Scott:
Is EICAR considered forged?
Using Tools page I sent myself tests for eicardynamicencodedzip and
eicarencodedzip. Both were stopped (see logs below) but no notice was
sent. Should I have gotten a notice if:
- Running i9
- VIRUS.CFG (logging MID) has BANEXT ZIP and BANEXT EZIP
- BANNOTIFY.EML has SKIPIFFORGED as first line (& no blank lines present
until after TO:, FROM:, and SUBJECT:
Log Entries (I altered declude addresses below)
============
03/04/2004 08:13:47 Q39990bd80066c421 Scanned: Banned file extension.
[MIME: 2 998]
03/04/2004 08:13:47 Q39990bd80066c421 From: webmaster-vir (at)
declude.com To: [EMAIL PROTECTED]
03/04/2004 08:13:47 Q39990bd80066c421 Subject: Test eicar.com file
[eicardynamicencodedzip]
03/04/2004 08:14:17 Q39b50bde006630a5 Scanned: Banned file extension.
[MIME: 2 889]
03/04/2004 08:14:17 Q39b50bde006630a5 From: webmaster-vir {at}
declude.com To: [EMAIL PROTECTED]
03/04/2004 08:14:17 Q39b50bde006630a5 Subject: Test eicar.com file
[eicarencodedzip]
Thanks,
John
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
