Erminio: I have a copy of this virus.. I don't think it is J. We have virus that is caught as J but this one that I have is not being caught.
I can gladly send it to you off list to test.. Kami -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of E. Ballerini Sent: Wednesday, March 03, 2004 9:16 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Update- New virus R. Scott Perry wrote: >> None are catching this. I just updated all the AV definitions and >> emialed me the same virus that arrived this morning.. > > This new one -- ("Dear user of your_domain.com e-mail server > gateway...") likely is not going to get caught by any virus scanners. > The only > information that an AV program has about an encrypted .ZIP file is the > filename, the size, and the CRC (a "fingerprint" of the file). This > virus (Bagle.J) make the filename, size, and CRC random, so it will be > nearly impossible for an AV program to detect it. Running McAfee WebShield 4.5 MR1a on a mailrelay before my mailserver (with Declude) with with Scan engine version 4.3.20 DAT version 4.3.4332 and it's detecting W32/[EMAIL PROTECTED] Erminio --- [This E-mail has been scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
