Re: AVG didn't catch
On Thursday, July 18, 2002, 6:07:27 PM, Thomas F wrote: > Back to , what could you have done if you had found out > which message it was? Nothing, but I woke up to see the NAV Outgoing Email scanning window disappearing, so I knew I had sent something, but I did not know what or to who. I suppose I was lucky just to have sent a blank message to the list. Antidote emails sound very like an urban legend, although if you are running Exchange server, it is possible to recall messages from within the network. Julian -- Using The Bat! v1.60q on Windows XP 5.1 Build 2600 Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
Hello Julian, On Thu, 18 Jul 2002 16:24:31 +0100 GMT (18/07/02, 22:24 +0700 GMT), Julian Beach (Lists) wrote: JBL> Whoops! I fell asleep at the keyboard You must be a programmer then. As such, you should know that sleep is a poor substitue for cafeine. JBL> and managed to send an email when my fingers slid down the keys! JBL> I knew I had sent something, but could not find it until it JBL> appeared here! Back to , what could you have done if you had found out which message it was? I am asking because I once heard that they chased and killed a virus by sending an antidote virus after it, and it went to the recipients of that virus, deleted the virus-containing message from Outlook, and then the antidote used the same method as the virus to propagate itself and finally caught up with it. Sounds like an urban legend to me, but who knows what is possible these days... -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. I intend to live forever - so far, so good. Message reply created with The Bat! 1.62/Beta1 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
On Thursday, July 18, 2002, 4:07:44 PM, Julian Beach (Lists) wrote: > On Wednesday, July 17, 2002, 1:11:04 PM, Michael Thompson wrote: Whoops! I fell asleep at the keyboard (not a comment on my interest in the messages) and managed to send an email when my fingers slid down the keys! I knew I had sent something, but could not find it until it appeared here! Julian -- Using The Bat! v1.60q on Windows XP 5.1 Build 2600 Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
On Wednesday, July 17, 2002, 1:11:04 PM, Michael Thompson wrote: > Hello Marck, > Wednesday, July 17, 2002, 4:56:02 AM, you wrote : MDP>> We just said that in a long thread discussing the plug-in thesis. The MDP>> "middle man" approach slows down *all* mail while plug-ins are only MDP>> called when there is an attachment worth looking at. MDP>> Please read the recent thread exploring these issue in depth under the MDP>> topic "OT: Antivirus software review". > Sorry, new to the list. Julian -- Using The Bat! v1.60q on Windows XP 5.1 Build 2600 Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Pete, @18 July 2002, 18:27 -0600 (01:27 UK time) Pete Milne [PM] in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] said to Marck D Pearlstone: PM> You mentioned a quality that I don't get to deal with often in PM> clients"common sense". LOL! I know what you're saying. PM> That totally changes the whole scenario. Most individuals PM> (including some "techy" people) I deal with shouldn't even own a PM> computer let alone do email!! Fortunately, most of the folks I deal with are begging me to let them use TB. Which is odd really because it's freely available PM> They automatically see an attachment like the one "Microsoft" sent PM> out that said it was a patch...in an .EXE form. Lot's of them PM> opened it and were screwed. Anyone who's made it this far, has come to TB and is cognisant of the existence of other AV software too has already read displayed more than a modicum of that rare commodity - common sense :-). Anyway, this topic has also rambled on and away. Perhaps any further replies should be out on TBOT. - -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v1.62/Beta1 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.1.90-nr1 (Windows 2000) iD8DBQE9NhKsOeQkq5KdzaARAjtcAKDH+9/u597H2QFhlezpkOgaNUotcQCfdPeS yOhOyj3HsEIYJj+mZcMGgn0= =7CbP -END PGP SIGNATURE- Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re[2]: AVG didn't catch
