RE: [Declude.Virus] AUTOFORGE
Does anyone know why it was not possible to send messages to this list over the last 3-4 days? Also can anyone supply their current list of FORGINGVIRUS FORGINGVIRUS Anonymous Driver FORGINGVIRUS Antiman FORGINGVIRUS Bagle FORGINGVIRUS Bobax FORGINGVIRUS Breatel FORGINGVIRUS Bridex FORGINGVIRUS Bugbear FORGINGVIRUS Dumar FORGINGVIRUS Exploit-ObjectData FORGINGVIRUS Eyeveg FORGINGVIRUS Fizzer FORGINGVIRUS Ganda FORGINGVIRUS Holar FORGINGVIRUS Hybris FORGINGVIRUS IFrame FORGINGVIRUS IFromot FORGINGVIRUS Illwill FORGINGVIRUS Inor FORGINGVIRUS Ircbot2 FORGINGVIRUS Klez FORGINGVIRUS Kapser FORGINGVIRUS Lentin FORGINGVIRUS Lovgate FORGINGVIRUS Mabuto FORGINGVIRUS Magistr FORGINGVIRUS MiMail FORGINGVIRUS MyDoom FORGINGVIRUS Mytob FORGINGVIRUS Netsky FORGINGVIRUS ObjData FORGINGVIRUS Palyh FORGINGVIRUS Phish- FORGINGVIRUS Plexus FORGINGVIRUS Proxy-Cidra FORGINGVIRUS Reblin FORGINGVIRUS Scano FORGINGVIRUS Sober FORGINGVIRUS SoBig FORGINGVIRUS Stration FORGINGVIRUS Somefool FORGINGVIRUS Tanx FORGINGVIRUS Torvil FORGINGVIRUS Tricky-Malware-based! FORGINGVIRUS Trojan FORGINGVIRUS Wurmark FORGINGVIRUS Yaha FORGINGVIRUS Zafi FORGINGVIRUS Zerolin And maybe FORGINGVIRUS Unknown Virus Markus --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AUTOFORGE
Thanks for the list. I took your list and merged it with the list in declude from our install. FORGINGVIRUSAnonymous Driver FORGINGVIRUSAntiman FORGINGVIRUSAvril FORGINGVIRUSBagle FORGINGVIRUSBobax FORGINGVIRUSBraid FORGINGVIRUSBreatel FORGINGVIRUSBridex FORGINGVIRUSBugbear FORGINGVIRUSDumar FORGINGVIRUSDumaru FORGINGVIRUSEvaman FORGINGVIRUSExploit-ObjectData FORGINGVIRUSEyeveg FORGINGVIRUSFizzer FORGINGVIRUSGanda FORGINGVIRUSGibe FORGINGVIRUSHolar FORGINGVIRUSHybris FORGINGVIRUSIFrame FORGINGVIRUSIFromot FORGINGVIRUSIllwill FORGINGVIRUSInor FORGINGVIRUSIrcbot2 FORGINGVIRUSKapser FORGINGVIRUSKlez FORGINGVIRUSLentin FORGINGVIRUSLovgate FORGINGVIRUSMabut FORGINGVIRUSMabuto FORGINGVIRUSMagistr FORGINGVIRUSMiMai FORGINGVIRUSMiMail FORGINGVIRUSMyDoom FORGINGVIRUSMytob FORGINGVIRUSNetsky FORGINGVIRUSObjData FORGINGVIRUSPalyh FORGINGVIRUSPhish- FORGINGVIRUSPlexus FORGINGVIRUSProxy-Cidra FORGINGVIRUSReblin FORGINGVIRUSScano FORGINGVIRUSSefex FORGINGVIRUSSober FORGINGVIRUSSoBig FORGINGVIRUSSomefool FORGINGVIRUSStration FORGINGVIRUSSwen FORGINGVIRUSTanx FORGINGVIRUSTorvil FORGINGVIRUSTricky-Malware-based! FORGINGVIRUSTrojan FORGINGVIRUSUnknown FORGINGVIRUSVulnerability FORGINGVIRUSWurmark FORGINGVIRUSYaha FORGINGVIRUSZafi FORGINGVIRUSZerolin Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Monday, October 30, 2006 8:43 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AUTOFORGE Does anyone know why it was not possible to send messages to this list over the last 3-4 days? Also can anyone supply their current list of FORGINGVIRUS FORGINGVIRUS Anonymous Driver FORGINGVIRUS Antiman FORGINGVIRUS Bagle FORGINGVIRUS Bobax FORGINGVIRUS Breatel FORGINGVIRUS Bridex FORGINGVIRUS Bugbear FORGINGVIRUS Dumar FORGINGVIRUS Exploit-ObjectData FORGINGVIRUS Eyeveg FORGINGVIRUS Fizzer FORGINGVIRUS Ganda FORGINGVIRUS Holar FORGINGVIRUS Hybris FORGINGVIRUS IFrame FORGINGVIRUS IFromot FORGINGVIRUS Illwill FORGINGVIRUS Inor FORGINGVIRUS Ircbot2 FORGINGVIRUS Klez FORGINGVIRUS Kapser FORGINGVIRUS Lentin FORGINGVIRUS Lovgate FORGINGVIRUS Mabuto FORGINGVIRUS Magistr FORGINGVIRUS MiMail FORGINGVIRUS MyDoom FORGINGVIRUS Mytob FORGINGVIRUS Netsky FORGINGVIRUS ObjData FORGINGVIRUS Palyh FORGINGVIRUS Phish- FORGINGVIRUS Plexus FORGINGVIRUS Proxy-Cidra FORGINGVIRUS Reblin FORGINGVIRUS Scano FORGINGVIRUS Sober FORGINGVIRUS SoBig FORGINGVIRUS Stration FORGINGVIRUS Somefool FORGINGVIRUS Tanx FORGINGVIRUS Torvil FORGINGVIRUS Tricky-Malware-based! FORGINGVIRUS Trojan FORGINGVIRUS Wurmark FORGINGVIRUS Yaha FORGINGVIRUS Zafi FORGINGVIRUS Zerolin And maybe FORGINGVIRUS Unknown Virus Markus --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] AUTOFORGE
