RE: [Declude.Virus] re: new virus with .rar attachment
So, how's the investigation going? Original Message From: David Barker [EMAIL PROTECTED] Sent: Wednesday, April 25, 2007 6:43 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] re: new virus with .rar attachment Not sure if it is a bug just yet, I have submitted it for investigation. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, April 25, 2007 6:28 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] re: new virus with .rar attachment Yes, junkmail is scanning before virus. I was referring to http://manuals.declude.com/proconlinehelp/eva_4.0.8_automatically_banning_al l_encrypted_archive_files.htm According to the manual, BANEXT EZIP should also pick up password protected RAR files. I've just been told by Declude support that the failure to pick up the password-protected RAR file is a bug, and that they are working on fixing it. Original Message From: John T [EMAIL PROTECTED] Sent: Wednesday, April 25, 2007 5:41 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] re: new virus with .rar attachment Only if you also have BANEXT rar. Do you have junkmail scanning before virus? John T -Original Message- From: Gary Steiner [EMAIL PROTECTED] Sent 4/25/2007 10:44:37 AM To: declude.virus@declude.com Subject: [Declude.Virus] re: new virus with .rar attachment As a followup to this, in my virus.cfg I have BANEXT EZIP. Shouldn't this have caught the password-protected .rar file? Declude passed the message to SmarterMail without holding it. I'm running Declude 4.3.46. Original Message From: Gary Steiner [EMAIL PROTECTED] Sent: Wednesday, April 25, 2007 1:31 PM To: declude.virus@declude.com Subject: new virus with .rar attachment I started getting some messages today that were picked up as spam, but we re not being identified as viruses. They looked suspicious, having subject lines of Virus Activity Detected! Spyware Alert! It containes a .gif message that tells the user to open the .rar file and run the patch there to protect them from the virus/spyware. I ran it on www.virustotal.com, and the only scanner that picked it up wa s McAfee, and it identified it as W32/[EMAIL PROTECTED]. http://vil.nai.com/vil/content/v_142094.htm Since this a password protected .rar file, should we now be blocking thes e? --- --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] re: new virus with .rar attachment
It is on our list. I will post when I have any results. So in short it's moving along -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, May 02, 2007 3:32 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] re: new virus with .rar attachment So, how's the investigation going? Original Message From: David Barker [EMAIL PROTECTED] Sent: Wednesday, April 25, 2007 6:43 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] re: new virus with .rar attachment Not sure if it is a bug just yet, I have submitted it for investigation. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, April 25, 2007 6:28 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] re: new virus with .rar attachment Yes, junkmail is scanning before virus. I was referring to http://manuals.declude.com/proconlinehelp/eva_4.0.8_automatically_bann ing_al l_encrypted_archive_files.htm According to the manual, BANEXT EZIP should also pick up password protected RAR files. I've just been told by Declude support that the failure to pick up the password-protected RAR file is a bug, and that they are working on fixing it. Original Message From: John T [EMAIL PROTECTED] Sent: Wednesday, April 25, 2007 5:41 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] re: new virus with .rar attachment Only if you also have BANEXT rar. Do you have junkmail scanning before virus? John T -Original Message- From: Gary Steiner [EMAIL PROTECTED] Sent 4/25/2007 10:44:37 AM To: declude.virus@declude.com Subject: [Declude.Virus] re: new virus with .rar attachment As a followup to this, in my virus.cfg I have BANEXT EZIP. Shouldn't this have caught the password-protected .rar file? Declude passed the message to SmarterMail without holding it. I'm running Declude 4.3.46. Original Message From: Gary Steiner [EMAIL PROTECTED] Sent: Wednesday, April 25, 2007 1:31 PM To: declude.virus@declude.com Subject: new virus with .rar attachment I started getting some messages today that were picked up as spam, but we re not being identified as viruses. They looked suspicious, having subject lines of Virus Activity Detected! Spyware Alert! It containes a .gif message that tells the user to open the .rar file and run the patch there to protect them from the virus/spyware. I ran it on www.virustotal.com, and the only scanner that picked it up wa s McAfee, and it identified it as W32/[EMAIL PROTECTED]. http://vil.nai.com/vil/content/v_142094.htm Since this a password protected .rar file, should we now be blocking thes e? --- --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] re: new virus with .rar attachment
Only if you also have BANEXT rar. Do you have junkmail scanning before virus? John T-Original Message-From: "Gary Steiner" [EMAIL PROTECTED]Sent 4/25/2007 10:44:37 AMTo: declude.virus@declude.comSubject: [Declude.Virus] re: new virus with .rar attachmentAs a followup to this, in my virus.cfg I have BANEXT EZIP. Shouldn't this have caught the password-protected .rar file? Declude passed the message to SmarterMail without holding it. I'm running Declude 4.3.46. Original Message From: "Gary Steiner" [EMAIL PROTECTED] Sent: Wednesday, April 25, 2007 1:31 PM To: declude.virus@declude.com Subject: new virus with .rar attachment I started getting some messages today that were picked up as spam, but we re not being identified as viruses. They looked suspicious, having subject lines of Virus Activity Detected! Spyware Alert! It containes a .gif message that tells the user to open the .rar file and run the patch there to protect them from the virus/spyware. I ran it on www.virustotal.com, and the only scanner that picked it up wa s McAfee, and it identified it as "W32/[EMAIL PROTECTED]". http://vil.nai.com/vil/content/v_142094.htm Since this a password protected .rar file, should we now be blocking thes e? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.