Replying to your message of Wednesday, July 17, 2002, 3:34:44 PM: MDP> Yes, but my email client doesn't let me execute .pifs anyway (not MDP> without a fight) ... nor does my brain! This is a bit of a pointless MDP> and valueless example really. Your LMN AV doesn't do anything common MDP> sense wasn't doing in the first place. Marck, You mentioned a quality that I don't get to deal with often in clients"common sense". That totally changes the whole scenario. Most individuals (including some "techy" people) I deal with shouldn't even own a computer let alone do email!! They automatically see an attachment like the one "Microsoft" sent out that said it was a patch...in an .EXE form. Lot's of them opened it and were screwed. -- Pete www.milneweb.com Wednesday, July 17, 2002 6:24:13 PM This e-mail is brought to you by: The Bat: Version 1.61 Windows 2000 build 2195 Service Pack 2 Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Pete, @17 July 2002, 14:39 -0600 (21:39 UK time) Pete Milne [PM] in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] said to Marck D Pearlstone: PM> ... I use LMN anti virus which is based on signatures, rules sets PM> and policies. This solution is set so it will not allow any .pif PM> attachments to get to my email client. Yes, but my email client doesn't let me execute .pifs anyway (not without a fight) ... nor does my brain! This is a bit of a pointless and valueless example really. Your LMN AV doesn't do anything common sense wasn't doing in the first place. PM> Therefore if I don't get the daily update for some reason, I am PM> protected from this virus regardless. This one yes, but that's not what I'm talking about. PM> How does this rate as a "false security"? Because when you are the *first* victim (or second or third) of a whole *new* virus and are reliant on your scanner to pronounce it "clean", *that* is a false security. That's what I'm talking about. I am dealing with a thread here where many people are talking about how their "heuristic" "bloodhound" technology catches viruses that don't even exist yet. Don't try to sidetrack the point with stuff about .pif script kiddie attacks. Me? I don't expect to be immune from first attacks. Nor should you. If you do then that, right there, is your "false security". I was hit by one sometime around 1990 when running a BBS at a communications software house for which I was technical director and (for once) actually *know* what I'm talking about. - -- Cheers -- .\\arck D. Pearlstone -- List moderator TB! v1.62/Beta1 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.1.90-nr1 (Windows 2000) iD8DBQE9NeL2OeQkq5KdzaARAl1FAJ9cdWponGX87dt/Ul0Lrbpjvn49ogCbB3b5 2UW5Y8c0aHC0L/J/nCJBN0M= =37DA -END PGP SIGNATURE- Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re[2]: AVG didn't catch
Replying to your message of Wednesday, July 17, 2002, 10:41:35 AM: MDP> Let's MDP> not have any more of the hype here please. Hypehow do you mean that?? For example, there is a new virus written tonight. This virus is delivered in a .pif attachment (like Klez is). Tomorrow comes, if you are using XYZ anti virus and it is based solely on signature updates, unless you get the days update you are vulnerable to this virus. Me on the other hand, I use LMN anti virus which is based on signatures, rules sets and policies. This solution is set so it will not allow any .pif attachments to get to my email client. Therefore if I don't get the daily update for some reason, I am protected from this virus regardless. How does this rate as a "false security"? -- Pete www.milneweb.com Wednesday, July 17, 2002 2:33:16 PM This e-mail is brought to you by: The Bat: Version 1.61 Windows 2000 build 2195 Service Pack 2 Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Pete, @17 July 2002, 10:06 -0600 (17:06 UK time) Pete Milne [PM] in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] said to Marck D Pearlstone: PM> This is true only if you have an anti virus that is based on daily PM> signatures to be effective. If you have a solution that is based on rule PM> sets and policies, as well as signatures, your vulnerability will be PM> greatly decreased. LOL! Blimey! What a load of baloney you lot manage to digest and store! That was pure techno-babble! I mean no offence by this. As an older statesman of the software industry I've seen a lot of claims and counter claims (and made a few) and they always amuse me. Look, virus writers take it as a challenge to write one that will dive in under the scanners of the leading AV players. That's