Hi, is this still being actively maintained? If so, W32/Stration.dldr should be added as forging. Based on bounces that I'm seeing (from inbound-only mailboxes on our domain)it is forging the sender. Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
RE: [Declude.Virus] AUTOFORGE
I suggested adding STRATION a week or more ago. Likewise, the string WAREZOV should be added to the AUTOFORGE database (or your own virus.cfg e.g. FORGINGVIRUS WAREZOV). There have been many interations of this virus, and according to F-Secure, the creators are still pumping out new versions. Andrew. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy SchmidtSent: Friday, October 27, 2006 6:03 AMTo: 'Declude Virus List'Subject: [Declude.Virus] AUTOFORGE Hi, is this still being actively maintained? If so, W32/Stration.dldr should be added as forging. Based on bounces that I'm seeing (from inbound-only mailboxes on our domain)it is forging the sender. Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
RE: [Declude.Virus] AUTOFORGE
Is the command FORGINGVIRUS still used? It doesn't seem to be mentioned in the new manuals on the Declude web site, or in the knowledgebase either. My main question is how does FORGINGVIRUS work? Is it looking for any string within the virus name? For example, will the statement FORGINGVIRUS Stration pick up both Worm.Stration.YY and I-Worm.Stration as matches? Also, how is FORGINGVIRUS different from SKIPIFVIRUSNAME? Do you need to have both statements in the virus.cfg or is that redundant? Thanks, Gary Original Message From: Colbeck, Andrew [EMAIL PROTECTED] Sent: Friday, October 27, 2006 3:56 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AUTOFORGE I suggested adding STRATION a week or more ago. Likewise, the string WAREZOV should be added to the AUTOFORGE database (or your own virus.cfg e.g. FORGINGVIRUS WAREZOV). There have been many interations of this virus, and according to F-Secure, the creators are still pumping out new versions. Andrew. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 27, 2006 6:03 AM To: 'Declude Virus List' Subject: [Declude.Virus] AUTOFORGE Hi, is this still being actively maintained? If so, W32/Stration.dldr should be added as forging. Based on bounces that I'm seeing (from inbound-only mailboxes on our domain) it is forging the sender. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AUTOFORGE
Also, how is FORGINGVIRUS different from SKIPIFVIRUSNAME? Do you need to have both statements in the virus.cfg or is that redundant? FORGINGVIRUS is in the virus.cfg file and it is to list those viruses that forge the from address. Then, in your various eml files, you just need to put in SKIPIFFORGINGVIRUS instead of having list list each SKIPIFVIRUSNAMEHAS John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AUTOFORGE
Also can anyone supply their current list of FORGINGVIRUS Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, October 27, 2006 4:19 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AUTOFORGE Is the command FORGINGVIRUS still used? It doesn't seem to be mentioned in the new manuals on the Declude web site, or in the knowledgebase either. My main question is how does FORGINGVIRUS work? Is it looking for any string within the virus name? For example, will the statement FORGINGVIRUS Stration pick up both Worm.Stration.YY and I-Worm.Stration as matches? Also, how is FORGINGVIRUS different from SKIPIFVIRUSNAME? Do you need to have both statements in the virus.cfg or is that redundant? Thanks, Gary Original Message From: Colbeck, Andrew [EMAIL PROTECTED] Sent: Friday, October 27, 2006 3:56 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AUTOFORGE I suggested adding STRATION a week or more ago. Likewise, the string WAREZOV should be added to the AUTOFORGE database (or your own virus.cfg e.g. FORGINGVIRUS WAREZOV). There have been many interations of this virus, and according to F-Secure, the creators are still pumping out new versions. Andrew. