 11, 2005 | 17:02  MSK  

It looks as though the Bagle author is back from his vacation. Today
we've detected several new variants (actually old variants which have
been repacked) and they are still coming in.

New malware has been placed on the sites listed in the worms' bodies, so
it maybe that we will see some of these Bagles updating themselves
automatically. We'll keep you posted.



Andrew 8)



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] OT - Server Room Temperature

2005-08-11 Thread Fox, Thomas 



http://www.google.com/search?hl=en&q=recommended+server+room+temperature

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of 
  JeffSent: Thursday, August 11, 2005 9:58 AMTo: 
  Declude.Virus@declude.comSubject: [Declude.Virus] OT - Server Room 
  Temperature
  
  Can someone point me to a source of information 
  regarding what temperature a server room should be at ?
   
  Thank you.
   
   

[Declude.Virus] OT - Server Room Temperature

2005-08-11 Thread Jeff 



Can someone point me to a source of information 
regarding what temperature a server room should be at ?
 
Thank you.