[Declude.Virus] Bannotify.eml skipifsender forged
Would it work to put SKIPIFSENDER [Forged] in the top of the bannotify.eml file? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] W32.Netsky.B@mm Slipping through
We've gotten several, here are a couple: 02/18/2004 10:33:12 Q93c835e1004873e1 Scanned: Virus Free [MIME: 2 22065] 02/18/2004 15:56:37 Qdf95a7880150b2de Scanned: Virus Free [MIME: 2 22057] Running F-Prot, Mcafee and now AVG. The "Virus Free" message means that none of the virus scanners detected a virus. Most likely, these are corrupt, non-viable variants. With Netsky, we've seen a version in .ZIP files that were corrupt (yet about the same size as normal), so that it would not be possible to extract the virus out of the .ZIP file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Bannotify.eml skipifsender forged
Would it work to put SKIPIFSENDER [Forged] in the top of the bannotify.eml file? No. If a virus is detected, the bannotify.eml file won't be sent out (virus scanning takes priority over banned file extensions). Without knowing the name of a virus, it is not possible to determine if it is a forging virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Bannotify.eml skipifsender forged
> No. If a virus is detected, the bannotify.eml file won't be > sent out (virus scanning takes priority over banned file > extensions). Without knowing the name of a virus, it is not > possible to determine if it is a forging virus. Ok, I understand. Today I've had the following NDR in the postmaster mailbox: = Unknown user: [EMAIL PROTECTED] Original message follows. Date: Mon, 23 Feb 2004 09:23:35 +0100 Message-Id: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable From: "Postmaster" <[EMAIL PROTECTED]> Reply-To: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Delivery Failed X-Mailer: Sender: [EMAIL PROTECTED] Recipient: [EMAIL PROTECTED] Extension: pif = I the logfile I can see the following 3 lines for the message causing the bannotify message above: 02/23/2004 09:23:35 Qb88600530094b521 Scanned: Banned file extension. [MIME: 2 41] 02/23/2004 09:23:35 Qb88600530094b521 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] 02/23/2004 09:23:35 Qb88600530094b521 Subject: hello There is no "Virus free" above this two lines. As it was this single NDR I've received it seems nothing very important. Only to understand why... Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Bannotify.eml skipifsender forged
I the logfile I can see the following 3 lines for the message causing the bannotify message above: 02/23/2004 09:23:35 Qb88600530094b521 Scanned: Banned file extension. [MIME: 2 41] 02/23/2004 09:23:35 Qb88600530094b521 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] 02/23/2004 09:23:35 Qb88600530094b521 Subject: hello There is no "Virus free" above this two lines. That is correct. Because you have chosen to block the file extension, it is assumed to be dangerous, and therefore even though the virus scanner does not detect a virus, the "Virus free" line is removed. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] WORM_MYDOOM.F
A new variant of W32/[EMAIL PROTECTED] that we just caught a couple of. RAV nor F-Prot caught it, but TrendMico, ClamAV (Clam id it as MyDoom.E) & McAfee did. The attachments were named: object.zip & hnmhjn.exe Subjects were: JPWMDWXACRNSN & Fake Anyway, be on the lookout... Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.