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 27, 2006 6:03 AM To: 'Declude Virus List' Subject: [Declude.Virus] AUTOFORGE Hi, is this still being actively maintained? If so, W32/Stration.dldr should be added as forging. Based on bounces that I'm seeing (from inbound-only mailboxes on our domain) it is forging the sender. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AUTOFORGE
I think you meant to say SKIPIFFORGING not SKIPIFFORGINGVIRUS. Original Message From: John T \(Lists\) [EMAIL PROTECTED] Sent: Friday, October 27, 2006 7:52 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AUTOFORGE Also, how is FORGINGVIRUS different from SKIPIFVIRUSNAME? Do you need to have both statements in the virus.cfg or is that redundant? FORGINGVIRUS is in the virus.cfg file and it is to list those viruses that forge the from address. Then, in your various eml files, you just need to put in SKIPIFFORGINGVIRUS instead of having list list each SKIPIFVIRUSNAMEHAS John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AUTOFORGE
OOPS, brainfart. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, October 27, 2006 5:07 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AUTOFORGE I think you meant to say SKIPIFFORGING not SKIPIFFORGINGVIRUS. Original Message From: John T \(Lists\) [EMAIL PROTECTED] Sent: Friday, October 27, 2006 7:52 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AUTOFORGE Also, how is FORGINGVIRUS different from SKIPIFVIRUSNAME? Do you need to have both statements in the virus.cfg or is that redundant? FORGINGVIRUS is in the virus.cfg file and it is to list those viruses that forge the from address. Then, in your various eml files, you just need to put in SKIPIFFORGINGVIRUS instead of having list list each SKIPIFVIRUSNAMEHAS John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Autoforge question misc.
The autoforge option in declude virus, what port does it comunicate on? Need to make sure it's open. Also, our to declude programmer guys...I don't know about the feasibility, how about an idea for the future? Phishing. Have some sort of online db. Many on this list report phishing to the list and I'm sure computerized horizons recieves it's share. Have some sort of online db that declude junkmail or virus checks. I know it won't get rid of it completely, but it might help block a percentage.
Re: [Declude.Virus] Autoforge question misc.
The autoforge option in declude virus, what port does it comunicate on? Need to make sure it's open. It uses DNS packets (in an almost identical way to spam database lookups), so no port changes need to be made. Also, our to declude programmer guys...I don't know about the feasibility, how about an idea for the future? Phishing. Have some sort of online db. Many on this list report phishing to the list and I'm sure computerized horizons recieves it's share. Have some sort of online db that declude junkmail or virus checks. We're investiaging a number of ways to deal with phishing. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] AUTOFORGE
Hi, I'm running the 1.77 beta and over the past month I'm not sure this feature is working correctly. With this beta it's on by default but it didn't seem to be working so I added AUTOFORGE ON Is the new Mydoom listed and is there a way to find what other virus the AUTOFORGE are listing? Is there a way to check to see if this feature is working on my system? I have been adding the previous viruses with the AUTOFORGE line. Thanks, Mike --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.