Scott,
I just had a user send me an email with all the signes of Bagle in it.
Password zip and all.
It came right throught to the user and then it was forwared to me.
When I try to extract the zip on a test system I get "invaild archive
format".
I am running declude 1.78i20 just updated Sophos and McAfee. I do not see
any errors in the log.
Scott do you want to look at this file?
The eicardynamicencodedzip does get caught.
This is the last bagle caught which is about the time I put 1.78i20 should I
roll back to 1.78i9? That is the last one I still have.
I am going to put BANEXTEZIP back in untill I here back.
03/10/2004 09:37:18 Q281c00850246389c Scanner 1: Virus= the W32/[EMAIL PROTECTED]
virus !!! Attachment=Attach.pif [24] I
03/10/2004 09:37:20 Q281c00850246389c Scanner 2: Virus= 'W32/Bagle-J' found
in file S:\spool\D281C0~1.VIR\\0.pif Attachment=Attach.pif [24] I
03/10/2004 09:37:20 Q281c00850246389c Invalid PIF Vulnerability
03/10/2004 09:37:20 Q281c00850246389c Found a bogus .pif file
03/10/2004 09:37:20 Q281c00850246389c File(s) are INFECTED [ the
W32/[EMAIL PROTECTED] virus !!!: 3]
03/10/2004 09:37:20 Q281c00850246389c Scanned: CONTAINS A VIRUS [MIME: 2
12781]
03/10/2004 09:37:20 Q281c00850246389c From: [Forged] To:
[EMAIL PROTECTED] [incoming from 63.115.32.27]
03/10/2004 09:37:20 Q281c00850246389c Subject: E-mail account disabling
warning.
Also this is what is in my .cfg
#
# The BANEXT option will let you ban file extensions. E-mails containing
attachments
# with these file extensions will be quarantined, and if you have a
BANnotify.EML file,
# it will be sent out. This works in the Standard and Pro versions.
#
BANZIPEXTS ON
BANEZIPEXTS ON
BANEXT asp
BANEXT ad
BANEXT adp
BANEXT asd
BANEXT bas
BANEXT bat
BANEXT com
BANEXT ceo
BANEXT cab
BANEXT chm
BANEXT cmd
BANEXT crt
BANEXT cpl
BANEXT dll
BANEXT exe
BANEXT hlp
BANEXT hta
BANEXT inf
BANEXT isp
BANEXT ins
BANEXT js
BANEXT jse
BANEXT lnk
BANEXT msi
BANEXT mst
BANEXT mdb
BANEXT mde
BANEXT msc
BANEXT msp
BANEXT nws
BANEXT ocx
BANEXT pcd
BANEXT pif
BANEXT reg
BANEXT scr
BANEXT sct
BANEXT shb
BANEXT sys
BANEXT swf
BANEXT shs
BANEXT url
BANEXT vbe
BANEXT vbs
BANEXT vb
BANEXT vbx
BANEXT wsc
BANEXT wsf
BANEXT wsh
BANEXT shs
BANEXT vsd
BANEXT vst
BANEXT vss
BANEXT vsw
BANEXT ws
BANEXT wsh
BANEXT xml
Thanks,
~Paul~
---
{This E-mail scanned for viruses by Declude Virus/McAfee}
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
