I have started seeing this worm getting through my Declude setup running
F-Prot with up-to-date files (3.12b, definition files 10/7 2:32 pm):
http://securityresponse.symantec.com/avcenter/venc/data/w32.brid.a;mm.html
Anyone else?
___
Scott MacLean
[EMAIL PROTECTED]
ICQ:
Hi,
I wanted to add the Bridex virus to the FORGINGVIRUS option in my virus.cfg.
Should I add the name to the existing FORGINGVIRUS line or do I need
multiple FORGINGVIRUS lines, each specifying one name?
Thanks.
/Rasmus
---
[Denne E-mail blev scannet for virus af Declude Virus]
[This
Hi Scott:
With the 1.62 beta is it safe to assume that the old
variable:%VIRUSNAME% is now replaced with %NOUNKNOWNVIRUSNAME%.
In our outgoing response to the sender we were using virusname variable.
From the definition it appears that the new variable would be a more
comprehensive variable.
Is
I have started seeing this worm getting through my Declude setup running
F-Prot with up-to-date files (3.12b, definition files 10/7 2:32 pm):
http://securityresponse.symantec.com/avcenter/venc/data/w32.brid.a;mm.html
Your virus definitions are about a month old -- the virus just came out
I wanted to add the Bridex virus to the FORGINGVIRUS option in my virus.cfg.
Should I add the name to the existing FORGINGVIRUS line or do I need
multiple FORGINGVIRUS lines, each specifying one name?
You should have one on each line.
-Scott
---
[This E-mail was
With the 1.62 beta is it safe to assume that the old
variable:%VIRUSNAME% is now replaced with %NOUNKNOWNVIRUSNAME%.
No, it is not.
The %VIRUSNAME% variable still works as it always has, and displays the
virus name.
The new %NOUNKNOWNVIRUSNAME% variable will display the virus name, but if
I activated the local postmaster notification and seen 2 samples of Bridex,
both where detected by F-PROT and not as vulnerability by declude.
In Virus cfg I have BANCRVIRUSES ON, other vulnerabilities are detected as I
received notifications also for Outlook 'CR' and 'Blank Folding'
I activated the local postmaster notification and seen 2 samples of Bridex,
both where detected by F-PROT and not as vulnerability by declude.
In Virus cfg I have BANCRVIRUSES ON, other vulnerabilities are detected as I
received notifications also for Outlook 'CR' and 'Blank Folding'
Follow up on information I have observed:
This is forging the from address. So far, it looks like it is changing the
From address to the To address. It is probably recommended to add this to
the list of FORGINGVIRUS and SKIPIFVIRUSNAMEHAS.
It appears the virus is in the body itself using the
I do a weekly scan
with of my Imail sever with F-protect and disturbingly enough it found two
viruses in the main.mbx files of two of my users. F-protect 3.12a reported
them as klez.E@mmand the attachment was
called logon [2].pif. I copied the MBX file to a test user to see
ifI could find
On 14:21 11/06/2002 -0800, it would appear that John Tolmachoff wrote:
Your rules will likely card a herd of legitimate e-cards but yes that will
work.
I do realize that. Unfortunately, I have no other way of catching the bad
ones, as I do not have Declude Junkmail Pro, which would allow the
I do a weekly scan with of my Imail sever with F-protect and disturbingly
enough it found two viruses in the main.mbx files of two of my
users. F-protect 3.12a reported them as mailto:klez.E;mmklez.E@mm and
the attachment was called logon [2].pif. I copied the MBX file to a test
user to
OK that part makes sense...
The viurs error is:
11/06/2002 14:21:24 Q87d422c Outlook 'CR' vulnerability
11/06/2002 14:21:24 Q87d422c File(s) are INFECTED [0]
Outlook 'CR' Vulnerability: This vulnerability occurs when an E-mail
contains a single 'CR' character within the E-mail headers (as
I am just guessing but maybe the user sent it to another user on your same
email server via web messaging?
~Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:Declude.Virus-owner;declude.com]On Behalf Of Marc Catuogno
Sent: Wednesday, November 06, 2002 4:41 PM - MGMT
To: [EMAIL
I am just guessing but maybe the user sent it to another user on your same
email server via web messaging?
Very unlikely in this case -- the user would have had to have sent the
virus intentionally.
-Scott
---
[This E-mail was scanned for viruses by Declude
Declude has been installed for months, BUT you are right, these e-mails
were delivered two days and a month before it seems that declude was
installed (respectively). The weird thing is that the full system scan
only reported them recently... one last week and another this week.
Strange.
Curious, why are you scanning user mail boxes?
That can cause problems.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
La Habra, CA 90631
www.reliancesoft.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came
Strictly paranoia.
In case something does get through. In case one of my users sends out a
virus through their webmail. I usually just do a full system scan once a
week or so, I don't have the scanner running all the time.
Marc
- Original Message -
From: John Tolmachoff [EMAIL
18 matches
Mail list logo