the challenge and the meat and two veg of what they *do*. Their purpose. Their raison d'etre. That's all you need to understand to realize that the AV vendors will *ALWAYS* be playing catch up. That's *their* job. Anything else they say is just wishful thinking and marketing hype. Virus are written to work, not to be caught before they leave the starting pistol. Hey - guess what - people get hit by them! So they *do* works. And AV software doesn't, not until a new virus has been identified catalogued and added to the database. That's a fact. Let's not have any more of the hype here please. It's a paliative at best and a false security at worst. - -- Cheers -- .\\arck D. Pearlstone -- List moderator TB! v1.62/Beta1 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.1.90-nr1 (Windows 2000) iD8DBQE9NZ4/OeQkq5KdzaARAlkUAKDBK847y4WIyjqu5duW4NmQv93vMQCcCdDd udJji/iM0AG7y5jtudlxeBg= =Wxnw -END PGP SIGNATURE- Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re[2]: AVG didn't catch
Replying to your message of Tuesday, July 16, 2002, 9:20:26 PM: MDP> This is always going to be a problem with *any* AV software. Any new MDP> variants and especially a completely new virus won't be spotted until MDP> at least one person reports it to the AV vendor for them to update their MDP> database and issue a new one. Hey Marck, This is true only if you have an anti virus that is based on daily signatures to be effective. If you have a solution that is based on rule sets and policies, as well as signatures, your vulnerability will be greatly decreased. -- Pete www.milneweb.com Tuesday, July 16, 2002 10:04:07 AM This e-mail is brought to you by: The Bat: Version 1.61 Windows 2000 build 2195 Service Pack 2 Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
Hi Paul, Wednesday, July 17, 2002, 1:03:33 PM, you wrote: PC> I have AVG running, and I also downloaded and tried Mcafee, PC> neither found a virus. Try Norton AV ;-) Seriously, my suggestion is to maybe just try Command AV internet check up. It worked for me when I had a similar problem and was running AVG. It found a virus others had missed. Maybe other people have better suggestions ... I'm just speaking from my own experience. With best wishes, Dave -- David Conroy MSW Consultant, Trainer & Management Coach International Coach Federation, ID 1006660 Charity consulting: http://www.coaching-lab.com Web development/hosting: http://www.buzzdns.com Coaching for women: http://www.womens-life-coach.com Coaching via e-mail: http://www.e-coaching-only.com ICQ 127865569 Phone/Fax +44 (0)1225 314694 Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re[2]: AVG didn't catch
Hello Marck, Wednesday, July 17, 2002, 4:56:02 AM, you wrote : MDP> We just said that in a long thread discussing the plug-in thesis. The MDP> "middle man" approach slows down *all* mail while plug-ins are only MDP> called when there is an attachment worth looking at. MDP> Please read the recent thread exploring these issue in depth under the MDP> topic "OT: Antivirus software review". Sorry, new to the list. -- Best regards, Michael Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re[2]: AVG didn't catch
Hello Sudip, Wednesday, July 17, 2002, 5:16:09 AM, you wrote : SP> Hi Michael, SP> On Wed, 17 Jul 2002 04:32:28 +0100 GMT (Jul 17, 09:17 my local time), SP> you [MT] wrote: MT>> varients should still contain something in similar fashioon to the MT>> origional, and still should be realised. SP> I think Norton's Bloodhound technology does this You are correct. It does indeed, and Bloodhound certainly seems better than most other "Therie Checkers". -- Best regards, Michael Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
Hi Marck, On Wed, 17 Jul 2002 11:21:48 +0100, you wrote: > Let's be serious, please. Norton AV is fine for those that can put up > with its false positives but the company is too big and irresponsible > for my liking. NOD32, AVG and Kapersky are the three top players in my > list of responsible and responsive AV outfits. Have you heard of Sophos? They're pretty good. I have that running on the mail server itself (they develop clients/servers fro most OSes), and it auto-updates daily for me. Their support team is amazing, their sales staff (not saying much I guess) are great, nice and friendly, their virus software is accurate, and runs on a very small