Re: [Declude.Virus] Another Varient??!
- Original Message - From: Jeff Maze [EMAIL PROTECTED] Anyone else see this one yet? Yep, seen lots of them, and all are being detected by McAfee, TrendMicro, F-Prot, BitDefender, and ClamAV. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Another Varient??!
Hmmm.. I'm running the latest defs for F-Prot and it allowed them through.. UGH! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Troy D. Hilton Sent: Monday, July 26, 2004 3:16 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Another Varient??! Yes, I've seen plenty. Their not variants, rather copies of the original. Check this for details: http://vil.nai.com/vil/content/v_127033.htm. Troy D. Hilton SofWerks LLC. [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze Sent: Monday, July 26, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Another Varient??! Looks like it's mutated again.. Just received my second zip file that instead of a domain.com.zip file, it's [EMAIL PROTECTED] file (e.g. [EMAIL PROTECTED]; the file within is [EMAIL PROTECTED]). After the first one, I sent the file to F-Prot for action. Anyone else see this one yet? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. - [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Another Varient??!
Yes, I've seen plenty. Their not variants, rather copies of the original. Check this for details: http://vil.nai.com/vil/content/v_127033.htm. Troy D. Hilton SofWerks LLC. [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze Sent: Monday, July 26, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Another Varient??! Looks like it's mutated again.. Just received my second zip file that instead of a domain.com.zip file, it's [EMAIL PROTECTED] file (e.g. [EMAIL PROTECTED]; the file within is [EMAIL PROTECTED]). After the first one, I sent the file to F-Prot for action. Anyone else see this one yet? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. - [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Another Varient??!
They are still getting through to my users. Even though Anyway to banexten on this one? Something like BANNAME *prudentialrand.com.zip Or BANEXT com.zip It is creating some confusion and I'm not sure if it's a viable virus that is getting through or not. I'd like to stop it regardless. Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Monday, July 26, 2004 3:13 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Another Varient??! - Original Message - From: Jeff Maze [EMAIL PROTECTED] Anyone else see this one yet? Yep, seen lots of them, and all are being detected by McAfee, TrendMicro, F-Prot, BitDefender, and ClamAV. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Another Varient??!
They are still getting through to my users. Even though Anyway to banexten on this one? That all depends on what you are trying to ban: Something like BANNAME *prudentialrand.com.zip That won't work, because BANNAME doesn't use wildcards. BANEXT com.zip That won't work either, because com.zip isn't an extension. It is creating some confusion and I'm not sure if it's a viable virus that is getting through or not. I'd like to stop it regardless. Are your virus definitions up-to-date? I would suggest manually downloading the latest virus definitions (for example, if you only check once a day, you probably won't detect Mydoom.O). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Another Varient??!
Sorry - yes Virus defs are up to date. I have blocked .zip files for now. I think that they are non-viable files that are slipping through, but I need to stop them as all my users want to know what is going on... I will remove the erroneous entries from my config file. Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, July 26, 2004 3:33 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Another Varient??! They are still getting through to my users. Even though Anyway to banexten on this one? That all depends on what you are trying to ban: Something like BANNAME *prudentialrand.com.zip That won't work, because BANNAME doesn't use wildcards. BANEXT com.zip That won't work either, because com.zip isn't an extension. It is creating some confusion and I'm not sure if it's a viable virus that is getting through or not. I'd like to stop it regardless. Are your virus definitions up-to-date? I would suggest manually downloading the latest virus definitions (for example, if you only check once a day, you probably won't detect Mydoom.O). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.