RE: [Declude.Virus] .CPL file blocked
I have told my users that they should zip everything up. But obviously no one listens. Therefore they need to transfer word, excel docs so I did not block it (actually I removed them after hearing complaints enough times). Additionally we send out notifications to the recipient with a link that enables them to download the suspect email at their own risk. So blocking is not the end all here. The outbound mail was the issue with xls and doc. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Olden Sent: Wednesday, April 28, 2004 1:47 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] .CPL file blocked Douglas, Can I ask why you block MS Access files (MDB) and not other Office products that can contain macros? John Olden - Systems Administrator Champaign Park District - Original Message - From: Douglas Cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 3:34 PM Subject: RE: [Declude.Virus] .CPL file blocked This is the most recent list I was given. (from this list). It has a few more than Johns. BANEXT ad BANEXT adp BANEXT asp BANEXT bas BANEXT bat BANEXT CEO BANEXT chm BANEXT cmd BANEXT com BANEXT cpl BANEXT crt BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT mdb BANEXT mde BANEXT msc BANEXT msi BANEXT msp BANEXT mst BANEXT pcd BANEXT pif BANEXT reg BANEXT scr BANEXT sct BANEXT shb BANEXT shs BANEXT url BANEXT vb BANEXT vbe BANEXT vbs BANEXT vsd BANEXT vss BANEXT vst BANEXT vsw BANEXT ws BANEXT wsc BANEXT wsf BANEXT wsh BANEXT EZIP -- Original Message -- From: John Tolmachoff \(Lists\) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 27 Apr 2004 11:12:07 -0700 Here is my published policy, just revised yesterday: http://www.eservicesforyou.com/documents/emailattachments.pdf John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Sent: Tuesday, April 27, 2004 9:19 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] .CPL file blocked Is this the list that everyone else is using? BANEXTBAS BANEXTBAT BANEXTCMD BANEXTCOM BANEXTCPL BANEXTHTA BANEXTEXE BANEXTMSI BANEXTMSP BANEXTMST BANEXTPIF BANEXTREG BANEXTSCR BANEXTSCT BANEXTVB BANEXTVBE BANEXTVBS BANEXTWSC BANEXTWSF BANEXTWSH BANEXTEZIP BANZIPEXTS ON BANEZIPEXTS ON -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Little Sent: Tuesday, April 27, 2004 9:17 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] .CPL file blocked Reminder If your not yet blocking CPL, your over due. (Also HTA, VBS, exe, scr and com) Greg From http://vil.nai.com/vil/content/v_122415.htm Attachment: May be one of the follwing: * Script dropper - using one of the following file extensions: * HTA * VBS * Password-protected ZIP archive (detected as W32/Bagle.gen!pwdzip) * Executable, using one of the following file extensions: * exe * scr * com * cpl * Executable dropper, CPL file with .CPL file extension. The executable uses the following icon: The CPL file uses the following icon: Don Hickey wrote: Here ya go - New Description http://us.mcafee.com/virusInfo/default.asp?id=description http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=1224 15 virus_k=122415 Don --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] .CPL file blocked
HUH??? The latest released version is 1.75; the latest beta is 1.75. You meant Beta is 1.79 correct??? Yes, the latest beta is 1.79. Also what happened to that emergency list you created. I joined it or tried to but was never confirmed. You have to respond to the confirmation request. If you're running anti-spam software that blocks the confirmation request, you're out of luck. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] .CPL file blocked
My servers are sending out the ban notify messages on the cpl and hta extensions, I use Fprot, shouldnt it be caught as a virus and respect the SKIPIFVIRUSNAMEHAS Beagle? (or bagle) I am seeing ALOT of these over the past few hours Rick Davidson National Systems Manager North American Title Group - - Original Message - From: John Olden [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 12:58 PM Subject: Re: [Declude.Virus] .CPL file blocked Above and beyond the ones just listed, we also block these: Of course these are specific to our company only. BANEXT ad BANEXT adb BANEXT adp BANEXT asd BANEXT asp BANEXT cab BANEXT ceo BANEXT chm BANEXT crt BANEXT data BANEXT dbx BANEXT dll BANEXT hlp BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT link BANEXT mch BANEXT mde BANEXT mdx BANEXT msc BANEXT nch BANEXT nws BANEXT pcd BANEXT php BANEXT pl BANEXT pi BANEXT ocx BANEXT ods BANEXT shb BANEXT shs BANEXT sht BANEXT SWF BANEXT sys BANEXT unk BANEXT url BANEXT uue BANEXT vbx BANEXT vsd BANEXT vst BANEXT vss BANEXT vsw BANEXT wab BANEXT ws BANEXT xml John Olden - Systems Administrator Champaign Park District - Original Message - From: Bill [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 11:18 AM Subject: RE: [Declude.Virus] .CPL file blocked Is this the list that everyone else is using? BANEXTBAS BANEXTBAT BANEXTCMD BANEXTCOM BANEXTCPL BANEXTHTA BANEXTEXE BANEXTMSI BANEXTMSP BANEXTMST BANEXTPIF BANEXTREG BANEXTSCR BANEXTSCT BANEXTVB BANEXTVBE BANEXTVBS BANEXTWSC BANEXTWSF BANEXTWSH BANEXTEZIP BANZIPEXTS ON BANEZIPEXTS ON -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Little Sent: Tuesday, April 27, 2004 9:17 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] .CPL file blocked Reminder If your not yet blocking CPL, your over due. (Also HTA, VBS, exe, scr and com) Greg From http://vil.nai.com/vil/content/v_122415.htm Attachment: May be one of the follwing: * Script dropper - using one of the following file extensions: * HTA * VBS * Password-protected ZIP archive (detected as W32/Bagle.gen!pwdzip) * Executable, using one of the following file extensions: * exe * scr * com * cpl * Executable dropper, CPL file with .CPL file extension. The executable uses the following icon: The CPL file uses the following icon: Don Hickey wrote: Here ya go - New Description http://us.mcafee.com/virusInfo/default.asp?id=description http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=12241 5 virus_k=122415 Don --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] .CPL file blocked
