Also can anyone supply their current list of FORGINGVIRUS Kevin Bilbee
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Gary Steiner > Sent: Friday, October 27, 2006 4:19 PM > To: declude.virus@declude.com > Subject: RE: [Declude.Virus] AUTOFORGE > > Is the command FORGINGVIRUS still used? It doesn't seem to be > mentioned in the new manuals on the Declude web site, or in the > knowledgebase either. > > My main question is how does FORGINGVIRUS work? Is it looking for any > string within the virus name? For example, will the statement > > FORGINGVIRUS Stration > > pick up both "Worm.Stration.YY" and "I-Worm.Stration" as matches? > > Also, how is FORGINGVIRUS different from SKIPIFVIRUSNAME? Do you need > to have both statements in the virus.cfg or is that redundant? > > Thanks, > > Gary > > > -------- Original Message -------- > > From: "Colbeck, Andrew" <[EMAIL PROTECTED]> > > Sent: Friday, October 27, 2006 3:56 PM > > To: declude.virus@declude.com > > Subject: RE: [Declude.Virus] AUTOFORGE > > > > I suggested adding STRATION a week or more ago. > > > > Likewise, the string > > > > WAREZOV > > > > should be added to the AUTOFORGE database (or your own virus.cfg e.g. > > FORGINGVIRUS WAREZOV). There have been many interations of this > virus, > > and according to F-Secure, the creators are still pumping out new > > versions. > > > > Andrew. > > > > > > > > _____ > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > > Of Andy Schmidt > > Sent: Friday, October 27, 2006 6:03 AM > > To: 'Declude Virus List' > > Subject: [Declude.Virus] AUTOFORGE > > > > > > Hi, > > > > is this still being actively maintained? > > > > If so, > > > > W32/Stration.dldr > > > > should be added as forging. Based on bounces that I'm seeing > > (from inbound-only mailboxes on our domain) it is forging the sender. > > > > Best Regards > > Andy Schmidt > > > > Phone: +1 201 934-3414 x20 (Business) > > Fax: +1 201 934-9206 > > > > > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > > > > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > > > > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
