Hi,
I have a bounced mail from my postmaster account
trying to warn someone about the W32/[EMAIL PROTECTED] virus they sent.
1) Is this a verry new virus? Neither f-prot,
Sophos nor Symantec even heard of it but the f-prot partner site http://www.authentium.com/has heard
of it, but that's
I have a bounced mail from my postmaster account trying to warn someone
about the mailto:W32/[EMAIL PROTECTED]W32/[EMAIL PROTECTED] virus they sent.
1) Is this a verry new virus? Neither f-prot, Sophos nor Symantec even
heard of it but the f-prot partner site
http://www.gordano.co.uk/kb.htm?q=2297talks
about virus definitions from 28 July 2004 and Mabuto, so it can't be a new one
from today.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bonno
BloksmaSent: Monday, August 09, 2004 12:23 PMTo:
[EMAIL
2) Is this a forging virus we need to add to the list? If so, does
Declude allready have it in his forging virus list?
It appears to be a forging virus, although we do not have
enough information yet to determine that for certain (we
have, however, added it to the forging virus database
I've seen several
JS/IllWill messages in the past 20 minutes on our system
Looking at http://vil.nai.com/vil/content/v_99242.htmit's
an old virus (2001) and I can't remember another one in the
past.
But now I can see
them comming from all different IP-Adresses.
Mailfrom looks like
real
Yep, I've seen a bunch of them this morning, as
well. Here, only McAfee and BitDefender are currently catching it. I
have reported the virus to ClamAV, F-Prot, and TrendMicro.
Bill
- Original Message -
From:
Markus Gufler
To: [EMAIL PROTECTED]
Sent: Monday, August
Interesting in that the virus listed
spreads by visiting a website.
What is it you are catching?
In the last hour or so I have been
getting a lot of banned zip-exe files where the D file is only about 10kb. I
sent one to virustrap for diagnosis.
John Tolmachoff
I've been using this Trendmicro feed since 2001: (I think they were the
first to have it)
http://www.trendmicro.com/syndication/vinfo/default.asp
They also had a code to install their free online virus scanner on your
pages and a World map to track virus activity:
We're seeing it too.
McAfee on desktop catching as a "trojan". AVG and F-Prot not
catching it yet.
Declude not stopping, either.
newprice.zip is the attachment name.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Markus
GuflerSent: Monday, August 09, 2004 11:23 AMTo:
Declude is indeed stopping it if
configured correctly. That is how I am stopping them.
BANZIPEXTS
BANEXT EXE
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert
Problem is, I want to get "good" zipped
exe's.
Oh well. Until the AV programs start catching it, I've made our
e-mail less useful by blocking any zips with exe's in
them.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)Sent: Monday, August 09, 2004
We just received a strange zip file with the files as follows
price/price.exe
price.html
price.html installs the .exe
Our scanners didn't pick up anything strange.. but there is no way I would
open it.
I sent it to virustrap, Scott could you take a look.
Regards
Luis Arangoo
__
[Email
Here is what I instruct my clients and
users: (SAFETY FIRST)
This policy is in place for the
security and safety of our clients. If you need help or have questions or
comments regarding this policy, please contact us at [EMAIL PROTECTED]
PLEASE NOTE! Due to the increase
of virus
We just received a strange zip file with the files as follows
price/price.exe
price.html
This is a new virus; apparently, no AV companies are detecting it yet. You
can use BANNAME price.exe and similar lines to block it (or BANEXT EXE
and BANZIPEXTS ON with Declude Virus Pro).
I have received two suspicious emails this morning with the attachment of
newprice.zip. Obviously neither AVG on my desktop nor FProt on the server
have flagged it as a virus. But since I know neither of the senders it
looks like a virus.
Anyone know anything about it.
Chuck Schick
Warp 8,
Thanks a lot.. useful
Luis
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Alvaro Dioni
Sent: Monday, August 09, 2004 12:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Useful antivirus feed from Symantec
I've been using
F-Prot just updated, catches it as HTML/[EMAIL PROTECTED], ClamAV as
Trojan.JS.RunMe.
