11:23 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Blocking the files in mydoom /Archive=3
Correct if you do not use that option F-prot will only search one
level,
that option tells F-Prot to search zips within zips. I think you need
Version 3.14e or better to use this option
You are way behind the times if all you block are com files. What about exe,
bat, cmd and a list of others?
Also, I have temporarily blocked all zip files, as I am seeing quite a few
that are not being caught by banned extension or F-Prot or AVG. I am
investigating these.
John Tolmachoff
I am running Declude 1.79 and this is in my CFG file:
BANEZIPEXTS ON
BANEXT com
That won't catch Mydoom.O. That's because Mydoom.O uses .com files in
non-encrypted .ZIP files (the above settings block .com files in encrypted
.ZIP files, but not standard .ZIP files). You would want to use
Something must be broken or something must be unusual about this file. I
just added
BANEXT ZIP
It is catching other files that I have banned. And I was able to forward
this file ([EMAIL PROTECTED])to myself from a user that sent it to
me. Does declude treat a forwarded file differently somehow?
Something must be broken or something must be unusual about this file. I
just added
BANEXT ZIP
It is catching other files that I have banned. And I was able to forward
this file ([EMAIL PROTECTED])to myself from a user that sent it to
me. Does declude treat a forwarded file differently somehow?
Scott,
Are you available to do a telephone interview for Information week today?
Barry
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Monday, July 26, 2004 3:50 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Blocking the files in MyDoom
You are way behind the times if all you block are com files. What about exe,
bat, cmd and a list of others?
Also, I have temporarily
]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Monday, July 26, 2004 3:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Blocking the files in mydoom
Something must be broken or something must be unusual about this file.
I just added
BANEXT ZIP
It is catching other files
I am.
- Original Message -
From: Barry @ CPHZ [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 1:25 PM
Subject: RE: [Declude.Virus] Blocking the files in mydoom
Scott,
Are you available to do a telephone interview for Information week today?
Barry
07/26/2004 15:32:21 Q6a3e178601c0f0dc Warning: misconfiguration in following
line in configuration file (BOUNCE is not an ACTION). May be a duplicate
test definition?
That's because about 90% of the people using the BOUNCE action in Declude
JunkMail were doing so in a very, very bad way
:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Blocking the files in mydoom
Something must be broken or something must be unusual about this file. I
just added
BANEXT ZIP
It is catching other files that I have banned. And I was able to forward
this file ([EMAIL PROTECTED])to myself
Anything to stop double file extensions? I'd like to get this stopped ASAP
Since the files are presumably not dangerous, that is a job for Declude
JunkMail -- using Declude JunkMail Pro, you can set up a filter such as
BODY 0 CONTAINS example.com.zip.
Maybe even a BANZIPEXT ON (not just e-zip) so that people
can get zipped .JPGs but not zipped .exe's
BANZIPEXTS ON is in v1.79. For any file extension that you ban with the
BANEXT option, it will then be blocked if it is in a .ZIP file as well.
Technical Support
- Original Message -
From: Jim Nitterauer [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 16.37
Subject: RE: [Declude.Virus] Blocking the files in mydoom
Question:
My declude log contains the following cryptic message:
07/26/2004 15:32:21
I am seeing this to, I also have zip files blocked until things chill out.
Symantec still has this listed as mydoom.m but its at level 4 now
Also, I have temporarily blocked all zip files, as I am seeing quite a few
that are not being caught by banned extension or F-Prot or AVG. I am
: Monday, July 26, 2004 3:46 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Blocking the files in mydoom
Jim,
Because lots of customers were using the BOUNCE action without realizing
that, in the majority of cases, the bounced message would never go back to
the spammer who forged the originating
:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Monday, July 26, 2004 3:42 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Blocking the files in mydoom
07/26/2004 15:32:21 Q6a3e178601c0f0dc Warning: misconfiguration in
following line in configuration file (BOUNCE is not an ACTION). May
Will we be getting separate extension lists for normal files and inside
zips soon?
For Example:
Block EXE but allow EXE inside Zips (I'd like to block them but I'd get hung)
Block COM and SRC in both places.
It's something that we would like to add to Declude Virus, but I can't say
for sure
Please excuse me, but I'm having trouble figuring out exactly what is
going on here.
It sounds like this virus is double-zipping files, and that this
technique is tricking the virus scanners. Is that correct?
If so, BANZIPEXTS, which will by default ban double-zips in addition to
other
I know this is a busy day to bug about this but . . .
Will we be getting separate extension lists for normal files and inside
zips soon?
For Example:
Block EXE but allow EXE inside Zips (I'd like to block them but I'd get
hung)
Block COM and SRC in both places.
Currently I block extensions
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Monday, July 26, 2004 3:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Blocking the files in mydoom
Something must be broken or something must be unusual about this file.
I
: Monday, July 26, 2004 5:07 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Blocking the files in mydoom
Please excuse me, but I'm having trouble figuring out exactly what is
going on here.
It sounds like this virus is double-zipping files, and that this
technique is tricking the virus
22 matches
Mail list logo
