[Declude.Virus] virus or vulnerability
Hi, Below a log snippet where there was a vulnerability caught. However, in my e-mail to the postmaster (myself) it is reported as an unkown virus in an unknown file. How come? Is it because I'm also blocking PIF files? I'm (still) using Declude 1.87i28 (will upgrade to the latest 1.79interim later today. IMail 8.05 Windows 2000 server SP4 with latest patches [.] 04/19/2004 08:55:45 Q77f00fb601282210 MIME file: [message/delivery-status][*DEFAULT*; Length=364 Checksum=32100] 04/19/2004 08:55:45 Q77f00fb601282210 Warning: EOF in middle of MIME segment [shock_text.pif] [--fccedeefdaaafeaceeedafcebdd] 04/19/2004 08:55:45 Q77f00fb601282210 Banning file with pif extension [application/octet-stream]. 04/19/2004 08:55:45 Q77f00fb601282210 WARNING: EOF in multipart processing. 04/19/2004 08:55:45 Q77f00fb601282210 WARNING: EOF in multipart processing. [] 04/19/2004 08:55:47 Q77f00fb601282210 Invalid PIF Vulnerability 04/19/2004 08:55:47 Q77f00fb601282210 Found a bogus .pif file 04/19/2004 08:55:47 Q77f00fb601282210 File(s) are INFECTED [: 0] 04/19/2004 08:55:47 Q77f00fb601282210 Scanned: CONTAINS A VIRUS [MIME: 4 36544] 04/19/2004 08:55:47 Q77f00fb601282210 From: To: [EMAIL PROTECTED] [incoming from 131.174.93.39] 04/19/2004 08:55:47 Q77f00fb601282210 Subject: Undelivered Mail Returned to Sender Groetjes, Bonno Bloksma - Original Message - From: Postmaster [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 19, 2004 8:55 AM Subject: Declude Virus caught a virus Declude Virus v1.78i28 caught the Unknown Virus virus in Unknown File from to: [EMAIL PROTECTED] Date: 04/19/2004 08:55:47 Subject:Undelivered Mail Returned to Sender Spool File: D77f00991013e2200.SMD Remote IP: 131.174.93.39 Headers: Received: from jurollo.uci.kun.nl [131.174.93.39] by tio.nl with ESMTP (SMTPD32-8.05) id A7F0991013E; Mon, 19 Apr 2004 08:55:44 +0200 Received: by jurollo.uci.kun.nl (Postfix) id CCBD029C03E; Mon, 19 Apr 2004 08:54:45 +0200 (CEST) Date: Mon, 19 Apr 2004 08:54:45 +0200 (CEST) From: [EMAIL PROTECTED] (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary=C6AE029C043.1082357685/jurollo.uci.kun.nl Message-Id: [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus using f-prot and Sophos] --- [This E-mail scanned for viruses by Declude Virus using f-prot and Sophos] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Test
Testing, please ignore... begin:vcard fn:Dan Star n:Star;Dan org:Engman-Taylor Co. adr:;;W142 N9351 Fountain Blvd;Menomonee Falls;WI;53051;USA email;internet:[EMAIL PROTECTED] title:Manager of Market Analysis tel;work:262-946-0322 tel;cell:262-853-9564 x-mozilla-html:TRUE version:2.1 end:vcard
RE: [Declude.Virus] Test
Sorry, Pong. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Star Sent: Monday, April 19, 2004 8:35 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Test Testing, please ignore... --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Byte Verify Exploit
Should Declude be catching a ByteVerify exploit? This came through Declude/F-Prot/Trend:: NetShield-4.6.0: The file CACHE1:\ETC\PROXY\CACHE\1B\8FCC389B.AAJ\bb.class was infected with Exploit-ByteVerify . The file was successfully cleaned with Scan engine version 4.2.40 DAT version 4.0.4350. (from DUSD_BM2) http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=100261#indications -- Best regards, David mailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Byte Verify Exploit
Should Declude be catching a ByteVerify exploit? This came through Declude/F-Prot/Trend:: NetShield-4.6.0: The file CACHE1:\ETC\PROXY\CACHE\1B\8FCC389B.AAJ\bb.class was infected with Exploit-ByteVerify . The file was successfully cleaned with Scan engine version 4.2.40 DAT version 4.0.4350. (from DUSD_BM2) http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=100261#indications Is it possible that that wasn't from an E-mail that came through Declude? The ByteVerify exploit should be detected by the virus scanner, if a virus is detected that uses the exploit. Since the ByteVerify exploit is not dangerous by itself (a virus with the ByteVerify exploit should be detected, and such viruses are rare), Declude Virus does not include detection of this client-side vulnerability. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
