F-Prot just released virus defs dated 8/1 between the time I left work and
got home (5:45 Eastern time).
My volume of these messages has been low so far and I don't know if F-Prot
is catching them yet or not.
Fritz
Frederick P. Squib, Jr.
Network Operations
Citizens Telephone Company of Kecksbur
> I am using F-Prot and it is completely update to date, and not catching it
> the virus...is anyone using F-prot actually stopping it?
Same here, F-Prot and it's getting through, however, with the additions to
our BODY filters, it's being stopped.
Hopefully they will update soon. I know Norton A
I am using F-Prot and it is completely update to date, and not catching it
the virus...is anyone using F-prot actually stopping it?
The catch here is that the virus just came out a few hours ago. McAfee is
catching it because it detects the exploit that is used, but F-Prot doesn't
detect the ex
I am using F-Prot and it is completely update to date, and not catching it
the virus...is anyone using F-prot actually stopping it?
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Andy Schmidt
> Sent: Friday, August 01, 2003 4:44 PM
> To: [EMAIL PROTECT
>> Is there a way to have Declude Virus remove this instead of JM <<
Yes. Simply by keeping your virus scanner current.
Protection has been available since March 2003:
http://vil.nai.com/vil/content/v_99383.htm
Best Regards
Andy
---
[This E-mail was scanned for viruses by Declude Virus (http:
I have been trying to follow the posts...what rule would I use to block this
attachment? I know I put it in the body, is it just message.zip?
---
[This E-mail was scanned for viruses by QuestNet.net (http://www.QuestNet.net)]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.
Hi,
Just as the last few times, this one was being caught by McAfee right from
the start. (It had been proactively detected for the last 10 weeks or so.)
I don't understand how other its gotten past Declude for other customers?
Every occurrence I've seen came from "admin@" the user's domain and
Is there a way to have Declude Virus remove this instead of JM. The only
reason I was thinking was if someone has been whitelisted wouldn't it go
thru?
Jeff
*
TymeWyse Internet
P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417
tel/fax: (541) 8
Thanks
*
TymeWyse Internet
P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417
tel/fax: (541) 839-6027 - [EMAIL PROTECTED]
*
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Title: Message
Thanks Kami, I agree completely, I added both lines
here as well, but was just curious. I'm all for overdoing it as opposed to
underdoing it. =) Like you said, why take the chance?
Paul
Yes it is .. but
we know they both exist and why take a chance.. it is always best
Title: Message
Hi;
Yes it is .. but
we know they both exist and why take a chance.. it is always best to cover all
bases..
With what Bill
suggested and these two the message will definitely get trapped. I also
included the filename and name= since with those chances of false positive is
Title: Message
Kami -
Wouldn't the bottom one
be enough? since filename has name in it already?
I want to make sure I'm looking at
this correctly. What a pain, I've seen an increase of these here as well, had
the "Did you send this to me?" emails due to the admin@ address.
Pa
Title: Message
Hi;
I just ran a test
on our system and it appears that the message is coming
from:
admin@
postmaster@
Has anyone seen
any of this virus coming from an email other than admin@ or
postmaster@
All the ones we
have seen come from this user @ a domain that the recipient
Sorry, I am not good on Imail rules.
In Declude JM, I have a special test called TOHOLD. It is a filter test with
an action of HOLD.
Then, when something questionable comes out, I put the appropriate filter
into the TOHOLD.txt file.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
John,
Could you remind me how this is set up to trap this one. Between trying to
move the business and sell my house my brain isn't working.
Jeff
**
TymeWyse Internet
P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417
tel/fax: (5
Body, not header.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rodney Bertsch
Sent: Friday, August
01, 2003 10:46 AM
To: [EMAIL PROTECT
I changed it from header to body and it's trapping nicely now. No "real"
viruses but my pretend one I sent as a test was caught right away.
Thanks,
Rodney
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rick Leske
Sent: Friday, August 01, 2003 2:16 PM
To:
Title: Message
This
is what I'm getting..
The IP address of the offending server is
12.154.100.6
The name of the virus is [Unknown: Err].
The attachment is the Exploit-CodeBase trojan !!!
Sharyn
put something like B~This email address will be expiring
into your exsisting rules.ima file
~Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rodney Bertsch
Sent: Friday, August 01, 2003 12:46 PM - FamHost
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Vi
Gotcha, I'll try that, thanks!