footprint, and HDD space (the server version I'm running, including all virus definition files takes up no more than 300KB). It is mainly a UK based vendor, but they have branches all over the world, and could easily put Norton, and McAffe in a trash can (IHMO). Plus I've been getting notifications and updates on all viruses about 3-5 days before Symantec/other big time vendors have even heard of it, including ones that Symantec etc don't bother mentioning such as Word macro viruses (can't believe people still write these). It's certainly nice to be informed ;) -- Jonathan Angliss ([EMAIL PROTECTED]) Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
On Tuesday, July 16, 2002, 11:20 PM, you wrote: MDP> -=[ From the Grisoft site ]- MDP> Update 377 available. Added detection of three new variants of MDP> I-Worm/Frethem. - July 15, 2002 - MDP> ` MDP> Since there are new variants only a few days old it is no surprise MDP> that AVG didn't spot the infection. I have just updated and one that MDP> got through on Monday is spotted now. MDP> This is always going to be a problem with *any* AV software. Any new MDP> variants and especially a completely new virus won't be spotted until MDP> at least one person reports it to the AV vendor for them to update their MDP> database and issue a new one. I am having a problem with MY system. It crashed and burned and I had to rebuild it. In the process, I can't get Roxio Easy Cd to work, so I started looking in the discussion lists on Roxio's web site. Someone mentioned that my problem might be from the W32.Klez.H@mm virus. I have AVG running, and I also downloaded and tried Mcafee, neither found a virus. This problem first appeared after my wife ( running Outlook) checked her email ( Outlook) and swears she did nothing wrong. / Paul Using The Bat! v1.61 on Windows XP 5.1 Build 2600 Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
Hi Marck, On Wed, 17 Jul 2002 11:21:48 +0100 GMT (Jul 17, 16:06 my local time), you [MDP] wrote: MDP> Don't believe everything a marketing department claims for their MDP> "superior" technology. I don't have a habit of believing big corporate marketing departments; else I'd be using Eudora ! I have a tried and tested experience with NAV for past 6-7 years. I haven't had any problem with NAV in these years and it has stopped all sorts of nasties for me and my clients. Similar experience with other 20+ friends in my tech-circle. > - From one site detailing how lame this technology can actually be: > http://www.dessci.com/support/TSN/TSN62.stm This site does not pertain Bloodhound is a lame technology, it just outlines an instance where Bloodhound mistook a software called MathType 3.5 for a virus. These types of things occur with technology such as Bloodhound, which relies on logic and "guess-work". To my mind, even if Bloodhound misreports 4 out of 5 cases, that one positive ID it makes is a worthwhile endeavor. The rest of the time, you ignore the virus warning (matter of pressing 'c' in NAV) and continue. Besides, you can adjust the sensitivity of Bloodhound detection or turn it off completely. > If "Bloodhound" technology worked, Norton need never issue an update > again! I don't agree. Bloodhound is a fuzzy logic type of application which complements the updates not replaces it. As with any fuzzy logic applications, Bloodhound has its share of gray areas, hence the issue with MathType 3.5. Today, this type of detection mechanism is in its infancy and NAV is the pioneer, who knows maybe Kaspersky will incorporate similar innovation in future and improve it? I'd say instead of bashing such a potential technology, we need to support it, our personal preference to NAV notwithstanding. -- Cheers, Sudip For PM:- mailto:[EMAIL PROTECTED] Sudip Pokhrel Kathmandu-NP PGP Key ID: 0xD93F5185 http://pgpkeys.mit.edu -- Sys Info -- Using The Bat! v1.60q on Windows XP 5.1 (Build 2600 ) H/W: Pentium IV 1.4 Ghz|256MB RAM|40GB HDD [IE 5.0, Opera 6.03 (default)] Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Sudip, @17 July 2002, 10:01 +0545 (05:16 UK time) Sudip Pokhrel [SP] in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] said to Michael Thompson: MT>> varients should still contain something in similar fashioon to the MT>> origional, and still should be realised. SP> I think Norton's Bloodhound technology does this What a