RE: [Declude.Virus] Virus Feebs variant warning
This is still the most significant limit in declude.eva's
extensions banning. As long as we can't specify different BANEXTS for direct
attachments and in-archive-attachments many of us can't enable
BANZIPEXTS.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting
S.A. Luis Alberto ArangoSent: Thursday, January 26, 2006 3:24
AMTo: Declude.Virus@declude.comSubject: RE:
[Declude.Virus] Virus Feebs variant warning
I thought about it but the the thing is that if I use
Banzipexts it will check and ban all the extensions banned by Banext -hta is
banext already-. Then I might be catching lots of emails that my legit
users are sending in zip files like a .exe file.
Nevertheless I am still considering that
optoin
Luis
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John T
(Lists)Sent: Miércoles, 25 de Enero de 2006 08:34
p.m.To: Declude.Virus@declude.comSubject: RE:
[Declude.Virus] Virus Feebs variant warning
Why
not catch it with less resources via banning hta files and BANZIPEXTS and
BANEZIPEXTS?
John
T
eServices For
You
-Original
Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Panda Consulting
S.A. Luis Alberto ArangoSent: Wednesday, January
25, 2006 4:56
PMTo:
Declude.Virus@declude.comSubject: [Declude.Virus] Virus Feebs
variant warning
I
just got a message from a gmail
account (forged)With a data.zip attached. It has a hta file
inside.
subject: Secure MailThe body
saysID: 46271Password: zgbvndwdxMessage is
attached.Sincerely,Protected Mail
System,Gmail.comUsing virustotal.com it is only catched by very
few companies.This is a report processed by VirusTotal on
01/26/2006 at
01:38:32 (CET)
after scanning the file "data.zip" file.This is a report processed by
VirusTotal on 01/26/2006 at 01:38:32
(CET)
after scanning the file "data.zip"
file.
Antivirus
Version
Update
Result
AntiVir
6.33.0.77
01.25.2006
no
virus found
Avast
4.6.695.0
01.25.2006
no
virus found
AVG
718
01.25.2006
Worm/Feebs
Avira
6.33.0.77
01.25.2006
no
virus found
BitDefender
7.2
01.26.2006
no
virus found
CAT-QuickHeal
8.00
01.25.2006
no
virus found
ClamAV
devel-20051123
01.26.2006
no
virus found
DrWeb
4.33
01.25.2006
Win32.HLLM.Graz
eTrust-InoculateIT
23.71.60
01.25.2006
no
virus found
eTrust-Vet
12.4.2056
01.25.2006
Win32/Feeb!ZIP
Ewido
3.5
01.25.2006
no
virus found
Fortinet
2.54.0.0
01.26.2006
JS/Feebs.fam-mm
F-Prot
3.16c
01.25.2006
no
virus found
Ikarus
0.2.59.0
01.25.2006
no
virus found
Kaspersky
4.0.2.24
01.25.2006
Worm.Win32.Feebs.gen
McAfee
4682
01.25.2006
no
virus found
NOD32v2
1.1380
01.25.2006
JS/TrojanDownloader.Tivso.gen
Norman
5.70.10
01.25.2006
JS/[EMAIL PROTECTED]
Panda
9.0.0.4
01.25.2006
RE: [Declude.Virus] Virus Feebs variant warning
I thought about it but the the thing is that if I use Banzipexts it will check and ban all the extensions banned by Banext -hta is banext already-. Then I might be catching lots of emails that my legit users are sending in zip files like a .exe file. Nevertheless I am still considering that optoin Luis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)Sent: Miércoles, 25 de Enero de 2006 08:34 p.m.To: Declude.Virus@declude.comSubject: RE: [Declude.Virus] Virus Feebs variant warning Why not catch it with less resources via banning hta files and BANZIPEXTS and BANEZIPEXTS? John T eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto ArangoSent: Wednesday, January 25, 2006 4:56 PMTo: Declude.Virus@declude.comSubject: [Declude.Virus] Virus Feebs variant warning I just got a message from a gmail account (forged)With a data.zip attached. It has a hta file inside. subject: Secure MailThe body saysID: 46271Password: zgbvndwdxMessage is attached.Sincerely,Protected Mail System,Gmail.comUsing virustotal.com it is only catched by very few companies.