Maybe F-Prot is tagging this example file in heuristics because it isn't really a virus, and real viruses will get blocked with the normal result code once detected??? Here's my current F-Prot config, but note that there are some new switches that I haven't made use of and there has been little discussion about here:
C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOBOOT /NOMEM /ARCHIVE=5 /PACKED /DUMB /REPORT=report.txt
I noted that Scott posted about the first JPG virus being in the wild, but I believe that this is actually just the one isolated to the newsgroups at the moment, and the real trouble will probably not arrive for another 24 to 72 hours.
---Note to Scott---
Scott, please consider allowing us to specify the file types that are within encrypted archives instead of just relying on the list of banned extensions. It seems fairly certain that this virus will be released within an encrypted zip and as things stand, my system isn't protected under the BANEZIPEXTS ON setting, and this setting will become completely useless once one is released this way since we aren't going to add JPG's to our list of banned extensions, but I would certainly add it to a list of banned EZIP's instead of being forced to block all EZIP's. If you don't allow for this, you ought to retire the BANEZIPEXTS functionality once this becomes reality, but I would prefer to be a step ahead on something this obvious.
Thanks,
Matt
marc wrote:
installed 1.80 declude virus (restart imail smtp) and sending the infected JPEG jpegcompoc.zip (http://www.gulftech.org/?node=downloads) it was not automatically detect and goes trough, using F-Prot 3.15B updated.
virus.cfg:
SCANFILE C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /REPORT=report.txt
# SKIPEXT GIF # SKIPEXT JPG SKIPEXT TXT SKIPEXT MPG SKIPEXT PNG
A Desktop AV F-Prot 3.15B (same version and updates) detect the JPEG exploit. any ideas?
marc
At 23:31 27.09.2004, you wrote:
Same here. Is there a way to make f-prot w\Declude catch these?
The latest release of Declude Virus will automatically detect the GDIPlus.dll JPEG exploit.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
[Scanned for viruses by Declude Virus]
[Scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