lovely fluffy clouds syrup and honey thought that is! I think the virus writers should give up now and devote their lives to theological contemplation, don't you? Don't believe everything a marketing department claims for their "superior" technology. - From one site detailing how lame this technology can actually be: ,-=[ http://www.dessci.com/support/TSN/TSN62.stm ]- According to Symantec, "Bloodhound" virus is a catch-all name for anything that Norton AntiVirus suspects may be a virus fragment or a variant of a virus. The MathType macros do not contain viruses. This problem has been corrected in Norton's current virus definitions files. ` If "Bloodhound" technology worked, Norton need never issue an update again! Let's be serious, please. Norton AV is fine for those that can put up with its false positives but the company is too big and irresponsible for my liking. NOD32, AVG and Kapersky are the three top players in my list of responsible and responsive AV outfits. - -- Cheers -- .\\arck D. Pearlstone -- List moderator TB! v1.61 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.1.90-nr1 (Windows 2000) iD8DBQE9NUU+OeQkq5KdzaARAk+7AJ0VQZ9Xcob5EsbNoB7rWV6vCDNF2wCeOYm5 un4xyQNGUmCoaTMGoHXjBCg= =kuOS -END PGP SIGNATURE- Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Sudip, @17 July 2002, 09:51 +0545 (05:06 UK time) Sudip Pokhrel [SP] in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] said to Marck D Pearlstone: MDP>> Since there are new variants only a few days old it is no surprise MDP>> that AVG didn't spot the infection. SP> I think the 'E' variant Rick is talking about is more than a months SP> old. All I know is that the naming of the variants of this virus varies from AV vendor SP> Norton's definition dated June 15 included this variant. http://www.grisoft.com/html/us_index.htm shows that AVG picked up what it called the A and F variants on June 13th. Two days before Norton. http:[EMAIL PROTECTED] A 'J' variant was found on July 12th with an update from Symantec coming on the same day and from Grisoft on the following day, although given the 7 hour time zone difference that proves nothing. The second link also explains some of the various names given to the variants by the different AV companies. SP> So, maybe its a question of which AV company's lab comes out with SP> definitions quicker. That would probably be AVG then . Seriously, it's a matter of which company you trust to be more accurate. I have explained more than once why that will never again be Symantec/Norton for me. SP> Besides, Norton's Bloodhound technology is great for detecting SP> these variants. I doubt that virus writers would bother releasing a variant unless they knew it circumvented such over-hyped functionality. Since when do we have to trust the label and capabilities given something by a company's marketing department? Especially (no offence intended) one from the USA. - -- Cheers -- .\\arck D. Pearlstone -- List moderator TB! v1.61 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.1.90-nr1 (Windows 2000) iD8DBQE9NUFjOeQkq5KdzaARAnjsAJ4p8jH0XwqcfgghDYsyol+sNnRe8wCeP1GY EaxkDPpj9WyvSYqPPemHgjg= =awkp -END PGP SIGNATURE- Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
Hi Michael, On Wed, 17 Jul 2002 04:32:28 +0100 GMT (Jul 17, 09:17 my local time), you [MT] wrote: MT> varients should still contain something in similar fashioon to the MT> origional, and still should be realised. I think Norton's Bloodhound technology does this -- Cheers, Sudip For PM:- mailto:[EMAIL PROTECTED] Sudip Pokhrel Kathmandu-NP PGP Key ID: 0xD93F5185 http://pgpkeys.mit.edu -- Sys Info -- Using The Bat! v1.60q on Windows 98 4.10 (Build A ) H/W: Pentium IV 1.4 Ghz|256MB RAM|40GB HDD [IE 5.0, Opera 6.03 (default)] <"I see..." said the blind man. "I saw..." said the carpenter> Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
