> The odd thing on this was I had to add the "/MIME" flag to
> the scanner command line in order for my systems to start
> catching these.
Hmm, I've added it now too for the Mcafee engine. Let's see how does it have
an effect on cpu usage...
Markus
---
[This E-mail was scanned for viruses by
The odd thing on this was I had to add the "/MIME" flag to the scanner
command line in order for my systems to start catching these.
Darrell
Greg Little writes:
For McAfee users it should be caught as Bagle.BN or .DLDR
starting with this AM (4436)
4437 was just release with improved detect
For McAfee users it should be caught as Bagle.BN or .DLDR
starting with this AM (4436)
4437 was just release with improved detection.
Greg
---
[This E-mail scanned for viruses by Findlay Internet]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail c
I have noticed that all my "Postmaster" email report wrong reverse
information...
ie:
71.16.13.50 = uslec-71.16.13.50.cust.uslec.net
---EMAIL INFORMATION -
Local Queue name: Dd17d09f500448495.SMD
Local Server Time: 01 Mar 2005 15:33:04
Declude Scanner
http://secunia.com/virus_information/15815/bagle.be/
http://secunia.com/virus_information/
Secunia is calling it a Medium
It looks new enough that the AV vendors may not be protecting yet.
Blocking by name (detailed above) may be the only fast solution.
Greg
Markus Gufler wrote:
Seems there is some
F-Prot was catching some price...zips
Mcafee caught one at 6:30
But then this appears:
03/01/2005 09:09:30 Q8599093a02820e36 MIME file: price.zip [base64;
Length=15789 Checksum=2053241]
03/01/2005 09:09:30 Q8599093a02820e36 Banning .ZIP file with exe extension.
03/01/2005 09:09:33 Q8599093a02820e3
I am seeing it detected as "Bagle.BL" by F-Prot. It is not being detected
by Mcafee right now.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitorin
Had some caught with Declude Spam before it hit the virus scanners.
Tyler
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
Sent: Tuesday, March 01, 2005 10:25 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] New virus new__price.zip
> Seems there is something going on, please check your virus logs.
>
> ...
There are comming in a lot of messages (SMD-file has a filesize of 23 kByte)
containing zip-files like
BANNAME new__price.zip
BANNAME price_new.zip
BANNAME price.zip
BANNAME price2.zip
F-Prot or Mcafee is already catchi
Worm.Win32.Bagle.AL
price.zip
price2.zip
price_new.zip
price_08.zip
08_price.zip
newprice.zip
new_price.zip
new__price.zip
Michael Jaworski
Puget Sound Network, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
Sent: Tuesday, March 01
Seems there is something going on, please check your virus logs.
...
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubsc
11 matches
Mail list logo