Fritz
Frederick P. Squib, Jr.
Network Operations/Mail Administrator
Citizens Telephone Company of Kecksburg
http://www.wpa.net
() ascii ribbon campaign - against html mail
/\- against
Scott:
Just a suggestion for Declude Virus Manual and sample virus config file
Could you add a section that explains how the following work
BANZIPEXTS
BANEZIPEXTS
As far as I have seen the only way to learn how it works is by reading the
release notes and the list.
New users and old ones will
Want to know what less useful really means, try being like us with
only Declude AV Standard. We can't ban certain extensions in zip files.
Plus we can only use one scanner with Standard so we constantly get bit
having to wait until the AV companies update their signatures.
John Olden - Systems
They usually update the manual when a released version is out and that has
not happened in a long time. I am guessing they are working on a better
manual and releasing something before too long.
Grant
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Thanks I just did.. Luis
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Monday, August 09, 2004 1:15 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] strange zip file
We just received a strange zip file
I also suggest to dedicate some lines to the BANNAME option as well.
Luis Arango
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango
Sent: Monday, August 09, 2004 1:41 PM
To: [EMAIL PROTECTED]
Have also received price.zip and price_08.zip. I've ended up blocking all
zip files until defs are update (not running Declude Pro).
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Monday, August 09, 2004 1:15 PM
To: [EMAIL
FYI:
Getting over 200 in the past 30 minutes
Different file names
new__price.zip
new_price.zip
price_new.zip
price__new.zip
price.zip
newprice.zip
08_price.zip
price_08.zip
price2.zip
Luis Arango
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On
I too run standard, and it's true that I think banned extensions within zips
would be a very nice feature. But since it's like this, I live with it.
What you should do is keep checking these lists for things such as this new
virus. When you see someone say they found a suspicious file, ask them
Is there a way to skip bannotify.eml for some attachments, such as skipping
for the file names of the new virus?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
Hi:
As far as I can tell, it's been discovered by McAfee for a few hours (as
usually is the case, when I see these exchanges on this list)!
08/09/2004 13:30:51 Qb4c66687008ebd6f Scanner 1: Virus= the W32/Bagle.aq!zip
Attachment=price2.zip [17] O
08/09/2004 13:30:51 Qb4c66687008ebd6f
It appears as though frisk is calling it
Virus Name: : HTML/[EMAIL PROTECTED]
On Monday, August 9, 2004 1:16 PM, Andy Schmidt [EMAIL PROTECTED] wrote:
Hi:
As far as I can tell, it's been discovered by McAfee for a few hours (as
usually is the case, when I see these exchanges on this list)!
John,
How about:
SKIPIFVIRUSNAMEHAS Klez (from example in manual)
David Franco-Rocha
Declude Technical Support
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, August 09, 2004 3:12 PM
Subject: [Declude.Virus] Variable to skip
I believe John was asking about attachments, not viruses, which is a very
good question...and something that I don't believe is available.
I would certainly like to do it as well. That way we can avoid notifying
users on banned files that are for know viruses where virus definitions have
not yet
Apparently it's another variant of the ubiquitous Bagle worm.
http://www.eweek.com/article2/0,1759,1633739,00.asp
-M
- Original Message -
From: Bob McGregor
To: [EMAIL PROTECTED]
Sent: Monday, August 09, 2004 3:18 PM
Subject: Re: [Declude.Virus] strange zip file
It appears as though
For us, less useful means the inability to receive .exe's as zipped
attachments, which is how people are used to sending them.
John T. posted a nice set of instructions on how to get around that, but it
requires that your sender know that he / she has to go through a couple of
extra steps in
Not sure if that will work for the banned attached file name, that is why I
am asking.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of David Franco-Rocha
Sent: Monday, August 09, 2004 12:37
33 matches
Mail list logo
