I did that a few weeks ago, and still have had a few slip through. F-Prot detects it as a "suspicious" file if I save the .zip attachment and try to extract the .exe from it.
G.Z. ----- Original Message ----- From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <Declude.JunkMail@declude.com> Sent: Tuesday, May 31, 2005 3:35 PM Subject: RE: [Declude.JunkMail] Virus Getting Through AV and FProt This has been covered for a couple of hours now on the Declude Virus list. You need to update your F-Prot configuration to include the virus code 8 as a match. John T eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of A. Clausen > Sent: Tuesday, May 31, 2005 1:29 PM > To: Declude JunkMail > Subject: [Declude.JunkMail] Virus Getting Through AV and FProt > > We're getting a virus coming through and its causing some strange results in > Declude AV. The file itself is a zip file called "2.zip" which contains the > file "02_05_2005.exe". In the Declude AV log we're seeing lines like this: > > 05/31/2005 09:07:28 Q8bbf2a5f00800b96 MIME file: 8.zip [base64; Length=18205 > Checksum=2348990] > 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Could not find parse string Infection > in report.txt > 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Error 8 in virus scanner 1. > 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Scanned: Error in virus scanner. > [MIME: 2 18323] > > Is FProt just behind in updating its definitions or is there something nasty > happening? > > -- > Aaron Clausen > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
