RE: [Declude.Virus] Virus Feebs variant warning
This is still the most significant limit in declude.eva's extensions banning. As long as we can't specify different BANEXTS for direct attachments and in-archive-attachments many of us can't enable BANZIPEXTS. Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto ArangoSent: Thursday, January 26, 2006 3:24 AMTo: Declude.Virus@declude.comSubject: RE: [Declude.Virus] Virus Feebs variant warning I thought about it but the the thing is that if I use Banzipexts it will check and ban all the extensions banned by Banext -hta is banext already-. Then I might be catching lots of emails that my legit users are sending in zip files like a .exe file. Nevertheless I am still considering that optoin Luis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)Sent: Miércoles, 25 de Enero de 2006 08:34 p.m.To: Declude.Virus@declude.comSubject: RE: [Declude.Virus] Virus Feebs variant warning Why not catch it with less resources via banning hta files and BANZIPEXTS and BANEZIPEXTS? John T eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto ArangoSent: Wednesday, January 25, 2006 4:56 PMTo: Declude.Virus@declude.comSubject: [Declude.Virus] Virus Feebs variant warning I just got a message from a gmail account (forged)With a data.zip attached. It has a hta file inside. subject: Secure MailThe body saysID: 46271Password: zgbvndwdxMessage is attached.Sincerely,Protected Mail System,Gmail.comUsing virustotal.com it is only catched by very few companies.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.25.2006 no virus found Avast 4.6.695.0 01.25.2006 no virus found AVG 718 01.25.2006 Worm/Feebs Avira 6.33.0.77 01.25.2006 no virus found BitDefender 7.2 01.26.2006 no virus found CAT-QuickHeal 8.00 01.25.2006 no virus found ClamAV devel-20051123 01.26.2006 no virus found DrWeb 4.33 01.25.2006 Win32.HLLM.Graz eTrust-InoculateIT 23.71.60 01.25.2006 no virus found eTrust-Vet 12.4.2056 01.25.2006 Win32/Feeb!ZIP Ewido 3.5 01.25.2006 no virus found Fortinet 2.54.0.0 01.26.2006 JS/Feebs.fam-mm F-Prot 3.16c 01.25.2006 no virus found Ikarus 0.2.59.0 01.25.2006 no virus found Kaspersky 4.0.2.24 01.25.2006 Worm.Win32.Feebs.gen McAfee 4682 01.25.2006 no virus found NOD32v2 1.1380 01.25.2006 JS/TrojanDownloader.Tivso.gen Norman 5.70.10 01.25.2006 JS/[EMAIL PROTECTED] Panda 9.0.0.4 01.25.2006
RE: [Declude.Virus] Virus Feebs variant warning
I thought about it but the the thing is that if I use Banzipexts it will check and ban all the extensions banned by Banext -hta is banext already-. Then I might be catching lots of emails that my legit users are sending in zip files like a .exe file. Nevertheless I am still considering that optoin Luis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)Sent: Miércoles, 25 de Enero de 2006 08:34 p.m.To: Declude.Virus@declude.comSubject: RE: [Declude.Virus] Virus Feebs variant warning Why not catch it with less resources via banning hta files and BANZIPEXTS and BANEZIPEXTS? John T eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto ArangoSent: Wednesday, January 25, 2006 4:56 PMTo: Declude.Virus@declude.comSubject: [Declude.Virus] Virus Feebs variant warning I just got a message from a gmail account (forged)With a data.zip attached. It has a hta file inside. subject: Secure MailThe body saysID: 46271Password: zgbvndwdxMessage is attached.Sincerely,Protected Mail System,Gmail.comUsing virustotal.com it is only catched by very few companies.