Re: [Declude.Virus] Netsky.P Occasionally Slips through?
Actually, I am running the newest F-Prot, and they're still slipping through. Winzip opens these files just fine as well, and Symantec Corp seems to be able to scan and detect the issue without any problems. They keep rolling in, makes me a little nervous, and customers sure hate it. Given that you have 3 virus scanners, and only one (F-Prot) sees any problems, and it doesn't even detect a virus, it sounds like this isn't something that the AV companies are detecting. My advice would be to send the .ZIP file to the AV companies, and see what they say. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Netsky.P Occasionally Slips through?
Actually, I am running the newest F-Prot, and they're still slipping through. Winzip opens these files just fine as well, and Symantec Corp seems to be able to scan and detect the issue without any problems. They keep rolling in, makes me a little nervous, and customers sure hate it. I'd block the suspicious ones from F-Prot, but I just know people are tossing around macro'd XLS and DOCs all the time. Jonathan At 06:44 AM 3/30/2004, you wrote: I sent one. There have been several, not sure if the one I sent is indicative of all of them, but it's the only one I could easily get out of a local quarantine. A standard copy of pkunzip.exe won't extract the virus from the .ZIP file you sent, so it is probably corrupt. I would recommend upgrading to the latest version of F-Prot -- I believe that they came out with a new version to address .ZIP files like this one. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Netsky.P Occasionally Slips through?
the same happens here with f-prot for dos: 14:57:39.69 4 EXTFILTER(ANTIVIRUS) inp(39): * start virusscan for Queue\1730292.msg 14:57:40.64 4 EXTFILTER(ANTIVIRUS) inp(97): * Found the W32/[EMAIL PROTECTED] virus !!! in Queue\1730292.msg MCAFEE. 14:57:41.36 4 EXTFILTER(ANTIVIRUS) inp(54): * Message Queue\1730292.msg seems to be clean (F-Prot) 14:57:45.31 4 EXTFILTER(ANTIVIRUS) inp(83): * identified I-Worm/Netsky.Q in Queue\1730292.msg AVG. Adrian - - Original Message - From: "Jonathan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 30, 2004 12:43 PM Subject: Re: [Declude.Virus] Netsky.P Occasionally Slips through? > I sent one. There have been several, not sure if the one I sent is > indicative of all of them, but it's the only one I could easily get out of > a local quarantine. > > Jonathan > > At 07:51 PM 3/29/2004, you wrote: > > > >>F-Prot's manual scan results: > >>C:\eudora\ATTACH\document_all02c.zip->document.txt > >> a security risk or a "backdoor" program > > > >That sounds like an exit code of 8, meaning that F-Prot detected a > >suspicious file, but not a virus. > > > >Would it be possible to E-mail the .ZIP file to the declude.com virustrap@ > >address, so we can analyze it? > > > >-Scott > >--- > >Declude JunkMail: The advanced anti-spam solution for IMail mailservers > >since 2000. > >Declude Virus: Ultra reliable virus detection and the leader in mailserver > >vulnerability detection. > >Find out what you've been missing: Ask for a free 30-day evaluation. > > > >--- > >[This E-mail was scanned for viruses by Declude Virus > >(http://www.declude.com)] > > > >--- > >This E-mail came from the Declude.Virus mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.Virus".The archives can be found > >at http://www.mail-archive.com. > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Netsky.P Occasionally Slips through?
Just add the VIRUSCODE 8 to the config files. Note that it may have some false positives, but we are OK with that. Would rather that than a possible virus getting thru. Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Douglas Cohn Sent: Tuesday, March 30, 2004 9:57 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Netsky.P Occasionally Slips through? If F-prot notes a file as suspicious is it stopped by declude or passed. Can this be a setting possibly? IE if F-prot notes it as suspicious allow declude to block it. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, March 29, 2004 8:52 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Netsky.P Occasionally Slips through? >F-Prot's manual scan results: >C:\eudora\ATTACH\document_all02c.zip->document.txt > a security risk or a "backdoor" program That sounds like an exit code of 8, meaning that F-Prot detected a suspicious file, but not a virus. Would it be possible to E-mail the .ZIP file to the declude.com virustrap@ address, so we can analyze it? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Netsky.P Occasionally Slips through?
If F-prot notes a file as suspicious is it stopped by declude or passed. Can this be a setting possibly? IE if F-prot notes it as suspicious allow declude to block it. You can add a line "VIRUSCODE 8" to your \IMail\Declude\virus.cfg file to block E-mails that F-Prot considers suspicious. However, this has been known to block legitimate E-mails with .doc/.xls files with macros in them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.