Declude / f-prot caught 5 different variants of eicar. Using Lite version, don't have per user settings available to me.
I believe that I was able to isolate the e-mail that contained the virus. It does not appear to have the "scanned by Declude Virus" message appended to it, which leads me to believe that maybe declude didn't submit it to f-prot? It does have headers that indicate that declude junkmail did its thing. Rob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, October 01, 2002 11:29 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Bugbear made it past declude / f-prot >Not sure why yet. > >Norton stopped it on my personal desktop. > >Since it made it through, is there anything I can provide to anyone to >help figure out why? > >F-prot is dated 9/30. >Declude is 1.60 >Imail is 7.13 >Win2k >Norton was updated yesterday, too. >I didn't have BANEXT exe (I do now!) First question: Is the eicar.com file caught when sent from the Test Virus Sender at http://www.declude.com/tools ? Second question: Do you have virus scanning disabled for any users/domains? Since we've seen the file sent in two different ways (both with and without the MIME Header vulnerability), there's a chance that there could be several variants out there, that aren't all getting caught yet. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
