Jeff and Matt, Thanks for the advice, however I'm already blocking certain attachments (via BANEXT). Also, these particular attachments aren't encrypted archives (I'm blocking those too via BANEXT EZIP / BANEZIPEXTS ON). In this case the virus itself appears to be Base64 encrypted.
I was kinda hoping this was something that can be addressed in Declude, otherwise my faith in McAfee has been greatly shaken. Symantec has been detecting [EMAIL PROTECTED] since May 5th, and does so once the infected email makes onto the desktop. However the McAfee Command Line Scanner lets it slip right past. Since Symantec obviously catches it, it's too bad they won't allow their Command Line Scanner to work with Declude! Alan Walters Director of I.T. Royce Medical > From: "Jeff Maze" <[EMAIL PROTECTED]> > Beginning using the banned extension option with Declude (see virus.cfg). > Then any attachment with a .SCR or whatever is blocked at the server level > and the user doesn't see it. > From: Matt <[EMAIL PROTECTED]> > It's important to specify in this instance that in order to detect > encrypted archives (ZIP's or RAR's) one needs to be using the most > recent interim release, 1.79i9 and you can't be running Declude Virus > Lite (Scott would also mention having a current support contract). --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
