Marcus, interesting because NAI is not catching for us... we're at defs version 4.0.4331 and scan engine 4.3.20
Weird thing for us is that if we use the command line to scan file that is infected with bagle.h, then mcafee catches it. But not when it runs with declude using same command line command. Do you have anything special in your config? I am pasting below what we have in our virus cfg SCANFILE C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP /ANALYZE /NOBREAK /UNZIP /SILENT /NODDA /REPORT report.txt VIRUSCODE 13 REPORT Found Thanks Peter ----- Original Message ----- From: "Markus Gufler" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 02, 2004 11:39 AM Subject: RE: [Declude.Virus] "[Encrypted .ZIP file]" > > I've seen that NAI's engine is now able to detect Bagle.h even if contained > in passworded zip files. > > 03/02/2004 17:29:04 Qb64d05700068a0de Scanner 2: Virus=W32/Bagle.h!pwdzip > virus !!! Attachment=Readme.zip [18] I > 03/02/2004 17:29:04 Qb64d05700068a0de File(s) are INFECTED [[Encrypted .ZIP > file]: 13] > 03/02/2004 17:29:05 Qb64d05700068a0de Scanned: CONTAINS A VIRUS [MIME: 2 > 21347] > > > Markus > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry > > Sent: Tuesday, March 02, 2004 4:05 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.Virus] "[Encrypted .ZIP file]" > > > > > > >The interim release 1.78i5 appears to be making headway against the > > >encrypted .zip file but it appears that the sender is > > forged. Is this > > >suppose to be added to the SKIPIFFORGING database or should > > I add it to > > >the SKIPIFVIRUSNAMEHAS list and if so what should it be listed as? > > >"Encrypted .ZIP file".? > > > > Yes, that should work fine. > > > > -Scott > > --- > > Declude JunkMail: The advanced anti-spam solution for IMail > > mailservers since 2000. > > Declude Virus: Catches known viruses and is the leader in > > mailserver vulnerability detection. > > Find out what you've been missing: Ask for a free 30-day evaluation. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
