[Declude.Virus] virus or vulnerability

2004-04-19 Thread Bonno Bloksma 
Hi,

Below a log snippet where there was a vulnerability caught. However, in my
e-mail to the postmaster (myself) it is reported as an unkown virus in an
unknown file. How come? Is it because I'm also blocking PIF files?

I'm (still) using Declude 1.87i28 (will upgrade to the latest 1.79interim
later today.
IMail 8.05
Windows 2000 server SP4 with latest patches

[.]
04/19/2004 08:55:45 Q77f00fb601282210 MIME file:
[message/delivery-status][*DEFAULT*; Length=364 Checksum=32100]
04/19/2004 08:55:45 Q77f00fb601282210 Warning: EOF in middle of MIME segment
[shock_text.pif] [--fccedeefdaaafeaceeedafcebdd]
04/19/2004 08:55:45 Q77f00fb601282210 Banning file with pif extension
[application/octet-stream].
04/19/2004 08:55:45 Q77f00fb601282210 WARNING: EOF in multipart processing.
04/19/2004 08:55:45 Q77f00fb601282210 WARNING: EOF in multipart processing.
[]
04/19/2004 08:55:47 Q77f00fb601282210 Invalid PIF Vulnerability
04/19/2004 08:55:47 Q77f00fb601282210 Found a bogus .pif file
04/19/2004 08:55:47 Q77f00fb601282210 File(s) are INFECTED [: 0]
04/19/2004 08:55:47 Q77f00fb601282210 Scanned: CONTAINS A VIRUS [MIME: 4
36544]
04/19/2004 08:55:47 Q77f00fb601282210 From:  To: [EMAIL PROTECTED] [incoming
from 131.174.93.39]
04/19/2004 08:55:47 Q77f00fb601282210 Subject: Undelivered Mail Returned to
Sender

Groetjes,

Bonno Bloksma


- Original Message - 
From: Postmaster [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 19, 2004 8:55 AM
Subject: Declude Virus caught a virus


 Declude Virus v1.78i28 caught the Unknown Virus virus in Unknown File
 from  to:  [EMAIL PROTECTED]

 Date:   04/19/2004 08:55:47
 Subject:Undelivered Mail Returned to Sender
 Spool File: D77f00991013e2200.SMD
 Remote IP:  131.174.93.39

 Headers:
 Received: from jurollo.uci.kun.nl [131.174.93.39] by tio.nl with ESMTP
   (SMTPD32-8.05) id A7F0991013E; Mon, 19 Apr 2004 08:55:44 +0200
 Received: by jurollo.uci.kun.nl (Postfix)
 id CCBD029C03E; Mon, 19 Apr 2004 08:54:45 +0200 (CEST)
 Date: Mon, 19 Apr 2004 08:54:45 +0200 (CEST)
 From: [EMAIL PROTECTED] (Mail Delivery System)
 Subject: Undelivered Mail Returned to Sender
 To: [EMAIL PROTECTED]
 MIME-Version: 1.0
 Content-Type: multipart/report; report-type=delivery-status;
 boundary=C6AE029C043.1082357685/jurollo.uci.kun.nl
 Message-Id: [EMAIL PROTECTED]


 ---
 [This E-mail scanned for viruses by Declude Virus using f-prot and Sophos]



---
[This E-mail scanned for viruses by Declude Virus using f-prot and Sophos]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Virus and vulnerability

2003-01-28 Thread Bonno Bloksma 
Hi,

 Below a report by Declude about a vulnerability and that is found in an
 attachment with an .exe name. I'm pretty sure that exe file is a virus
but
 there is no virus name mentioned in the report by Declude.
[.]
 If a vulnerability is detected, Declude Virus will still send the
 attachment to the virus scanner.  If the virus scanner detects a virus,
 Declude Virus will refer to the virus that was detected rather than the
 vulnerability.

 So if Declude Virus reports a vulnerability, it means that no virus was
 detected by the virus scanner.

Well guess what, Scott, THANK YOU, because a few hours later today after the
virusscanner was updated it turned out this exe file contained a virus
called  W32/Lirva.D@mm. Am I glad Declude is catching those MIME errors as
well. :-)

Groetjes,

Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?

---
[This E-mail scanned for viruses by Declude Virus using f-prot]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.