Re: [Declude.Virus] New Virus: Holar
John, by the time these announcements are SENT, the new virus signatures are already out. I'm actually LESS concerned about .EXE files that are recognizable as .EXE files - people seem to be VERY aware of the need NOT to run .EXE files. I'm ONLY concerned about disguised .EXE files (that use the MIME trick to appear to be a movie, etc.) - Original Message - From: "John Tolmachoff" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 05, 2002 02:18 AM Subject: [Declude.Virus] New Virus: Holar > New virus hitting the air waves. > > Glad we all block .exe. > > http://vil.nai.com/vil/content/v_99848.htm > > John Tolmachoff MCSE, CSSA > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus: Holar
Scott: At one point you talked about detection of double file extensions. Was that ever implemented? A lot of viruses come out as OpenThis.doc.exe -- the default windows settings does not show the extension of known file formats so the .exe will not show up but in essence it is a .exe. So a lot of users get fooled and double click thinking it is a Word file. Just curious.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Andy Schmidt Sent: Thursday, December 05, 2002 9:16 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] New Virus: Holar John, by the time these announcements are SENT, the new virus signatures are already out. I'm actually LESS concerned about .EXE files that are recognizable as .EXE files - people seem to be VERY aware of the need NOT to run .EXE files. I'm ONLY concerned about disguised .EXE files (that use the MIME trick to appear to be a movie, etc.) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus: Holar
At one point you talked about detection of double file extensions. Was that ever implemented? It's a good idea, but tough to implement properly. The problem is with filenames such as "www.yahoo.com.url", and "spreadsheet.2002.nov.xls". So adding such detection would get a bit complicated. Setting it up to only catch certain double extensions -- such as "*.*.exe" might be a good idea, though. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus: Holar
Wouldn't the double extension just get blocked by the exe rule? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Thursday, December 05, 2002 9:33 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New Virus: Holar >At one point you talked about detection of double file extensions. Was >that ever implemented? It's a good idea, but tough to implement properly. The problem is with filenames such as "www.yahoo.com.url", and "spreadsheet.2002.nov.xls". So adding such detection would get a bit complicated. Setting it up to only catch certain double extensions -- such as "*.*.exe" might be a good idea, though. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This e-mail has been scanned for viruses by the anti-virus systems of CyberShift, Inc. The information contained in or attached to this message is intended solely for the personal and confidential use of the designated recipients named in the body of the e-mail or within the attached documents. This message may be legally privileged, and as such is confidential. If the reader of this message is not the intended recipient or any agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error, and that any review, dissemination, distribution or copying of this message is strictly prohibited. Thank You, The CyberShift NOC --- This e-mail has been scanned for viruses by the anti-virus systems of CyberShift, Inc. The information contained in or attached to this message is intended solely for the personal and confidential use of the designated recipients named in the body of the e-mail or within the attached documents. This message may be legally privileged, and as such is confidential. If the reader of this message is not the intended recipient or any agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error, and that any review, dissemination, distribution or copying of this message is strictly prohibited. Thank You, The CyberShift NOC --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus: Holar
Wouldn't the double extension just get blocked by the exe rule? It would, if you block .exe files (which many ISPs can't do, for example). For people that don't block .exe files, the "*.*.exe" blocking could be useful. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus: Holar
Is the syntax then? BANEXT *.*.exe Doug >Wouldn't the double extension just get blocked by the exe rule? It would, if you block .exe files (which many ISPs can't do, for example). For people that don't block .exe files, the "*.*.exe" blocking could be useful. -Scott --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus: Holar
Is the syntax then? BANEXT *.*.exe No. That will literally ban E-mails with an extension of "*.*.exe", which no E-mail will have (since the extension in such a file is actually "exe"). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.