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On
Behalf Of John Tolmachoff (Lists)Sent: Friday, August 01, 2003
1:58 PMTo: [EMAIL PROTECTED]Subject: RE:
[Declude.Virus] M e s s a g e . z i p possible virus
Body, not
Good old McGraw-Hill, that’s who ARIN say’s holds that IP. Is it a spoof?
-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Darrell LaRock
Sent: Friday, August 01, 2003
10:20 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus]
Message.zip possibl
Title: Message
Hi;
Just in case you
have not researched this.. here are some links:
- http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
Apparently it is
attempting to exploit the IE bug..
http://www.microsoft.com/technet/treeview/default.asp?url="">
Regards,
What's
the best way to trap this in I-Mail? I tried adding m e s s a
g e . z i p to the list of captures for message header, but a test
came right on through?
Thanks,
Rodney BertschIS CoordinatorKirk NationaLease Co.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[E
Title: Message
Hi;
We have received
several... in all of them this is also in common..
===
X-Mailer: The Bat!
(v1.61)X-Priority: 2 (High)Subject: [47~]your
account
koikrairMIME-Version: 1.0Content-Type: multipart/mixed;
boundary="---
Mcafee has announced this as a virus a bit ago
McAfee AVERT has raised W32/[EMAIL PROTECTED] to 'Medium' risk status.
Virus: W32/[EMAIL PROTECTED]
Risk: Medium
Information: http://vil.nai.com/vil/content/v_100523.htm
Discovery Date: 08/01/2003
Darrell LaRock
Systems Analyst
Gannett Television
The ones I got came from 204.73.176.250
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock
Sent: Friday, August
01, 2003 10:20
We are getting pounded by this. Literally
100’s per minute. They are all coming from 198.45.18.20.
Darrell
Darrell LaRock
Systems Analyst
Gannett Television
716-849-2272
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T
With mcafee it is failing the "Exploit-CodeBase Trojan"
Darre;;
Darrell LaRock
Systems Analyst
Gannett Television
716-849-2272
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Pereira
Sent: Friday, August 01, 2003 1:02 PM
To: [EMAIL PROTECTED]
Subj
I have sent the file to you.
These do look very suspicious. It appears as though they are malformed
viruses -- specifically, the message.zip file contains a file
message.htm. The message.htm file appears to start with MIME headers,
followed by a file "foo.exe" that appears to connect to the I
I just received 4 of them.
The html file inside looks very suspious.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Pereira
Sent:
I have sent the file to you.
It failed nothing, but it was blocked as a zip file.
JP
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 01, 2003 12:44 PM
Subject: Re: [Declude.Virus] Message.zip possible virus
>
> >I just got
Just sent you one before I saw the posts on the list.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.Virus-
> [EMAIL PROTECTED] On Behalf Of R. Scott Perry
> Sent: Friday, August 01, 20
Sent
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 01, 2003 11:44 AM
Subject: Re: [Declude.Virus] Message.zip possible virus
>
> >I just got one of these myselfit looks kinda like an executable
hidden
> >in an HTML
For now, I have added to JM
BODY0 CONTAINSm e s s a g e . z i p
To my holdfilter.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came f
Feel free to send it to [EMAIL PROTECTED] (just be sure to let me
know
after you send it, as that mailbox isn't monitored).
-Scott
Guess we are all curious now as to what it is.
Sharyn
We are the worldwide producer and marketer of the awar
I just got one of these myselfit looks kinda like an executable hidden
in an HTML file ??
Anyone with more expertise than I care to look at the 'D' file ??
Feel free to send it to [EMAIL PROTECTED] (just be sure to let me know
after you send it, as that mailbox isn't monitored).
I just got one of these myselfit looks kinda
like an executable hidden in an HTML file ??
Anyone with more expertise than I care to look at
the 'D' file ??
JP
- Original Message -
From:
i360 Support
To: [EMAIL PROTECTED]
Sent: Friday, August 01, 2003 11:49
We have seen some emails with
message.zip.
This is on our Exchange server so this is kind of
off topic but still a possible virus.
I did scan it with F-Prot and Symantec for both
server and exchange but did not find a virus.
It looks like a worm.
Has anyone seen it?
Or maybe this is
38 matches
Mail list logo
