RE: [Declude.Virus] Beagle@mm!zip got past declude & fprot
The BANZIPEXTS and BANEZIPEXTS just tell it to ban files inside the zip file if they match on of the BANEXT extensions. Therefore it will not catch encrypted zip files unless it has a file with any of those extensions in it. If you want to catch ALL encrypted Zip files you need to add BANEXT EZIP to your list. Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Donn Bly Sent: Monday, March 22, 2004 4:10 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] [EMAIL PROTECTED] got past declude & fprot I'm running Declude 1.78i27 I'm running FProt 3.14e I just had a customer send me an email that they received that was questionable, and Norton on my desktop caught it as [EMAIL PROTECTED] -- which has been out for a couple of weeks. Since this is an encrypted EXE inside of a zip file, it doesn't suprise me that FProt didn't catch it (actually, according to the log it gave an errorlevel 8), but I thought I had it banned by declude. I have the following in my virus.cfg. BANEXT ocx BANEXT scr BANEXT bat BANEXT vbs BANEXT dll BANEXT pif BANEXT wsh BANEXT cmd BANEXT nws BANEXT exe BANZIPEXTS OFF BANEZIPEXTS ON The idea was that I will let anything go through in a standard zip, but not as a stand-alone file or encrypted in an archive. Where did I screw up? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Beagle@mm!zip got past declude & fprot
I'm running Declude 1.78i27 I'm running FProt 3.14e I just had a customer send me an email that they received that was questionable, and Norton on my desktop caught it as [EMAIL PROTECTED] -- which has been out for a couple of weeks. Since this is an encrypted EXE inside of a zip file, it doesn't suprise me that FProt didn't catch it (actually, according to the log it gave an errorlevel 8), but I thought I had it banned by declude. The problem is: BANEXT exe BANZIPEXTS OFF BANEZIPEXTS ON The idea was that I will let anything go through in a standard zip, but not as a stand-alone file or encrypted in an archive. These lines will ban .exe files within encrypted .ZIP files, but only if you are using Declude Virus Pro (the Standard and Lite versions do not support the banning of file extensions within .ZIP files). If you add a line "BANEXT EZIP" to the \IMail\Declude\virus.cfg file (with the latest interim, which you are running), then all encrypted .ZIP Files will get caught. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Beagle@mm!zip got past declude & fprot
I'm running Declude 1.78i27 I'm running FProt 3.14e I just had a customer send me an email that they received that was questionable, and Norton on my desktop caught it as [EMAIL PROTECTED] -- which has been out for a couple of weeks. Since this is an encrypted EXE inside of a zip file, it doesn't suprise me that FProt didn't catch it (actually, according to the log it gave an errorlevel 8), but I thought I had it banned by declude. I have the following in my virus.cfg. BANEXT ocx BANEXT scr BANEXT bat BANEXT vbs BANEXT dll BANEXT pif BANEXT wsh BANEXT cmd BANEXT nws BANEXT exe BANZIPEXTS OFF BANEZIPEXTS ON The idea was that I will let anything go through in a standard zip, but not as a stand-alone file or encrypted in an archive. Where did I screw up? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.