[Mimedefang] Virus Definition Question / Bagle.H alert
OK, as stupid as it may sound, I typically am on the leading edge for receiving viruses but I have no idea how to submit them to anyone. Does anyone know the fastest, easiest way for a legit technical person to submit a virus email? As a note, the new Bagle.H is detected by Symantec 3/1/04 rev22 defs but McAfee with 4330 dat does NOT detect it. I *had* to download the Daily Dat (Beta) from http://download.nai.com/products/mcafee-avert/daily_dats/DAILYDAT.ZIP. Now back to your regularly scheduled list. KAM ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Virus Definition Question / Bagle.H alert
On Tue, 2 Mar 2004, Kevin A. McGrail wrote: OK, as stupid as it may sound, I typically am on the leading edge for receiving viruses but I have no idea how to submit them to anyone. Does anyone know the fastest, easiest way for a legit technical person to submit a virus email? As a note, the new Bagle.H is detected by Symantec 3/1/04 rev22 defs but McAfee with 4330 dat does NOT detect it. I *had* to download the Daily Dat (Beta) from http://download.nai.com/products/mcafee-avert/daily_dats/DAILYDAT.ZIP. This is an OT followup, but it may be relevant to this issue. We found that NAI's uvscan did not correctly detect a recent Netsky variant until after we upgraded our scan engine from v4.1.60 (?) to v4.3.20. This was uvscan on Solaris. Lew Lefton ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Virus Definition Question / Bagle.H alert
Kevin A. McGrail said: As a note, the new Bagle.H is detected by Symantec 3/1/04 rev22 defs but McAfee with 4330 dat does NOT detect it. I *had* to download the Daily Dat (Beta) from http://download.nai.com/products/mcafee-avert/daily_dats/DAILYDAT.ZIP. mcafee detects it as: This mcafee extra.dat file detects it as: Found the W32/Bagle.gen!pwdzip (ED) This finally catches it! http://vil.nai.com/vil/content/v_101069.htm http://a64.g.akamai.net/7/64/2015/2004-02-20-05/download.nai.com/products/mc afee-avert/101068-a.zip bash-2.05a# uvscan --secure /root/TextFile.zip /root/TextFile.zip Found the W32/Bagle.gen!pwdzip (ED) virus !!! -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Virus Definition Question / Bagle.H alert
On Mar 2, 2004, at 7:03 AM, [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote on 03/02/2004 09:36:50 AM: OK, as stupid as it may sound, I typically am on the leading edge for receiving viruses but I have no idea how to submit them to anyone. Does anyone know the fastest, easiest way for a legit technical person to submit a virus email? [EMAIL PROTECTED] Symantec: http://sarc.com/avcenter/submit.html Network Associates: http://vil.nai.com/vil/submit-sample.asp ClamAV: http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang Loren K Louthan Government's view of the economy could be summed up in a few short phrases: If it moves, tax it. If it keeps moving, regulate it. And if it stops moving, subsidize it. -Ronald Wilson Reagan ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
OT: Re: [Mimedefang] Virus Definition Question / Bagle.H alert
Thanks. Yeah, the 4331 release did start catching the virus. Thanks for the updates and the submissions. Still looks like I can't submit to Symantec though without bringing the virus down to a windows box first, sigh. Regards, KAM ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang