This morning I've seen several Proxy-Cidra Trojans hold on our server. The
discovery date of this trojan is 12/27/2003 and so every AV engine should be
able to detect it.
http://vil.nai.com/vil/content/v_100939.htm
All infected messages I've seen are comming from different IPs.
Markus
---
Ops, I forget: looks like this is a forgin virus because all warnings are
comming back as NDR's
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL
Please read the old posts about this problem.
I STRONGLY agree!!
Short Summary:
Antivirus programs and declude can't open password protected
zip files ...
Good summary, but the problem is that if people knows that there is a short
summary even after an already 100 times asked and
I'm a new comer and just signed up today. How can I know somebody asked 100
times before? But it proved one thing. Even the same question has been asked
for 100 times, someone that doesn't know each other still willing to give
help again and again. Anyway, thank you very much your help and I've
We have Imail 8.05, declude standard v1.75 and recently we have got mcafee
virus scan8. In combination with declude and virus scan 8 on demand scanning
is working fine. We have more than 20,000 users in single domain. In mcafee
virus scan 8 (Active shield) we don't have option to exclude users
Actually, I think this might be a new variant. I submitted it to Mcafee last
night and they sent back an extra.dat file to me. The filename is different
than the one in their write-up. Also the ones we were seeing were caught by
the banned extension until I copied over the extra.dat file.
Ahh
Hi Scott,
Thx for the your response.
I have one more doubt, we have mcafee virus scan8 and Norton anti virus
corporate edition 7.6 also. Can we install both on mail server, is it
recommended to install two AV scanners on the server?
If so then I will disable active shield in mcafee and will use
I have one more doubt, we have mcafee virus scan8 and Norton anti virus
corporate edition 7.6 also. Can we install both on mail server, is it
recommended to install two AV scanners on the server?
If so then I will disable active shield in mcafee and will use it for
declude as on-demand scanner,
Ok I took up the Guinea Pig slack, and installed the latest version of
F-prot..
I have not seen the winmail.dat error since I installed it about 10 minutes
ago. I have caught many viruses during that time.
So far so good.
Don
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To:
Scott,
Using the test virus sender on your website, the eicar plain file gets
caught as a virus, where the eicar in a .zip file gets caught as a banned
extension.
I am running Declude 1.78i14 - I just tried 1.78.i20 also, same results..
Here is a section of the log file..
03/10/2004 08:42:40
Spoke too Soon!!
03/10/2004 08:46:35 Q2a4000b700e8a069 Could not find parse string Infection:
in report.txt
03/10/2004 08:46:35 Q2a4000b700e8a069 Error 5 in virus scanner 1.
03/10/2004 08:46:36 Q2a4000b700e8a069 Scanned: Error in virus scanner.
[MIME: 2 4472]
This is with F-Prot 3.14c that was
Using the test virus sender on your website, the eicar plain file gets
caught as a virus, where the eicar in a .zip file gets caught as a banned
extension.
That's because:
03/10/2004 08:42:40 Q295c000501aa26d2 Banning .ZIP file with encrypted COM
extension.
It's not a standard .ZIP file, it is
Scott,
I just had a user send me an email with all the signes of Bagle in it.
Password zip and all.
It came right throught to the user and then it was forwared to me.
When I try to extract the zip on a test system I get invaild archive
format.
I am running declude 1.78i20 just updated Sophos and
VS8 is the Retail product.
As I recall controlling the exclude directories was removed. (to
simplify the product for the retail market)
VS 7 retail, if you can still find it, should have that feature. Or the
VS 7 Enterprise.
But the plan to use just one product for on-line scan will be all the
invalid archive format says to me that it may be a corrupted/incomplete copy of the
virus.
If that's the case, inconsistent identification would be normal.
Sending a copy of the zip to [EMAIL PROTECTED] would let Scott have more info.
Greg Little
EMail Admin wrote:
Scott,
I just had a user
That's the problem. Most likely, it wasn't a valid .ZIP file, which
prevents Declude Virus from telling that it was password protected, and
prevents it from being extracted.
Kind thought it was a corrupted/incomplete copy of the virus as Greg
stated or some other type of archive PicoZip can
I have moved back to F-Prot 3.14b as more of these errors started showing
up.
Don
- Original Message -
From: Don Hickey [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 10, 2004 8:58 AM
Subject: Re: [Declude.Virus] F-Prot version
Spoke too Soon!!
03/10/2004 08:46:35
I have set declude to call fprot version 3.14b and c, just in case
i just moved to a new server and have plenty of unused power
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 10, 2004 6:40 PM
Subject: Re: [Declude.Virus] F-Prot version
I
I see WinZip now has it's own MIME vulnerability.
http://www.winzip.com/fmwz90.htm
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail scanned for viruses by Farm Progress Companies using Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus
Are the settings for ClamAV in the Declude Virus Manual complete?
SCANFILE
C:\clamav-devel\bin\clamscan.exe --quiet --log-verbose --no-summary -l
report.txt
VIRUSCODE 1
I would have thought there would be a REPORT line.
After looking at the output however, I'm at a loss to figure out what to
Are the settings for ClamAV in the Declude Virus Manual complete?
Yes, but:
SCANFILE
C:\clamav-devel\bin\clamscan.exe --quiet --log-verbose --no-summary -l
report.txt
VIRUSCODE 1
I would have thought there would be a REPORT line.
There isn't. The problem is that ClamAV doesn't report the virus
There isn't. The problem is that ClamAV doesn't report the virus name in
the standard format. We are, however, looking into finding a way
around this.
There's a standard format? Can I get a copy of the standard? ClamAV is
open source so it might be easier to submit a fix to the source than
There isn't. The problem is that ClamAV doesn't report the virus name in
the standard format. We are, however, looking into finding a way
around this.
There's a standard format? Can I get a copy of the standard? ClamAV is
open source so it might be easier to submit a fix to the source than
I am not sure about F-prot, but Mcafee updated their definition files last
night to catch this.
Mcafee calls it Proxy-Cidra
http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=100939
Don
- Original Message -
From: Bennie [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
24 matches
Mail list logo