I see.. but I was wondering why the List Server allowed it to continue on.. is it that the list server doesn't 'see' it too? I would think that they are using the Norton's Viri Scanner. I understand that we use the declude with f-prot via dos and that our email server didn't catch it either - but my last line of defense, my local av (panda), did catch it (as an exploit)
~Rick R. Scott Perry wrote: > >> > Actually, what was caught was an exploit. Exploits (or >> vulnerabilities) >> > may or may not contain a virus. In this case, it contained a partial >> > encoded virus that (again, in this case) could not do any damage. >> Whether >> > or not something like this gets detected depends on the AV software >> being >> > used. > > >> Well somebody's software missed something somewhere... List Server? > > > The virus was not missed. > > The virus was sent to the original poster's server. They are running > IMail AntiVirus, which caught the virus (just as Declude would have on > your server). The difference is that IMail AntiVirus sends out a > notification that includes part of the original E-mail (whereas Declude > Virus does not). The notification that IMail AntiVirus sent out had a > non-viable MIME exploit that contained a non-viable virus (IE you would > have to manually manipulate the E-mail to get the MIME exploit to work, > and even then, you wouldn't have a virus that could infect you). > > Declude Virus does not treat that E-mail as an exploit, since it isn't > really one (although it once was dangerous, it is no longer). Some AV > programs will pick it up as either an exploit or a virus, depending on > what they see in there -- but in either case, the E-mail was not dangerous. > > In this case, there is no actual need to detect the exploit/virus (since > neither are viable, and can't do any damage). However, it can't hurt to > detect it, since it *is* an E-mail that once had dangerous content in > it, and really should not be spread any further. > > -Scott ___________________________________________________________________ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
