Re: [Declude.Virus] MS05-16 Exploit

2005-06-01 Thread Darin Cox
, 2005 8:42 PM Subject: RE: [Declude.Virus] MS05-16 Exploit Putting in 2 new drives was the easy part. Recreating 43 websites in IIS because the backup drive on the backup server departed for parts unknown the week before and proceeded with the tape drive (Onstream) finally giving out a month

RE: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread John Tolmachoff \(Lists\)
Since I am pressed for time and am presently unable to completely digest what the vulnerability is and how to stop it, how can we configure our Declude installs to protect/find/stop these messages? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

Re: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread Matt
This is the one that Andy pointed out: Microsoft Windows Shell Remote Code Execution Vulnerability http://www.securityfocus.com/bid/13132/discussion/ Microsoft Windows is prone to a vulnerability that may allow remote attackers to execute code through the Windows Shell. The cause of the

RE: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread Dave Marchette
Good point. What version of Declude introduced the 'BANCSLID ON' feature? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Tuesday, May 31, 2005 2:21 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] MS05-16 Exploit

RE: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread Colbeck, Andrew
Title: Message Declude Virus will *not* detect abuse of MS05-16 with the Declude CLSID vulnerability detector. They are entirely different animals, which happen to have CLSID at their heart. The only way to attack MS05-16 abuse with Declude Virus is with a) keep your virus scanner up to

Re: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread NIck Hayer
Title: Message Hi Andy, Colbeck, Andrew wrote: Declude Virus will *not* detect abuse of MS05-16 with the Declude CLSID vulnerability detector. They are entirely different animals, which happen to have CLSID at their heart. You are sure up to date with this stuff!

RE: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread Dave Marchette
Title: Message Perhaps a new feature in Declude that can be implemented during an outbreak(before the slow AV guys create defs)which reverses the logic of the BAN module,making it an ALLOW module. For instance, ban all extensions except those specifically allowed-this creates its own

RE: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread John Tolmachoff \(Lists\)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, May 31, 2005 2:42 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] MS05-16 Exploit Ok, John, get back to fixing that mirrored drive set

Re: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread Darrell \([EMAIL PROTECTED])
a mass-mailing virus. Declude defaults to BANCSLID ON which may or may not protect from such an attack. Some CSLID calls are entire valid and normal for Outlook/Office generated E-mails, and I'm not totally sure Plus the other question is does Declude look for the CSLID calls in files in