Scott, I just had a user send me an email with all the signes of Bagle in it. Password zip and all. It came right throught to the user and then it was forwared to me. When I try to extract the zip on a test system I get "invaild archive format". I am running declude 1.78i20 just updated Sophos and McAfee. I do not see any errors in the log. Scott do you want to look at this file?
The eicardynamicencodedzip does get caught. This is the last bagle caught which is about the time I put 1.78i20 should I roll back to 1.78i9? That is the last one I still have. I am going to put BANEXTEZIP back in untill I here back. 03/10/2004 09:37:18 Q281c00850246389c Scanner 1: Virus= the W32/[EMAIL PROTECTED] virus !!! Attachment=Attach.pif [24] I 03/10/2004 09:37:20 Q281c00850246389c Scanner 2: Virus= 'W32/Bagle-J' found in file S:\spool\D281C0~1.VIR\\0.pif Attachment=Attach.pif [24] I 03/10/2004 09:37:20 Q281c00850246389c Invalid PIF Vulnerability 03/10/2004 09:37:20 Q281c00850246389c Found a bogus .pif file 03/10/2004 09:37:20 Q281c00850246389c File(s) are INFECTED [ the W32/[EMAIL PROTECTED] virus !!!: 3] 03/10/2004 09:37:20 Q281c00850246389c Scanned: CONTAINS A VIRUS [MIME: 2 12781] 03/10/2004 09:37:20 Q281c00850246389c From: [Forged] To: [EMAIL PROTECTED] [incoming from 63.115.32.27] 03/10/2004 09:37:20 Q281c00850246389c Subject: E-mail account disabling warning. Also this is what is in my .cfg # # The BANEXT option will let you ban file extensions. E-mails containing attachments # with these file extensions will be quarantined, and if you have a BANnotify.EML file, # it will be sent out. This works in the Standard and Pro versions. # BANZIPEXTS ON BANEZIPEXTS ON BANEXT asp BANEXT ad BANEXT adp BANEXT asd BANEXT bas BANEXT bat BANEXT com BANEXT ceo BANEXT cab BANEXT chm BANEXT cmd BANEXT crt BANEXT cpl BANEXT dll BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT isp BANEXT ins BANEXT js BANEXT jse BANEXT lnk BANEXT msi BANEXT mst BANEXT mdb BANEXT mde BANEXT msc BANEXT msp BANEXT nws BANEXT ocx BANEXT pcd BANEXT pif BANEXT reg BANEXT scr BANEXT sct BANEXT shb BANEXT sys BANEXT swf BANEXT shs BANEXT url BANEXT vbe BANEXT vbs BANEXT vb BANEXT vbx BANEXT wsc BANEXT wsf BANEXT wsh BANEXT shs BANEXT vsd BANEXT vst BANEXT vss BANEXT vsw BANEXT ws BANEXT wsh BANEXT xml Thanks, ~Paul~ --- {This E-mail scanned for viruses by Declude Virus/McAfee} --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.