Re: [Declude.Virus] New Virus - MiMail.C - spreading fast
We started seeing these are 8am this morning The attachment comes as photos.zip and so far neither Mcafee or F-prot is catching them. We recommend adding a line BANNAME photos.zip to the \IMail\Declude\virus.cfg file (with v1.76 or higher), which will catch this. From: james@current domain (The from address may be spoofed to appear that it is coming from the current domain) - our had knox.edu there. It does seem that Mimail.c forges the return address, always using a james@ account. Anyone with v1.76 or higher, or who already has a line SKIPIFVIRUSNAMEHAS Mimail in the appropriate .eml files, will not have to worry about bogus notifications getting sent out. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus - MiMail.C - spreading fast
Can we just add this to the virus.cfg: BANNAME photos.zip Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Don Hickey Sent: Friday, October 31, 2003 8:40 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New Virus - MiMail.C - spreading fast We started seeing these are 8am this morning The attachment comes as photos.zip and so far neither Mcafee or F-prot is catching them. From: james@current domain (The from address may be spoofed to appear that it is coming from the current domain) - our had knox.edu there. Subject: Re[2]: our private photos Message: Hello Dear!, Finally i've found possibility to right u, my lovely girl :) All our photos which i've made at the beach (even when u're without ur bh:)) photos are great! This evening i'll come and we'll make the best SEX :) Right now enjoy the photos. Kiss, James. Attachment: photos.zip I added BANNAME PHOTOS.zip to my virus.cfg fileuntil the av software updates Don Hickey --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus - MiMail.C - spreading fast
Scott, when using BANNAME, the resulting banned file notice does not show the name of the file. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, October 31, 2003 8:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] New Virus - MiMail.C - spreading fast We started seeing these are 8am this morning The attachment comes as photos.zip and so far neither Mcafee or F-prot is catching them. We recommend adding a line BANNAME photos.zip to the \IMail\Declude\virus.cfg file (with v1.76 or higher), which will catch this. From: james@current domain (The from address may be spoofed to appear that it is coming from the current domain) - our had knox.edu there. It does seem that Mimail.c forges the return address, always using a james@ account. Anyone with v1.76 or higher, or who already has a line SKIPIFVIRUSNAMEHAS Mimail in the appropriate .eml files, will not have to worry about bogus notifications getting sent out. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus - MiMail.C - spreading fast
The extension does not even show. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, October 31, 2003 11:05 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New Virus - MiMail.C - spreading fast Scott, when using BANNAME, the resulting banned file notice does not show the name of the file. That is correct. The banned file names are treated exactly the same as banned file extensions, which can only display the extension, not the full file name. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus - MiMail.C - spreading fast
wOOhOO! F-Prot is catching them now.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
