Re: [Declude.Virus] Virus and vulnerability
Hi, > >Below a report by Declude about a vulnerability and that is found in an > >attachment with an .exe name. I'm pretty sure that exe file is a virus but > >there is no virus name mentioned in the report by Declude. [.] > If a vulnerability is detected, Declude Virus will still send the > attachment to the virus scanner. If the virus scanner detects a virus, > Declude Virus will refer to the virus that was detected rather than the > vulnerability. > > So if Declude Virus reports a vulnerability, it means that no virus was > detected by the virus scanner. Well guess what, Scott, THANK YOU, because a few hours later today after the virusscanner was updated it turned out this exe file contained a virus called W32/Lirva.D@mm. Am I glad Declude is catching those MIME errors as well. :-) Groetjes, Bonno Bloksma Back up my hard drive? How do I put it in reverse? --- [This E-mail scanned for viruses by Declude Virus using f-prot] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Virus found in users folder
They do not have access to these domains at all. I have checked our proxy server log but cannot narrow down the domain which has the website which is infecting us. -Original Message- From: John Tolmachoff [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 3:17 PM To: [EMAIL PROTECTED] Cc: 'Scott R. Morgan' Subject: RE: [Declude.Virus] Virus found in users folder > The location is in the users temporary internet files folder. I believe that would be the key. Are they checking personal web mail, like yahoo or hotmail? John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Lentin.H virus
ok, thanks for the info I'll add it to the skipif list... bob On Tuesday, January 28, 2003 2:17 PM, John Tolmachoff <[EMAIL PROTECTED]> wrote: >> Just want to make sure on this... does this virus forge the sending >address? If so, is >> it an address taken from the infected address book like K L E >Z? > >Yes and not sure. > >John Tolmachoff MCSE, CSSA >IT Manager, Network Engineer >RelianceSoft, Inc. >Fullerton, CA 92835 >www.reliancesoft.com > > > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus".The archives can be found >at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Lentin.H virus
> Just want to make sure on this... does this virus forge the sending address? If so, is > it an address taken from the infected address book like K L E Z? Yes and not sure. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Lentin.H virus
Just want to make sure on this... does this virus forge the sending address? If so, is it an address taken from the infected address book like K L E Z? Yes and (most likely) yes. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] [Declude.Virus Digest]
Our clients run a full system scan every night and when it does it finds the following virus: www.myparty.yahoo[1],W32.Myparty@mm index[4].html,Trojan Horse The location is in the users temporary internet files folder. If the file is in the temporary Internet files folder, and is a .html file, it is almost certainly a virus that was from a web site and not downloaded via E-mail. I would like to track down the user/domain/ that email is coming from so that I can block it at the server. Any suggestions? If it is from E-mail, you would need to at least find out the E-mail address that it was sent from or the time that it was sent or received. From that, you could find out more information from the logs. But in this case, it appears to be from a web site. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