Hi Marck, On Wed, 17 Jul 2002 04:20:26 +0100 GMT (Jul 17, 09:05 my local time), you [MDP] wrote: MDP> Since there are new variants only a few days old it is no surprise MDP> that AVG didn't spot the infection. I think the 'E' variant Rick is talking about is more than a months old. Norton's definition dated June 15 included this variant. So, maybe its a question of which AV company's lab comes out with definitions quicker. Besides, Norton's Bloodhound technology is great for detecting these variants. -- Cheers, Sudip For PM:- mailto:[EMAIL PROTECTED] Sudip Pokhrel Kathmandu-NP PGP Key ID: 0xD93F5185 http://pgpkeys.mit.edu -- Sys Info -- Using The Bat! v1.60q on Windows 98 4.10 (Build A ) H/W: Pentium IV 1.4 Ghz|256MB RAM|40GB HDD [IE 5.0, Opera 6.03 (default)] Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Michael, @17 July 2002, 04:29 +0100 Michael Thompson [MT] in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] said to Rick Reumann: MT> Norton is great due to the fact it basicly acts as a middle man, MT> examing the attachments before they even get to the client. (Bonus MT> when using Express, but not a issue if using a decent email client MT> such as the Bat!) Most other scanners only examin after the actual MT> file is present on your machine. We just said that in a long thread discussing the plug-in thesis. The "middle man" approach slows down *all* mail while plug-ins are only called when there is an attachment worth looking at. Please read the recent thread exploring these issue in depth under the topic "OT: Antivirus software review". - -- Cheers -- .\\arck D. Pearlstone -- List moderator TB! v1.61 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.1.90-nr1 (Windows 2000) iD8DBQE9NOrTOeQkq5KdzaARAgVnAJ0WqAdLepLibC74WLcquGXhTZ73hQCbBlqQ 114djHKpBVfkMy8QRL1An2I= =C0z0 -END PGP SIGNATURE- Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Michael, @17 July 2002, 04:32 +0100 Michael Thompson [MT] in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] said to Marck D Pearlstone: Please trim your quotes as outlined in the list rules MT> varients should still contain something in similar fashioon to the MT> origional, and still should be realised. Not at all. Why would a virus writer release a variant that all the checker caught immediately? Think about it :-). - -- Cheers -- .\\arck D. Pearlstone -- List moderator TB! v1.61 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.1.90-nr1 (Windows 2000) iD8DBQE9NOlmOeQkq5KdzaARAnbpAKDKhfSY5OOckjyruApvN3TpiWqghACeNMVy siiXtIJXjPOj3fFGIj6IGL0= =rVLz -END PGP SIGNATURE- Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re[2]: AVG didn't catch
Hello Marck, Wednesday, July 17, 2002, 4:20:26 AM, you wrote: MDP> -BEGIN PGP SIGNED MESSAGE- MDP> Hash: SHA1 MDP> Hi Rick, MDP> @17 July 2002, 21:54 -0400 (02:54 UK time) Rick Reumann [RR] in MDP> [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] said to Bat List: RR>> Has anyone else ever received the W32.Frethem.E@mm worm virus? I RR>> didn't run the exe but it slipped passed AVG with the RR>> decrypt-password.exe. I thought AVG was supposed to be pretty good. RR>> I'm surprised this high-profile got by. Should I maybe switch to some RR>> other protection? (AVG has caught other viruses so it does work and it RR>> was just updated yesterday). MDP> ,-=[ From the Grisoft site ]- MDP> Update 377 available. Added detection of three new variants of MDP> I-Worm/Frethem. - July 15, 2002 - MDP> ` MDP> Since there are new variants only a few days old it is no surprise MDP> that AVG didn't spot the infection. I have just updated and one that MDP> got through on Monday is spotted now. MDP> This is always going to be a problem with *any* AV software. Any new MDP> variants and especially a completely new virus won't be spotted until MDP> at least one person reports it to the AV vendor for them to update their MDP> database and issue a new one. MDP> - -- MDP> Cheers -- .\\arck D. Pearlstone -- List moderator MDP> TB! v1.61 on Windows 2000 5.0.2195 Service Pack 2 MDP> ' MDP> ' MDP> -BEGIN PGP SIGNATURE- MDP> Version: GnuPG v1.1.90-nr1 (Windows 2000) MDP> iD8DBQE9NOJ8OeQkq5KdzaARAgY8AJ95PZgHxJ3N6a4x7GCdkAsTi6JHogCg+Npq MDP> oMsadVZ1DKFGCDY5UGaw2jw= MDP> =AVl6 MDP> -END PGP SIGNATURE- MDP> MDP> Current Ver: 1.61 MDP> FAQ: http://faq.thebat.dutaint.com MDP> Unsubscribe: mailto:[EMAIL PROTECTED] MDP> Archives : http://tbudl.thebat.dutaint.com MDP> Moderators : mailto:[EMAIL PROTECTED] MDP> TBTech List: mailto:[EMAIL PROTECTED] MDP> Bug Reports: https://www.ritlabs.com/bt/ varients should still contain something in similar fashioon to the origional, and still should be realised. -- Best regards, Michael Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
