I was trying to test the latest interim and when I tried to send myself a
copy of the virus, NAV outbound scanning caught it even though it was
passworded. I tried to unzip it to make sure and it does require a password.
I didn't think they could detect it like that...
Is this a NAV E-mail
Plain old NAV 2003 on my Win XP workstation that scans e-mail - sorry for
not being specific. BUT the weird thing is there was no e-mail with a PW.
I had saved the file from one that had gotten through and attached it to a
e-mail with the only the word test in the body of the e-mail. I don't even
Plain old NAV 2003 on my Win XP workstation that scans e-mail - sorry for
not being specific. BUT the weird thing is there was no e-mail with a PW.
I had saved the file from one that had gotten through and attached it to a
e-mail with the only the word test in the body of the e-mail. I don't
If you want I can send it to you, it isn't important but I found it curious.
All I know is it is a virus, it is reported as beagle.j by NAV, it is in a
passworded .Zip file, there in nothing but the word test in the body of
the e-mail and it is caught by the e-mail scanning as it goes out.
how would you ban encrypted zips...
signed
Confused (aka Bennie)
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 04, 2004 6:22 PM
Subject: Re: [Declude.Virus] Bagle.J / news.com article on AV software
opening zipped files.
I'm currently using: BANEXT EZIP, becuase BANEZIP ON does not work for me.
I'm running the latest intrum version of Declude w/ F-Prot. I have a
Standard Declude license. Does BANEZIP ON only work for the Pro version of
Declude? If yes, I guess I should just continue to use BANEXT EZIP ?
(Such a
Scott, posted this last week:
With the latest interim release, you can use:
BANEXT EZIP - This line will ban all .ZIP files with an
encrypted file in them
BANZIPEXTS ON - This line (Pro version only) will ban all file extensions
listed in BANEXT lines, if they appear in
I just had a client ask me to turn off all virus notifications, and the
message that they sent back was for Swen.A.
Date: 03/07/2004 17:37:53
Subject: Abort Notice
Host: cybermatsa.com.mx [148.233.93.6]
Attachment: enqofe.exe
Virus: W32/[EMAIL PROTECTED]
Is it possible that this isn't in
Why not test the encrypted password protected ECAIR virus from Scott's
test virus sender?
BTW, Beagle.J appears to come with a fixed number of variations, and a
combination filter in JunkMail would take 5 minutes to work up which
should catch this 100% of the time.
