RE: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners
IIRC, Scott had said before that 1.78 was set to become a new release before all of these viruses, so I would think that anything not related to these new virus features is very stable (I haven't seen any discussions about other problems). In other words, it should be good to go, but it is your call. Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Griffith - Declude Virus Sent: Thursday, March 18, 2004 7:58 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners Scott, How do notifications work with this new exploit? Also, normally I would not run interim releases, but I have had to lately with all the virus stuff going on. Any ideas when a new release will be made? I know this virus stuff keeps causing updates, but I would feel more comfortable with a released version at some point. Thanks! Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Thursday, March 18, 2004 8:46 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners During the past few weeks, virus writers have come up with at least 6 new tricks to get their viruses past mailserver virus scanners. They started by spreading in .ZIP files, then moved to static encrypted .ZIP files, then moved to dynamic encrypted .ZIP files, then started using pictures to give out the passwords, then started using encrypted .RAR files. The latest trick, first announced this morning, is that they are now using the OBJECT DATA exploit. With this, the virus isn't spread in the E-mail, so it can't be detected. Worse, a user doesn't have to open an attachment for it to spread. There is now a new interim release of Declude Virus that will automatically detect the OBJECT DATA exploit, which is the only way for a mailserver virus scanner to prevent Bagle.Q or Bagle.R from spreading. For people using Declude Virus, we recommend upgrading to the latest interim release (at http://www.declude.com/interim ). Please note that you MUST have an up-to-date Service Agreement to download this release. If you do not have an up-to-date Service Agreement, you can order it online at http://www.declude.com/order.htm , and then you can immediately download the latest interim release. If you are using another brand of virus scanner, you should upgrade as soon as the vendor has an upgrade available to detect the OBJECT DATA exploit. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners
We have this in vulnerability notifications: SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability Will this work ? - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 18, 2004 2:17 PM Subject: RE: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners > > >How do notifications work with this new exploit? > > They will be handled the same way as other vulnerabilities. > > >Also, normally I would not run interim releases, but I have had to lately > >with all the virus stuff going on. Any ideas when a new release will be > >made? I know this virus stuff keeps causing updates, but I would feel more > >comfortable with a released version at some point. > > We hope to have a new beta soon -- but if these viruses keep up, we may > have to wait. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners
We have this in vulnerability notifications: SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability Will this work ? Yes, that will work. Those E-mails will only get sent out if a vulnerability is detected. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners
I've only seen two of these so far, and according to McAfee, over 90% of the hosts have been shut down: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101108 -- Update March 18th 2004 06:45 PST -- The majority of the 590 IP addresses seen have been closed down. At the time of writing 39 were still responding R. Scott Perry wrote: We have this in vulnerability notifications: SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability Will this work ? Yes, that will work. Those E-mails will only get sent out if a vulnerability is detected. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners
I mean will these notifications still get sent for these new beasts - Original Message - From: "Serge" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 18, 2004 5:00 PM Subject: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners > We have this in vulnerability notifications: > > SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability > Will this work ? > > > - Original Message - > From: "R. Scott Perry" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, March 18, 2004 2:17 PM > Subject: RE: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected > as a virus by mailserver virus scanners > > > > > > >How do notifications work with this new exploit? > > > > They will be handled the same way as other vulnerabilities. > > > > >Also, normally I would not run interim releases, but I have had to lately > > >with all the virus stuff going on. Any ideas when a new release will be > > >made? I know this virus stuff keeps causing updates, but I would feel > more > > >comfortable with a released version at some point. > > > > We hope to have a new beta soon -- but if these viruses keep up, we may > > have to wait. > > > > -Scott > > --- > > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > > since 2000. > > Declude Virus: Ultra reliable virus detection and the leader in mailserver > > vulnerability detection. > > Find out what you've been missing: Ask for a free 30-day evaluation. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus".The archives can be found > > at http://www.mail-archive.com. > > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners
I mean will these notifications still get sent for these new beasts Since these new viruses will be detected and handled the same way as vulnerabilities, the "SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability" line will work fine (handling these the same way as any other vulnerability). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners
what is the vulnaribilité type these new virus/vuln will show in the virusname variable? "OBJECT CODE Vulnerability" -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners
what is the vulnaribilité type these new virus/vuln will show in the virusname variable? - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 18, 2004 5:19 PM Subject: Re: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners > > >I mean will these notifications still get sent for these new beasts > > Since these new viruses will be detected and handled the same way as > vulnerabilities, the "SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability" line will > work fine (handling these the same way as any other vulnerability). > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
