subject:"RE\: \[Declude.Virus\] EXE in a Zip File"

Re: [Declude.Virus] EXE in a Zip File

2005-06-03 Thread Greg Little





It's a game of "catch me if you can".

Mytob has been change frequently (often several times per day) and then
sent (seeded) to 000's of addresses, before the AV companies have a
chance to react.
(I've been getting a few reports each week on these.)
It makes for about a 1 day window on many of these.
For details see
http://vil.nai.com/vil/content/v_134084.htm

Your AV program should be catching this one soon.
(McAfee calls it W32/[EMAIL PROTECTED] . DAT
4506, due out in the next couple of hours, should stop it.)

While I expect some good Declude blocking suggestion based on Subject
line, File name, Sender, etc. the next version of this pest is as much
a target and it's hard to guess what that will look like.

Greg Little


Kevin Shimwell wrote:

  
  Message
  
  Good
morning
  
  Im
getting alot of calls from yesterday on customers getting and attached
zip. with and exe file
  X-Virus-Scan-Result:
Repaired 5542 [EMAIL PROTECTED].
  Subject:
Your Email Account is Suspended For Security Reasons
  WHat
do I need to do to stop this?
  I
saw this once time before.
  Im running declude virus with Fprot as the
scanner.
  
  
  Kevin Shimwell
  





---
[This E-mail scanned for viruses by Findlay Internet]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] EXE in a Zip File

2005-06-03 Thread Patrick Childers

Title: Message



We block .exe's and zips containing exe's. Check out 
item #15 (Banning files based on 
extension) in the Declude Virus Manual at http://www.declude.com/Articles.asp?ID=117. 
You must be running the "Standard" or "Pro" version of Declude 
Virus.

HTH,
~Patrick

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Kevin 
  ShimwellSent: Friday, June 03, 2005 9:18 AMTo: 
  Declude.Virus@declude.comSubject: [Declude.Virus] EXE in a Zip 
  File
  
  Good 
  morning
  
  Im getting alot of 
  calls from yesterday on customers getting and attached zip. with and exe 
  file
  X-Virus-Scan-Result: Repaired 5542 [EMAIL PROTECTED].
  Subject: Your 
  Email Account is Suspended For Security Reasons
  WHat do I need to 
  do to stop this?
  I saw this once 
  time before.Im running declude virus with Fprot as the 
  scanner.

RE: [Declude.Virus] EXE in a Zip File

2005-06-03 Thread Kevin Shimwell

Title: Message



I also 
block exe,
But 
how do you do that for exe contained in zips?


Kevin ShimwellLink Brokers Group, 
LLC ( Support )1600 Hwy 17 SouthNorth Myrtle Beach, SC 
29582Phone: 843-663-1004Fax: 843-663-1007Email: 
[EMAIL PROTECTED]24/7Help :http://www.linkbrokers.com/help_ticket.cfmSupport Forum:http://www.linkbrokers.com/chatboard/index.cfm?CFB=1Support M-F 1-888-546-5631 

This message is intended only for the use of the individual or entity towhich 
it is addressed and may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If the reader of this message is 
not the intended recipient or the employee or agent responsible for delivering 
the message to the intended recipient, you are hereby notified that any 
dissemination, distribution or copying of this communication is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by telephone and/or e-mail.

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
  Behalf Of Patrick ChildersSent: Friday, June 03, 2005 11:07 
  AMTo: Declude.Virus@declude.comSubject: RE: 
  [Declude.Virus] EXE in a Zip File
  We block .exe's and zips containing exe's. Check 
  out item #15 (Banning files 
  based on extension) in the Declude Virus Manual at http://www.declude.com/Articles.asp?ID=117. 
  You must be running the "Standard" or "Pro" version of Declude 
  Virus.
  
  HTH,
  ~Patrick
  


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin 
ShimwellSent: Friday, June 03, 2005 9:18 AMTo: 
Declude.Virus@declude.comSubject: [Declude.Virus] EXE in a Zip 
File

Good 
morning

Im getting alot 
of calls from yesterday on customers getting and attached zip. with and exe 
file
X-Virus-Scan-Result: Repaired 5542 [EMAIL PROTECTED].
Subject: Your 
Email Account is Suspended For Security Reasons
WHat do I need 
to do to stop this?
I saw this once 
time before.Im running declude virus with Fprot as the 
scanner.

RE: [Declude.Virus] EXE in a Zip File

2005-06-03 Thread Patrick Childers

Title: Message



From the 4th paragraph of section 15 (of the link I 
posted):

"If you wish the banned file 
extensions to apply to files with .ZIP files, you can add a line "BANZIPEXTS ON" 
to your \{MAILSERVER}\Declude\virus.cfg file. For example, if you have a 
line "BANEXT EXE" and "BANZIPEXTS ON", then .EXE files within .ZIP files will be 
blocked. You can also use BANEZIPEXTS ON to do the same thing, but only applying 
to encrypted .ZIP files."

~Patrick

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Kevin 
  ShimwellSent: Friday, June 03, 2005 11:31 AMTo: 
  Declude.Virus@declude.comSubject: RE: [Declude.Virus] EXE in a Zip 
  File
  
  I 
  also block exe,
  But 
  how do you do that for exe contained in zips?
  
  
  Kevin ShimwellLink Brokers Group, 
  LLC ( Support )1600 Hwy 17 SouthNorth Myrtle Beach, SC 
  29582Phone: 843-663-1004Fax: 843-663-1007Email: 
  [EMAIL PROTECTED]24/7Help :http://www.linkbrokers.com/help_ticket.cfmSupport Forum:http://www.linkbrokers.com/chatboard/index.cfm?CFB=1Support M-F 1-888-546-5631 
  
  This message is intended only for the use of the individual or entity 
  towhich it is addressed and may contain information that is privileged, 
  confidential and exempt from disclosure under applicable law. If the reader of 
  this message is not the intended recipient or the employee or agent 
  responsible for delivering the message to the intended recipient, you are 
  hereby notified that any dissemination, distribution or copying of this 
  communication is strictly prohibited. If you have received this communication 
  in error, please notify us immediately by telephone and/or e-mail.
  

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Patrick ChildersSent: Friday, June 03, 2005 
11:07 AMTo: Declude.Virus@declude.comSubject: RE: 
[Declude.Virus] EXE in a Zip File
We block .exe's and zips containing exe's. Check 
out item #15 (Banning files 
based on extension) in the Declude Virus Manual at http://www.declude.com/Articles.asp?ID=117. 
You must be running the "Standard" or "Pro" version of Declude 
Virus.

HTH,
~Patrick

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Kevin 
  ShimwellSent: Friday, June 03, 2005 9:18 AMTo: 
  Declude.Virus@declude.comSubject: [Declude.Virus] EXE in a Zip 
  File
  
  Good 
  morning
  
  Im getting 
  alot of calls from yesterday on customers getting and attached zip. with 
  and exe file
  X-Virus-Scan-Result: Repaired 5542 [EMAIL PROTECTED].
  Subject: Your 
  Email Account is Suspended For Security Reasons
  WHat do I need 
  to do to stop this?
  I saw this 
  once time before.Im running declude virus with Fprot as the 
  scanner.

Re: [Declude.Virus] EXE in a Zip File

RE: [Declude.Virus] EXE in a Zip File

RE: [Declude.Virus] EXE in a Zip File

RE: [Declude.Virus] EXE in a Zip File

4 matches

Site Navigation

Mail list logo

Footer information