>From what I have been told the new patterns that Trend released give their products the logic to scan the message body for a string that would represent a password for the zip and then the product uses that password to open the zip and scan it.
> Does anyone know what the new features are for this scan engine by any = > chance? =20 > > Because I was on the phone with a Trend Engineer and they were saying = > that they are well aware of people requesting that their product scan = > inside of a zip file. She said that it will be released later on down = > the road. Now I'm wondering since allot of the new viruses are coming = > through zip files if they may have bumped up the process of getting that = > feature out to it's customers. > > Thank you, > > __________________ > John Bowles > Exchange Engineer > OIG/HHS > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> =20 > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > Montano, Greg > Sent: Wednesday, March 03, 2004 10:22 AM > To: Exchange Discussions > Subject: RE: Time to start preparing - bagle.h > > > Thank you sir. > > Loads of funning dealing with corrupted zip virus!=20 > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Aaron > Brasslett > Sent: Tuesday, March 02, 2004 1:28 PM > To: Exchange Discussions > Subject: RE: Time to start preparing - bagle.h > > Go into Antigen Client, Under the Setup bar, choose General Options, the > checkbox is about half way into the Scanning section. > > Aaron > > -----Original Message----- > From: Montano, Greg [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 02, 2004 1:23 PM > To: Exchange Discussions > Subject: RE: Time to start preparing - bagle.h > > > Where is that option?=20 > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Aaron > Brasslett > Sent: Tuesday, March 02, 2004 12:15 PM > To: Exchange Discussions > Subject: RE: Time to start preparing - bagle.h > > Use Antigen and enabled 'Delete Encrypted Compressed Files'. > > -----Original Message----- > From: Steve [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 02, 2004 12:08 PM > To: Exchange Discussions > Subject: Time to start preparing - bagle.h > > > Well I think we all saw this coming. Originally it was safe to allow > zip's > to pass through and we all know that is no longer true. I personally > have > been at a 0 day infection site (when no pattern file was > available) twice in the past 3 weeks for two different worms that came > in as > zip files Now this: > > http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=3DWORM_BA= > G > LE.H > > > A worm\virus that comes in as a password protected zip. Now things are > going to get interesting on how we protect our mail systems. Any one > have > any thoughts? One of the ideas that is being tossed around here is > stripping all attachments and storing them in a central DB and replacing > the > attachments with URLs (via 3rd party program most likely). This would > put > all the attachments in a central store and be easier to manage and > during an > outbreak we would have more power over the data in that repository and > who > can access it (makes cleaning up easier too I would think). Anyhow, > time to > start planning and being proactive....any ideas? > > Steve > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchange&text_mode=3D= > & > lang > =3Denglish > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchange&text_mode=3D= > & > lang=3Denglish > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchange&text_mode=3D= > & > lang > =3Denglish > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchange&text_mode=3D= > & > lang=3Denglish > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: = > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=3Dexchange&text_mode=3D= > &lang=3Denglish > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
