RE: [IMail Forum] URLSpoof contained within an RTF Doc

[Adrian Portway]

I have just bought a new laptop with Panda AV pre installed. When I ran a full scan on the system today Panda AV found 8 "infected" files, all of these where in a sub mailbox of Eudora where only my E mails from this list are stored! Since I had moved this mailbox from my old machine which ran Norton AV and never reported a problem I know that there are no viruses there.

This appears to me a case of the AV vendor/vendors trying to protect the user from themselves, I have yet to find anywhere in the settings where this type of checking can be switched off. I object to this type of approach by software vendors, at my company we have always felt that our software should allow the user to take a course of action if they choose (although we warn them of the possible consequences). Surely it's better to educate the user than just stop them dead.

Alternatively we could start marketing the ultimate AV program.

Roll up, roll up for the latest in Anti virus technology, install this on your machine and never get virus again, of course once we've removed the ability to connect to the Internet you will be unable to get e mail or shop on e Bay so you may just want to give you computer to the local school.

After I have run this idea past our marketing people and developers I will be looking for an AV program that allows me to have some input into what I can do on my own machine.

Adrian

At 17:55 14/01/2004, you wrote:

Still awaiting too.. I just can't believe that this URLSpoof could be
contained within an RTF attached document.

This is a recently discovered vulnerability in IE, where it will display the wrong address.  As a result, you may see "www.example.com" in the address bar of the browser, but you really may be at http://www.free_web_hosting.com/~spammer/buyitnow.htm.

This is not a trojan, despite what McAfee claims.

Although it is a serious problem, it is not the job of a virus scanner to detect this.  It is the job of anti-spam software to catch such E-mail, unless it contains a virus, which is highly unlikely (why send someone to a website and hide the name of the website, if you want them to open a virus in the E-mail?).

                                                   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


--
Inbound virus scan: ok
Scanned by IKcogg-1 server
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.211 / Virus Database: 261.6.2 - Release Date: 13/01/2004