Thank you John but,
BANNAME mailtext.zip
...is this really the only name used by this variant?
I'm feeling a little bit bad, while adding and adding BANNAMEs to the
virus.cfg file.
First as sayd yesterday I feel there are many many BANNAME entries that are
not more accurate or spreading
file (ZIP-EXE).
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Markus Gufler
Sent: Friday, November 25, 2005 12:21 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Another Sober out. (= idea)
Thank you John
I am scanning for viruses first. I block executables within
zips.
Yes I know you can do this.
But on my systems banning exe in zips is like having a restaurant where
people can eat but drinking is not allowed.
Markus
---
This E-mail came from the Declude.Virus mailing list. To
, 2005 12:46 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Another Sober out. (= idea)
I am scanning for viruses first. I block executables within
zips.
Yes I know you can do this.
But on my systems banning exe in zips is like having a restaurant where
people can eat
Well, I would say it is more like a restaurant but you can
not get blow fish, alcohol, cigarettes, 10 Lbs of greasy
French fries, etc.
Yes and in my case as alcohol is prohibited you can't have neither an
excellent glass of wine.
Some of our customers and partners are providing application
: RE: [Declude.Virus] Another Sober out. (= idea)
Thank you John but,
BANNAME mailtext.zip
...is this really the only name used by this variant?
I'm feeling a little bit bad, while adding and adding BANNAMEs to the
virus.cfg file.
First as sayd yesterday I feel there are many many BANNAME entries
Seems like AV companies need to start using more advanced
pattern matching to catch these variants, rather than relying
on specific signatures.
It's only a question of time that AV-engines will run a virtual PC sandbox
and let start inside the suspicious file. If certain actions are taken
