Just did some testing with the POC and noticed that Fprot now is adding a
new line to the report.txt:
e:\imail\test\poc.jpg Contains the exploit named W32/[EMAIL PROTECTED]
So I had to add the line:
REPORT Contains the exploit named
To my virus.cfg file.
My complete setup for F-Prot
I expect we'll have a new version on Monday to take care of
this (unless some start spreading before then, in which case
we would have a new version ready ASAP).
Well after reading http://www.heise.de/newsticker/meldung/51459 (german) I
think it's time to release something!
In short:
There
Actually this breaks Declude because Declude Virus can't look for multiple
REPORT lines.
Scott,
How can we setup Declude Virus to look for multiple lines in the report.txt
file?
Mark
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith
Sent:
My complete setup for F-Prot is now:
SCANFILE c:\progra~1\fsi\f-prot\FPcmd.exe /TYPE /SILENT /NOMEM
/ARCHIVE=5 /NOBOOT /DUMB /SERVER /REPORT=report.txt
VIRUSCODE 3
VIRUSCODE 6
VIRUSCODE 8
REPORTInfection:
REPORTContains the exploit named
Well, I still see Code Red connection
attempts occasionally in my firewall logs.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Friday, September 24, 2004 6:54
- Original Message -
From: Mark Smith [EMAIL PROTECTED]
Actually this breaks Declude because Declude Virus can't look for multiple
REPORT lines.
Scott,
How can we setup Declude Virus to look for multiple lines in the
report.txt
file?
I've been running F-Prot Version 3.15b since
In theory we could block links to JPGs in HTML based email but that doesn't
help us with people just browsing the Internet.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
Sent: Saturday, September 25, 2004 2:59 AM
To: [EMAIL
How can we setup Declude Virus to look for multiple lines in the
report.txt file?
Perhaps two almost-but-not-quite-identical SCANFILE entries with
different REPORT entries...?
Yes, double the resource utilization. Only a stopgap and not tested
yet.
--Sandy