This is not about executable formt is is about banning zips and encrypted
zip files.
Kevin Bilbee
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Rick Davidson
> Sent: Monday, November 21, 2005 5:51 PM
> To: Declude.Virus@declude.com
> Subject: Re: [D
I would but my conundrum is that we receive alot of our loan packages in
executable format and the lenders could careless about what I have to say
about that... So I have to temporarily block them then have someone watch
for legit files and release them from quaratine as they come in.
f-prot w
For those of us poor saps who don't have Pro, here's a compiled list from a
couple of sources of zip filenames to ban.
Due to the variation in filenames, it would be useful to have BANNAME allow
some minimal pattern matching. That would have made this list a bit
shorter.
# Added 11/21/2005 to ha
Looks like F-Prot is now catching it as SoberZ
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Rick Davidson
> Sent: Monday, November 21, 2005 12:12 PM
> To: Declude.Virus@declude.com
> Subject: Re: [Declude.Virus] New Viru
If you have Pro version you should be always blocking using "BANZIPEXTS ON"
and "BANEZIPEXTS ON".
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Rick Davidson
> Sent: Monday, November 21, 2005 12:12 PM
> To: Declude.Virus@d
I submit this one for the laugh factor only. Just got one of these
"claiming" to be from [EMAIL PROTECTED] (Center for Disease Control) with a
"download manager" to view Paris Hilton/Nicole Richie videos! Finally the
federal government has got something right -- anything to do with Hilton &
Richie
It is coming in with alot of different zip file names and body names now, I
blocked all zip files and submitted samples
I am really getting hit hard
Rick Davidson
National Systems Manager
North American Title Group
440-639-0607 - Office
951-233-6342 - Mobile
[EMAIL PROTECTED]
-
- Original M
I have only seen a 5 of these with the following subjects.
hi,_ive_a_new_mail_address
hi, ive a new mail address
Paris Hilton & Nicole Richie
and the following attachment
File-packed_dataInfo.exe
I have no idea what the payload is as we delete .exe files before virus
scanning.
All other virus
McAfee is detecting this currently as W32/[EMAIL PROTECTED] F-Prot is still
missing it. My first hit was at 2:08 p.m. EST, just 40 minutes ago and
McAfee seems to have had this one tagged prior to the outbreak starting
since none have slipped through yet.
Matt
Rick Davidson wrote:
heads
I have been seeing a bunch of blocked zip-exe but I have been on the phone
with clients for the last hour and have not had a chance to review it.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Rick Davidson
> Sent: Monday,
heads up folks, I am stopping a new zip virus with the following junkmail
rules, this is all I have seen so far. Contains an exacutable payload called
File-packed_dataInfo.exe
BODY 0 CONTAINS mailtext.zip
BODY 0 CONTAINS downloadm.zip
BODY 0 CONTAINS "mail.zip"
BODY 0 CONTAINS reg_pass-
11 matches
Mail list logo