Hello Rick, Wednesday, July 17, 2002, 2:54:20 AM, you wrote: RR> Has anyone else ever received the W32.Frethem.E@mm worm virus? I RR> didn't run the exe but it slipped passed AVG with the RR> decrypt-password.exe. I thought AVG was supposed to be pretty good. RR> I'm surprised this high-profile got by. Should I maybe switch to some RR> other protection? (AVG has caught other viruses so it does work and it RR> was just updated yesterday). RR> Thanks for any more info. RR> -- RR> Rick RR> Using The Bat! v1.60q RR> on Windows 98 4.10 Build A RR> RR> Current Ver: 1.61 RR> FAQ: http://faq.thebat.dutaint.com RR> Unsubscribe: mailto:[EMAIL PROTECTED] RR> Archives : http://tbudl.thebat.dutaint.com RR> Moderators : mailto:[EMAIL PROTECTED] RR> TBTech List: mailto:[EMAIL PROTECTED] RR> Bug Reports: https://www.ritlabs.com/bt/ I use Norton 2002 and it has so far not let anything past. The only thing to worry about with mail scanners is to make sure that nothing else is processing mail. Firewalls (ZoneAlarm springs to mind) sometimes grab files and isolate them, you should not have more than one mail checker running. Norton is great due to the fact it basicly acts as a middle man, examing the attachments before they even get to the client. (Bonus when using Express, but not a issue if using a decent email client such as the Bat!) Most other scanners only examin after the actual file is present on your machine. -- Best regards, Michael Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Rick, @17 July 2002, 21:54 -0400 (02:54 UK time) Rick Reumann [RR] in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] said to Bat List: RR> Has anyone else ever received the W32.Frethem.E@mm worm virus? I RR> didn't run the exe but it slipped passed AVG with the RR> decrypt-password.exe. I thought AVG was supposed to be pretty good. RR> I'm surprised this high-profile got by. Should I maybe switch to some RR> other protection? (AVG has caught other viruses so it does work and it RR> was just updated yesterday). ,-=[ From the Grisoft site ]- Update 377 available. Added detection of three new variants of I-Worm/Frethem. - July 15, 2002 - ` Since there are new variants only a few days old it is no surprise that AVG didn't spot the infection. I have just updated and one that got through on Monday is spotted now. This is always going to be a problem with *any* AV software. Any new variants and especially a completely new virus won't be spotted until at least one person reports it to the AV vendor for them to update their database and issue a new one. - -- Cheers -- .\\arck D. Pearlstone -- List moderator TB! v1.61 on Windows 2000 5.0.2195 Service Pack 2 ' ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.1.90-nr1 (Windows 2000) iD8DBQE9NOJ8OeQkq5KdzaARAgY8AJ95PZgHxJ3N6a4x7GCdkAsTi6JHogCg+Npq oMsadVZ1DKFGCDY5UGaw2jw= =AVl6 -END PGP SIGNATURE- Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
Hi Rick, On Tue, 16 Jul 2002 21:54:20 -0400, you wrote: > Has anyone else ever received the W32.Frethem.E@mm worm virus? Had about 15 of them. And 30 of the Yaha ones yesterday alone. They all get stomped on by the mail server, as it is running Sophos anti-virus ;) More effective if you stop it at the server level I find. -- Jonathan Angliss ([EMAIL PROTECTED]) Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: AVG didn't catch
Hi Rick, On Tue, 16 Jul 2002 21:54:20 -0400 GMT (Jul 17, 07:39 my local time), you [RR] wrote: RR> Has anyone else ever received the W32.Frethem.E@mm worm virus? I RR> didn't run the exe but it slipped passed AVG with the RR> decrypt-password.exe. This came my way last week but NAV2001 detected it. -- Cheers, Sudip For PM:- mailto:[EMAIL PROTECTED] Sudip Pokhrel Kathmandu-NP PGP Key ID: 0xD93F5185 http://pgpkeys.mit.edu -- Sys Info -- Using The Bat! v1.60q on Windows 98 4.10 (Build A ) H/W: Pentium IV 1.4 Ghz|256MB RAM|40GB HDD [IE 5.0, Opera 6.03 (default)] Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
AVG didn't catch
Has anyone else ever received the W32.Frethem.E@mm worm virus? I didn't run the exe but it slipped passed AVG with the decrypt-password.exe. I thought AVG was supposed to be pretty good. I'm surprised this high-profile got by. Should I maybe switch to some other protection? (AVG has caught other viruses so it does work and it was just updated yesterday). Thanks for any more info. -- Rick Using The Bat! v1.60q on Windows 98 4.10 Build A Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/