[Declude.Virus] Fprot GDI Scanner lines.

2004-09-25 Thread Mark Smith
Just did some testing with the POC and noticed that Fprot now is adding a new line to the report.txt: e:\imail\test\poc.jpg Contains the exploit named W32/[EMAIL PROTECTED] So I had to add the line: REPORT Contains the exploit named To my virus.cfg file. My complete setup for F-Prot

RE: [Declude.Virus] F-Prot/GDI+ FYI

2004-09-25 Thread Markus Gufler
I expect we'll have a new version on Monday to take care of this (unless some start spreading before then, in which case we would have a new version ready ASAP). Well after reading http://www.heise.de/newsticker/meldung/51459 (german) I think it's time to release something! In short: There

RE: [Declude.Virus] Fprot GDI Scanner lines.

2004-09-25 Thread Mark Smith
Actually this breaks Declude because Declude Virus can't look for multiple REPORT lines. Scott, How can we setup Declude Virus to look for multiple lines in the report.txt file? Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith Sent:

RE: [Declude.Virus] Fprot GDI Scanner lines.

2004-09-25 Thread Markus Gufler
My complete setup for F-Prot is now: SCANFILE c:\progra~1\fsi\f-prot\FPcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /SERVER /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORTInfection: REPORTContains the exploit named

RE: [Declude.Virus] Paypal and Outlook 'Blank Folding' Vulnerability

2004-09-25 Thread John Tolmachoff \(Lists\)
Well, I still see Code Red connection attempts occasionally in my firewall logs. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, September 24, 2004 6:54

Re: [Declude.Virus] Fprot GDI Scanner lines.

2004-09-25 Thread Bill Landry
- Original Message - From: Mark Smith [EMAIL PROTECTED] Actually this breaks Declude because Declude Virus can't look for multiple REPORT lines. Scott, How can we setup Declude Virus to look for multiple lines in the report.txt file? I've been running F-Prot Version 3.15b since

RE: [Declude.Virus] F-Prot/GDI+ FYI

2004-09-25 Thread Mark Smith
In theory we could block links to JPGs in HTML based email but that doesn't help us with people just browsing the Internet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Saturday, September 25, 2004 2:59 AM To: [EMAIL

Re[2]: [Declude.Virus] Fprot GDI Scanner lines.

2004-09-25 Thread Sanford Whiteman
How can we setup Declude Virus to look for multiple lines in the report.txt file? Perhaps two almost-but-not-quite-identical SCANFILE entries with different REPORT entries...? Yes, double the resource utilization. Only a stopgap and not tested yet. --Sandy