RE: [Declude.Virus] Sender.eml was sent even though forging virus?
Oh? I've never had the problem with my external McAfee scanner. Could this be a problem with Declude's internal AVG scanner? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, December 13, 2006 01:11 PM To: declude.virus@declude.com Subject: re: [Declude.Virus] Sender.eml was sent even though forging virus? I've seen similar behavior with viruses found by AVG. Original Message > From: "Andy Schmidt" <[EMAIL PROTECTED]> > Sent: Wednesday, December 13, 2006 12:42 PM > To: "'Declude Virus List'" > Subject: [Declude.Virus] Sender.eml was sent even though forging virus? > > Hi, > > My "sender.eml" has the line: > SKIPIFFORGING > > And my virus.CFG has: > > AUTOFORGE ON > > FORGINGVIRUS Anonymous Driver > FORGINGVIRUS Antiman > FORGINGVIRUS Avril > FORGINGVIRUS Bagle > > Yet, declude virus just sent the "sender.eml" for the following details: > > File:"Unknown File" > Result: FoundI-Worm/Bagle > Message ID:<[EMAIL PROTECTED]> > Our Domain:Schmidt.AS for Schmidt.AS > Queue ID: D324e0153b795.smd > > Based on these headers: > > -Original Message Headers- > Received: from [62.93.44.11] [62.93.44.11] by hm-software.com with ESMTP > (SMTPD-9.10) id A24E331D0; Wed, 13 Dec 2006 12:03:10 -0500 > Date: Wed, 13 Dec 2006 18:03:11 +0100 > To: "Andy" <[EMAIL PROTECTED]> > From: "Webmaster" <[EMAIL PROTECTED]> > Subject: price 13-Dec-2006 > Message-ID: <[EMAIL PROTECTED]> > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="oibzhbgyvnajpcxfwpdt" > > > > > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
re: [Declude.Virus] Sender.eml was sent even though forging virus?
I've seen similar behavior with viruses found by AVG. Original Message > From: "Andy Schmidt" <[EMAIL PROTECTED]> > Sent: Wednesday, December 13, 2006 12:42 PM > To: "'Declude Virus List'" > Subject: [Declude.Virus] Sender.eml was sent even though forging virus? > > Hi, > > My "sender.eml" has the line: > SKIPIFFORGING > > And my virus.CFG has: > > AUTOFORGE ON > > FORGINGVIRUS Anonymous Driver > FORGINGVIRUS Antiman > FORGINGVIRUS Avril > FORGINGVIRUS Bagle > > Yet, declude virus just sent the "sender.eml" for the following details: > > File:"Unknown File" > Result: FoundI-Worm/Bagle > Message ID:<[EMAIL PROTECTED]> > Our Domain:Schmidt.AS for Schmidt.AS > Queue ID: D324e0153b795.smd > > Based on these headers: > > -Original Message Headers- > Received: from [62.93.44.11] [62.93.44.11] by hm-software.com with ESMTP > (SMTPD-9.10) id A24E331D0; Wed, 13 Dec 2006 12:03:10 -0500 > Date: Wed, 13 Dec 2006 18:03:11 +0100 > To: "Andy" <[EMAIL PROTECTED]> > From: "Webmaster" <[EMAIL PROTECTED]> > Subject: price 13-Dec-2006 > Message-ID: <[EMAIL PROTECTED]> > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="oibzhbgyvnajpcxfwpdt" > > > > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Sender.eml was sent even though forging virus?
Hi, My "sender.eml" has the line: SKIPIFFORGING And my virus.CFG has: AUTOFORGE ON FORGINGVIRUS Anonymous Driver FORGINGVIRUS Antiman FORGINGVIRUSAvril FORGINGVIRUSBagle Yet, declude virus just sent the "sender.eml" for the following details: File: "Unknown File" Result:FoundI-Worm/Bagle Message ID:<[EMAIL PROTECTED]> Our Domain:Schmidt.AS for Schmidt.AS Queue ID: D324e0153b795.smd Based on these headers: -Original Message Headers- Received: from [62.93.44.11] [62.93.44.11] by hm-software.com with ESMTP (SMTPD-9.10) id A24E331D0; Wed, 13 Dec 2006 12:03:10 -0500 Date: Wed, 13 Dec 2006 18:03:11 +0100 To: "Andy" <[EMAIL PROTECTED]> From: "Webmaster" <[EMAIL PROTECTED]> Subject: price 13-Dec-2006 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="oibzhbgyvnajpcxfwpdt" --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
