RE: Re[10]: [Declude.Virus] testvirus.org #22
> Here is the alphabetized join of the active entries in our > lists (in particular, I suggest that if you include "IFrame" > as a generic forgingvirus indicator, that you also include "Trojan"): Ok. BTW: Today I've seen two NDR's for our virus notifications warning for "W32/Bobax.worm.gen" Bobax seems to be out for several months but the "worm.gen" is completely new in the virus signatures. So I believe it's a new variant maybe also with new functionality as the original Bobax is a self-executing worm spreading by exploiting a Microsoft Windows vulnerability (MS04-011) If I can see more NDR's for Bobax-Warnings I will send a notify on the list... Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: Re[10]: [Declude.Virus] testvirus.org #22
And thank you in turn, Markus. I believe that you've been the top contributor for the manually kept forging virus list; mine was cobbled together from postings here as well as viruses I catch internally on desktops (which I then research, and if I find that it spreads via email and is forging, have added to my list). Here is the alphabetized join of the active entries in our lists (in particular, I suggest that if you include "IFrame" as a generic forgingvirus indicator, that you also include "Trojan"): FORGINGVIRUS Anonymous Driver FORGINGVIRUS Bagle FORGINGVIRUS Bridex FORGINGVIRUS Bugbear FORGINGVIRUS Dumar FORGINGVIRUS Exploit-ObjectData FORGINGVIRUS Fizzer FORGINGVIRUS Ganda FORGINGVIRUS Holar FORGINGVIRUS Hybris FORGINGVIRUS IFrame FORGINGVIRUS IFromot FORGINGVIRUS Illwill FORGINGVIRUS Inor FORGINGVIRUS Klez FORGINGVIRUS Lentin FORGINGVIRUS Lovgate FORGINGVIRUS Mabuto FORGINGVIRUS Magistr FORGINGVIRUS MiMail FORGINGVIRUS MyDoom FORGINGVIRUS Netsky FORGINGVIRUS ObjData FORGINGVIRUS Palyh FORGINGVIRUS Phish- FORGINGVIRUS Plexus FORGINGVIRUS Proxy-Cidra FORGINGVIRUS Reblin FORGINGVIRUS Sober FORGINGVIRUS SoBig FORGINGVIRUS Somefool FORGINGVIRUS Tanx FORGINGVIRUS Torvil FORGINGVIRUS Trojan FORGINGVIRUS Wurmark FORGINGVIRUS Yaha FORGINGVIRUS Zafi FORGINGVIRUS Zerolin Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Wednesday, February 02, 2005 1:17 PM To: Declude.Virus@declude.com Subject: RE: Re[10]: [Declude.Virus] testvirus.org #22 Andrew, Your comment "so we'll still keep this list up to date from postings on the Declude.Virus newslist" Here is my actual FORGINGVIRUS list, maintained for F-Prot/McAfee virus names: #FORGINGVIRUS Unknown Virus FORGINGVIRUSMagistr FORGINGVIRUSKlez FORGINGVIRUSYaha FORGINGVIRUSLentin FORGINGVIRUSBridex FORGINGVIRUSBugbear FORGINGVIRUSSoBig FORGINGVIRUSFizzer FORGINGVIRUSPalyh FORGINGVIRUSMiMail #FORGINGVIRUS Lirva FORGINGVIRUSDumar FORGINGVIRUSSober FORGINGVIRUSHybris FORGINGVIRUSBagle FORGINGVIRUSMyDoom FORGINGVIRUSTanx FORGINGVIRUSNetsky FORGINGVIRUSProxy-Cidra FORGINGVIRUSTorvil FORGINGVIRUSExploit-ObjectData FORGINGVIRUSAnonymous Driver FORGINGVIRUSZafi FORGINGVIRUSMabuto FORGINGVIRUSIllwill FORGINGVIRUSObjData FORGINGVIRUSZerolin FORGINGVIRUSInor FORGINGVIRUSIFromot FORGINGVIRUSIFrame FORGINGVIRUSPlexus FORGINGVIRUSPhish- FORGINGVIRUSLovgate FORGINGVIRUSWurmark FORGINGVIRUSSomefool FORGINGVIRUSReblin Thanks for the great comments in your cfg file Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: Re[10]: [Declude.Virus] testvirus.org #22
Andrew, Your comment "so we'll still keep this list up to date from postings on the Declude.Virus newslist" Here is my actual FORGINGVIRUS list, maintained for F-Prot/McAfee virus names: #FORGINGVIRUS Unknown Virus FORGINGVIRUSMagistr FORGINGVIRUSKlez FORGINGVIRUSYaha FORGINGVIRUSLentin FORGINGVIRUSBridex FORGINGVIRUSBugbear FORGINGVIRUSSoBig FORGINGVIRUSFizzer FORGINGVIRUSPalyh FORGINGVIRUSMiMail #FORGINGVIRUS Lirva FORGINGVIRUSDumar FORGINGVIRUSSober FORGINGVIRUSHybris FORGINGVIRUSBagle FORGINGVIRUSMyDoom FORGINGVIRUSTanx FORGINGVIRUSNetsky FORGINGVIRUSProxy-Cidra FORGINGVIRUSTorvil FORGINGVIRUSExploit-ObjectData FORGINGVIRUSAnonymous Driver FORGINGVIRUSZafi FORGINGVIRUSMabuto FORGINGVIRUSIllwill FORGINGVIRUSObjData FORGINGVIRUSZerolin FORGINGVIRUSInor FORGINGVIRUSIFromot FORGINGVIRUSIFrame FORGINGVIRUSPlexus FORGINGVIRUSPhish- FORGINGVIRUSLovgate FORGINGVIRUSWurmark FORGINGVIRUSSomefool FORGINGVIRUSReblin Thanks for the great comments in your cfg file Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: Re[10]: [Declude.Virus] testvirus.org #22
Andrew, Nice work. Thanks for the contribution. This is one of the best benefits of the list. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Wednesday, February 02, 2005 10:13 AM To: Declude.Virus@declude.com Subject: RE: Re[10]: [Declude.Virus] testvirus.org #22 My configuration is catching it. I've attached the entire configuration file with my email address and licence munged. I've also attached what my log lines look line when the virus is caught. Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: Re[10]: [Declude.Virus] testvirus.org #22
My configuration is catching it. I've attached the entire configuration file with my email address and licence munged. I've also attached what my log lines look line when the virus is caught. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Sullivan Sent: Wednesday, February 02, 2005 9:36 AM To: Declude.Virus@declude.com Subject: Re[10]: [Declude.Virus] testvirus.org #22 Sorry to revive this old thread. But I just had a customer report that 22 is still getting through. Could someone that's catching this with F-prot please share your configs. I've got Declude 1.82 F-Prot 3.16 with the following virus.cfg: SCANFILE P:\Progra~1\fsi\f-prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=3 /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection: PRESCAN OFF BANCLSIDON BANPARTIAL ON DELIVERERRORS ON BANCRVIRUSESON -- Best regards, Davidmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. 02/02/2005 10:00:11 Q14fe0ca90028970d Scanner 1: Virus=EICAR_Test_File Attachment=eicar.zip [25] O 02/02/2005 10:00:11 Q14fe0ca90028970d File(s) are INFECTED [EICAR_Test_File: 3] 02/02/2005 10:00:16 Q14fe0ca90028970d Scanned: CONTAINS A VIRUS [MIME: 2 939] 02/02/2005 10:00:16 Q14fe0ca90028970d From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from 206.158.107.157] 02/02/2005 10:00:16 Q14fe0ca90028970d Subject: Virus Scanner Test #22 virus.cfg Description: virus.cfg