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.25.2006 no virus found Avast 4.6.695.0 01.25.2006 no virus found AVG 718 01.25.2006 Worm/Feebs Avira 6.33.0.77 01.25.2006 no virus found BitDefender 7.2 01.26.2006 no virus found CAT-QuickHeal 8.00 01.25.2006 no virus found ClamAV devel-20051123 01.26.2006 no virus found DrWeb 4.33 01.25.2006 Win32.HLLM.Graz eTrust-InoculateIT 23.71.60 01.25.2006 no virus found eTrust-Vet 12.4.2056 01.25.2006 Win32/Feeb!ZIP Ewido 3.5 01.25.2006 no virus found Fortinet 2.54.0.0 01.26.2006 JS/Feebs.fam-mm F-Prot 3.16c 01.25.2006 no virus found Ikarus 0.2.59.0 01.25.2006 no virus found Kaspersky 4.0.2.24 01.25.2006 Worm.Win32.Feebs.gen McAfee 4682 01.25.2006 no virus found NOD32v2 1.1380 01.25.2006 JS/TrojanDownloader.Tivso.gen Norman 5.70.10 01.25.2006 JS/[EMAIL PROTECTED] Panda 9.0.0.4 01.25.2006 no virus found Sophos 4.01.0 01.25.2006 no virus found Symantec 8.0 01.26.2006 W32.Feebs TheHacker 5.9.3.081 01.26.2006 no virus found UNA 1.83 01.25.2006 no virus found VBA32 3.10.5 01.25.2006 no virus found F-prot, Mcaffe, ClamAV are not catching it. meanwhile I am banning it via the body of the email. Catching "Protected Mail System"
RE: [Declude.Virus] Virus Feebs variant warning
Why not catch it with less resources via banning hta files and BANZIPEXTS and BANEZIPEXTS? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Wednesday, January 25, 2006 4:56 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Virus Feebs variant warning I just got a message from a gmail account (forged) With a data.zip attached. It has a hta file inside. subject: Secure Mail The body says ID: 46271 Password: zgbvndwdx Message is attached. Sincerely, Protected Mail System, Gmail.com Using virustotal.com it is only catched by very few companies. This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.25.2006 no virus found Avast 4.6.695.0 01.25.2006 no virus found AVG 718 01.25.2006 Worm/Feebs Avira 6.33.0.77 01.25.2006 no virus found BitDefender 7.2 01.26.2006 no virus found CAT-QuickHeal 8.00 01.25.2006 no virus found ClamAV devel-20051123 01.26.2006 no virus found DrWeb 4.33 01.25.2006 Win32.HLLM.Graz eTrust-InoculateIT 23.71.60 01.25.2006 no virus found eTrust-Vet 12.4.2056 01.25.2006 Win32/Feeb!ZIP Ewido 3.5 01.25.2006 no virus found Fortinet 2.54.0.0 01.26.2006 JS/Feebs.fam-mm F-Prot 3.16c 01.25.2006 no virus found Ikarus 0.2.59.0 01.25.2006 no virus found Kaspersky 4.0.2.24 01.25.2006 Worm.Win32.Feebs.gen McAfee 4682 01.25.2006 no virus found NOD32v2 1.1380 01.25.2006 JS/TrojanDownloader.Tivso.gen Norman 5.70.10 01.25.2006 JS/[EMAIL PROTECTED] Panda 9.0.0.4 01.25.2006 no virus found Sophos 4.01.0 01.25.2006 no virus found Symantec 8.0 01.26.2006 W32.Feebs TheHacker 5.9.3.081 01.26.2006 no virus found UNA 1.83 01.25.2006 no virus found VBA32 3.10.5 01.25.2006 no virus found F-prot, Mcaffe, ClamAV are not catching it. meanwhile I am banning it via the body of the email. Catching "Protected Mail System"
[Declude.Virus] Virus Feebs variant warning
I just got a message from a gmail account (forged)With a data.zip attached. It has a hta file inside. subject: Secure MailThe body saysID: 46271Password: zgbvndwdxMessage is attached.Sincerely,Protected Mail System,Gmail.comUsing virustotal.com it is only catched by very few companies.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.25.2006 no virus found Avast 4.6.695.0 01.25.2006 no virus found AVG 718 01.25.2006 Worm/Feebs Avira 6.33.0.77 01.25.2006 no virus found BitDefender 7.2 01.26.2006 no virus found CAT-QuickHeal 8.00 01.25.2006 no virus found ClamAV devel-20051123 01.26.2006 no virus found DrWeb 4.33 01.25.2006 Win32.HLLM.Graz eTrust-InoculateIT 23.71.60 01.25.2006 no virus found eTrust-Vet 12.4.2056 01.25.2006 Win32/Feeb!ZIP Ewido 3.5 01.25.2006 no virus found Fortinet 2.54.0.0 01.26.2006 JS/Feebs.fam-mm F-Prot 3.16c 01.25.2006 no virus found Ikarus 0.2.59.0 01.25.2006 no virus found Kaspersky 4.0.2.24 01.25.2006 Worm.Win32.Feebs.gen McAfee 4682 01.25.2006 no virus found NOD32v2 1.1380 01.25.2006 JS/TrojanDownloader.Tivso.gen Norman 5.70.10 01.25.2006 JS/[EMAIL PROTECTED] Panda 9.0.0.4 01.25.2006 no virus found Sophos 4.01.0 01.25.2006 no virus found Symantec 8.0 01.26.2006 W32.Feebs TheHacker 5.9.3.081 01.26.2006 no virus found UNA 1.83 01.25.2006 no virus found VBA32 3.10.5 01.25.2006 no virus found F-prot, Mcaffe, ClamAV are not catching it. meanwhile I am banning it via the body of the email. Catching "Protected Mail System"