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.25.2006 no virus found Avast 4.6.695.0 01.25.2006 no virus found AVG 718 01.25.2006 Worm/Feebs Avira 6.33.0.77 01.25.2006 no virus found BitDefender 7.2 01.26.2006 no virus found CAT-QuickHeal 8.00 01.25.2006 no virus found ClamAV devel-20051123 01.26.2006 no virus found DrWeb 4.33 01.25.2006 Win32.HLLM.Graz eTrust-InoculateIT 23.71.60 01.25.2006 no virus found eTrust-Vet 12.4.2056 01.25.2006 Win32/Feeb!ZIP Ewido 3.5 01.25.2006 no virus found Fortinet 2.54.0.0 01.26.2006 JS/Feebs.fam-mm F-Prot 3.16c 01.25.2006 no virus found Ikarus 0.2.59.0 01.25.2006 no virus found Kaspersky 4.0.2.24 01.25.2006 Worm.Win32.Feebs.gen McAfee 4682 01.25.2006 no virus found NOD32v2 1.1380 01.25.2006 JS/TrojanDownloader.Tivso.gen Norman 5.70.10 01.25.2006 JS/[EMAIL PROTECTED] Panda 9.0.0.4 01.25.2006 no virus found Sophos 4.01.0 01.25.2006 no virus found Symantec 8.0 01.26.2006 W32.Feebs TheHacker 5.9.3.081 01.26.2006 no virus found UNA 1.83 01.25.2006 no virus found VBA32 3.10.5 01.25.2006 no virus found F-prot, Mcaffe, ClamAV are not catching it. meanwhile I am banning it via the body of the email. Catching "Protected Mail System"
RE: [Declude.Virus] Virus Feebs variant warning
Why not catch it with less resources via banning hta files and BANZIPEXTS and BANEZIPEXTS? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Wednesday, January 25, 2006 4:56 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Virus Feebs variant warning I just got a message from a gmail account (forged) With a data.zip attached. It has a hta file inside. subject: Secure Mail The body says ID: 46271 Password: zgbvndwdx Message is attached. Sincerely, Protected Mail System, Gmail.com Using virustotal.com it is only catched by very few companies. This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.25.2006 no virus found Avast 4.6.695.0 01.25.2006 no virus found AVG 718 01.25.2006 Worm/Feebs Avira 6.33.0.77 01.25.2006 no virus found BitDefender 7.2 01.26.2006 no virus found CAT-QuickHeal 8.00 01.25.2006 no virus found ClamAV devel-20051123 01.26.2006 no virus found DrWeb 4.33 01.25.2006 Win32.HLLM.Graz eTrust-InoculateIT 23.71.60 01.25.2006 no virus found eTrust-Vet 12.4.2056 01.25.2006 Win32/Feeb!ZIP Ewido 3.5 01.25.2006 no virus found Fortinet 2.54.0.0 01.26.2006 JS/Feebs.fam-mm F-Prot 3.16c 01.25.2006 no virus found Ikarus 0.2.59.0 01.25.2006 no virus found Kaspersky 4.0.2.24 01.25.2006 Worm.Win32.Feebs.gen McAfee 4682 01.25.2006 no virus found NOD32v2 1.1380 01.25.2006 JS/TrojanDownloader.Tivso.gen Norman 5.70.10 01.25.2006 JS/[EMAIL PROTECTED] Panda 9.0.0.4 01.25.2006 no virus found Sophos 4.01.0 01.25.2006 no virus found Symantec 8.0 01.26.2006 W32.Feebs TheHacker 5.9.3.081 01.26.2006 no virus found UNA 1.83 01.25.2006 no virus found VBA32 3.10.5 01.25.2006 no virus found F-prot, Mcaffe, ClamAV are not catching it. meanwhile I am banning it via the body of the email. Catching "Protected Mail System"
[Declude.Virus] Virus Feebs variant warning
I just got a message from a gmail account (forged)With a data.zip attached. It has a hta file inside. subject: Secure MailThe body saysID: 46271Password: zgbvndwdxMessage is attached.Sincerely,Protected Mail System,Gmail.comUsing virustotal.com it is only catched by very few companies.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.25.2006 no virus found Avast 4.6.695.0 01.25.2006 no virus found AVG 718 01.25.2006 Worm/Feebs Avira 6.33.0.77 01.25.2006 no virus found BitDefender 7.2 01.26.2006 no virus found CAT-QuickHeal 8.00 01.25.2006 no virus found ClamAV devel-20051123 01.26.2006 no virus found DrWeb 4.33 01.25.2006 Win32.HLLM.Graz eTrust-InoculateIT 23.71.60 01.25.2006 no virus found eTrust-Vet 12.4.2056 01.25.2006 Win32/Feeb!ZIP Ewido 3.5 01.25.2006 no virus found Fortinet 2.54.0.0 01.26.2006 JS/Feebs.fam-mm F-Prot 3.16c 01.25.2006 no virus found Ikarus 0.2.59.0 01.25.2006 no virus found Kaspersky 4.0.2.24 01.25.2006 Worm.Win32.Feebs.gen McAfee 4682 01.25.2006 no virus found NOD32v2 1.1380 01.25.2006 JS/TrojanDownloader.Tivso.gen Norman 5.70.10 01.25.2006 JS/[EMAIL PROTECTED] Panda 9.0.0.4 01.25.2006 no virus found Sophos 4.01.0 01.25.2006 no virus found Symantec 8.0 01.26.2006 W32.Feebs TheHacker 5.9.3.081 01.26.2006 no virus found UNA 1.83 01.25.2006 no virus found VBA32 3.10.5 01.25.2006 no virus found F-prot, Mcaffe, ClamAV are not catching it. meanwhile I am banning it via the body of the email. Catching "Protected Mail System"
