I switched from i5 to i8 6 hours ago. Until now I can see two empty vir
directories. Before I've had one undeleted vir directory per month. (5000 to
7000 msgs / day)
What is in those files?
Have you checked the Declude Virus log file to see the log file entries for
those E-mails?
Scott,
I believe it is only with the new encrypted (password) zip files. I saw in
my log (when running i8) that my Scanners were picking up and detecting normal zip's,
normal pifs, normal scr. etc. of all virus flavors (if there is such thing as normal).
I believe I wouldn't see (as
I also forwarded the original message to your email addresswith .zip
attached.
Thanks, Andy
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 03, 2004 7:51 AM
Subject: Re: [Declude.Virus] New interim Declude Virus Pro to block
I also forwarded the original message to your email addresswith .zip
attached.
No, no, NO.
NEVER send a virus or any file that you think may be malicious to ANY
E-mail address that is not expecting it.
We have one and only one E-mail address that viruses or suspicious files
may be sent to
. Scott Perry
Sent: Wed 3/3/2004 9:01 AM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: [Declude.Virus] New interim Declude Virus Pro to block bogus
.bat, .com, .pif, and .scr files
For whatever reason, any password laid virus zip files
PROTECTED]
Cc:
Subject: Re: [Declude.Virus] New interim Declude Virus Pro to block bogus
.bat, .com, .pif, and .scr files
I'll second that. Running 1.78i8, with BANZIPEXTS and BANEZIPEXTS ON,
the
encoded zip eicar test passes through
Title: New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files
hi scott,
i know, that right now it is more important to fight this new virii, but i might have a small problem with 1.78i8.
i am using 1.78i8 (with BANZIPEXTS ON and BANEZIPEXTS ON and no BANEXT EZIP)
03/03/2004 10:19:17 Qa313025b008ed2a1 Invalid COM Vulnerability
03/03/2004 10:19:17 Qa313025b008ed2a1 File(s) are INFECTED [:
W32/[EMAIL PROTECTED]: 3]
does this mean that the COM Vulnerability and the virus was discovered?
Correct. v1.78i9 fixes this, so that the Invalid COM Vulnerability
.
Keith
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, March 03, 2004 10:16 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] New interim Declude Virus Pro to block
bogus .bat, .com, .pif, and .scr files
I am
to block
bogus .bat, .com, .pif, and .scr files
Here's a thought.
Since this is working in some cases and not in others, maybe there is a
syntax bug.
I have the following:
BANEZIPEXTStabON
BANEXTtabEXE
BANEXTtabCOM
etc.
What if someone had spaces, multiple spaces or multiple tabs? How about
Matt,
Is yours working with the TAB, I'll try anything?
Keith
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Wednesday, March 03, 2004 11:31 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] New interim Declude Virus Pro to block
Again, it is vital that people be very clear in their posts. I'm very
close to turning this into a moderated list until this all blows over.
Scott, I can certainly sympathize with what you are going through there.
You do an OUTSTANDING job for us and I rank Declude as #1 in my book in all
Here's a thought.
Since this is working in some cases and not in others, maybe there is a
syntax bug.
I have the following:
BANEZIPEXTStabON
BANEXTtabEXE
BANEXTtabCOM
etc.
What if someone had spaces, multiple spaces or multiple tabs? How about
a space or tab following one of the lines?
thanks,
Andy
- Original Message -
From: John Carter [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 03, 2004 11:37 AM
Subject: RE: [Declude.Virus] New interim Declude Virus Pro to block bogus
.bat, .com, .pif, and .scr files
Virustrap at the declude.com domain - Scott
on 3/3/04 12:13 PM, ISPhuset Nordic AS wrote:
could you please post the link here
http://www.declude.com/interim/
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail
Declude Virus Pro to block bogus
.bat, .com, .pif, and .scr files
Here's a thought.
Since this is working in some cases and not in others, maybe there is a
syntax bug.
I have the following:
BANEZIPEXTStabON
BANEXTtabEXE
BANEXTtabCOM
etc.
What if someone had spaces, multiple spaces
We now have a new interim release 1.78i8 of Declude Virus Pro at
http://www.declude.com/interim that will look for invalid .bat, .com, .pif,
and .scr files, and will treat them as vulnerabilities. It is expected
that this will cut down significantly on the impact of future viruses in
the time
Scott,
Can I have a million dollars???
:)
R. Scott Perry wrote:
We now have a new interim release 1.78i8 of Declude Virus Pro at
http://www.declude.com/interim that will look for invalid .bat, .com,
.pif, and .scr files, and will treat them as vulnerabilities. It is
expected that this
Title: RE: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files
If we are already blocking those extensions, how would that help?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent
If we are already blocking those extensions, how would that help?
If you are already blocking .bat, .com, .pif, and .scr files, the new
interim release won't help.
However, if you are not blocking all those files (most of our customers are
not), it will help.
It can also be used if you want
20 matches
Mail list logo