Title: Message Here is my published policy, just revised yesterday: http://www.eservicesforyou.com/documents/emailattachments.pdf John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Sent: Tuesday, April 27, 2004 9:19 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] .CPL file blocked Is this the list that everyone else is using? BANEXT BAS BANEXT BAT BANEXT CMD BANEXT COM BANEXT CPL BANEXTHTA BANEXT EXE BANEXT MSI BANEXT MSP BANEXT MST BANEXT PIF BANEXT REG BANEXT SCR BANEXT SCT BANEXT VB BANEXT VBE BANEXT VBS BANEXT WSC BANEXT WSF BANEXT WSH BANEXT EZIP BANZIPEXTS ON BANEZIPEXTS ON -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Little Sent: Tuesday, April 27, 2004 9:17 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] .CPL file blocked Reminder If your not yet blocking CPL, your over due. (Also HTA, VBS, exe, scr and com) Greg From http://vil.nai.com/vil/content/v_122415.htm Attachment: May be one of the follwing: Script dropper - using one of the following file extensions: HTA VBS Password-protected ZIP archive (detected as W32/Bagle.gen!pwdzip) Executable, using one of the following file extensions: exe scr com cpl Executable dropper, CPL file with .CPL file extension. The executable uses the following icon: The CPL file uses the following icon: Don Hickey wrote: Here ya go - New Descriptionhttp://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=122415Don image001.gifimage002.gif
RE: [Declude.Virus] .CPL file blocked
This is the most recent list I was given. (from this list). It has a few more than Johns. BANEXT ad BANEXT adp BANEXT asp BANEXT bas BANEXT bat BANEXT CEO BANEXT chm BANEXT cmd BANEXT com BANEXT cpl BANEXT crt BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT mdb BANEXT mde BANEXT msc BANEXT msi BANEXT msp BANEXT mst BANEXT pcd BANEXT pif BANEXT reg BANEXT scr BANEXT sct BANEXT shb BANEXT shs BANEXT url BANEXT vb BANEXT vbe BANEXT vbs BANEXT vsd BANEXT vss BANEXT vst BANEXT vsw BANEXT ws BANEXT wsc BANEXT wsf BANEXT wsh BANEXT EZIP -- Original Message -- From: John Tolmachoff \(Lists\) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 27 Apr 2004 11:12:07 -0700 Here is my published policy, just revised yesterday: http://www.eservicesforyou.com/documents/emailattachments.pdf John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Sent: Tuesday, April 27, 2004 9:19 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] .CPL file blocked Is this the list that everyone else is using? BANEXTBAS BANEXTBAT BANEXTCMD BANEXTCOM BANEXTCPL BANEXTHTA BANEXTEXE BANEXTMSI BANEXTMSP BANEXTMST BANEXTPIF BANEXTREG BANEXTSCR BANEXTSCT BANEXTVB BANEXTVBE BANEXTVBS BANEXTWSC BANEXTWSF BANEXTWSH BANEXTEZIP BANZIPEXTS ON BANEZIPEXTS ON -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Little Sent: Tuesday, April 27, 2004 9:17 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] .CPL file blocked Reminder If your not yet blocking CPL, your over due. (Also HTA, VBS, exe, scr and com) Greg From http://vil.nai.com/vil/content/v_122415.htm Attachment: May be one of the follwing: * Script dropper - using one of the following file extensions: * HTA * VBS * Password-protected ZIP archive (detected as W32/Bagle.gen!pwdzip) * Executable, using one of the following file extensions: * exe * scr * com * cpl * Executable dropper, CPL file with .CPL file extension. The executable uses the following icon: The CPL file uses the following icon: Don Hickey wrote: Here ya go - New Description http://us.mcafee.com/virusInfo/default.asp?id=description http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=122415 virus_k=122415 Don --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] .CPL file blocked
I submitted one of these to Mcafee. I am seeing a lot more of these than the new Bagle. Don - Original Message - From: Scott Fisher [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 26, 2004 12:52 PM Subject: [Declude.Virus] .CPL file blocked Could be something new going on: I've just blocked my first CPL file at 12:15 today. .CPL is a Windows Control Pane lapplet extension. This was undected by F-Prot, McAfee and AVG. It has the ever-suspicious name of details.cpl Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] .CPL file blocked
Here is Mcafee's response to the .CPL I have been receiving - Don A.V.E.R.T. Sample Analysis Issue Number: 677272 Virus Research Analyst - Hong Kong: V. Nguyen Identified: W32/[EMAIL PROTECTED] AVERT(tm) Labs, Hong Kong Thank you for submitting your suspicious file. Synopsis - - Original Message - From: Scott Fisher [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 26, 2004 12:52 PM Subject: [Declude.Virus] .CPL file blocked Could be something new going on: I've just blocked my first CPL file at 12:15 today. .CPL is a Windows Control Pane lapplet extension. This was undected by F-Prot, McAfee and AVG. It has the ever-suspicious name of details.cpl Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.