Hmm.. The link you posted clearly shows this URLSpoof to be a Trojan. Such URL spoofing can result in attackers creating forged versions of legitimate sites in order to steal account information, personal information, etc. This I would think would warrant the immediate blocking of RTF documents until F-Prot can detect and delete the virus. On another note.. Word documents have been known to contain macro viruses.. Etc.
~Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Wednesday, January 14, 2004 11:31 AM - FamHost To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] URLSpoof contained within an RTF Doc This is just link obfuscation detection and not a virus. I assume that anti-virus companies are adding this stuff in so that they can protect people from phishing. From a mail server AV perspective, I don't personally believe it counts, this should be handled on the spam detection side. I would not turn off RTF documents for this reason, it would be like blocking Word documents because they were sometimes used in spam/phishing. There is no virus payload for this error. http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100927 Matt John Tolmachoff (Lists) wrote: Any update? John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: [EMAIL PROTECTED] [mailto:IMail_Forum- [EMAIL PROTECTED] On Behalf Of Rick Klinge Sent: Tuesday, January 13, 2004 11:01 PM To: [EMAIL PROTECTED] Subject: [IMail Forum] URLSpoof contained within an RTF Doc My Local AV went off and reported that it found an Exploit/URLSpoof that was contained in an attached RTF document. Is this a new ploy for the spammers to try and infect computers and force people to look at there spam? I'm running Declude with F-Prot AV on the server and Panda on my local. I've also added the BANEXT RTF to the virus.cfg file until I figure out what happened. Any input would be much appreciated. Thanks, ~Rick Just part of the email... The original was caught as spam too. ########################################################################## ## ######### # Panda Antivirus Platinum warning # The file was infected by the virus Exploit/URLSpoof and has been disinfected ########################################################################## ## ######### Welcome to E-Trading... ___________________________________________________________________ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== ___________________________________________________________________ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
