I just received an EXTRA.DAT file from Mcafee...to detect this..
I also submitted it to F-Prot
I will try attaching the EXTRA.DAT file to this email
Don
- Original Message -
From: "Marc Catuogno" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, May 31, 2005 10:31 AM
Subject: RE: [Dec
I have seen the following attachments...
1.zip
5.zip
6.zip
7.zip
8.zip
price_new.zip
be_not_jealous.zip
price_new_16_04_05.zip
So far...
Don
- Original Message -
From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, May 31, 2005 10:22 AM
Subject: Re: [Declude.Vir
I am seeing it also. I already submitted it to Mcafee...
My desktop AV (Trend) is detecting it as a Bagle variant...
Don
- Original Message -
From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, May 31, 2005 9:59 AM
Subject: [Declude.Virus] New virus out?
One of
I have not updated to 3.16b and have this problem...
Don
- Original Message -
From: "Markus Gufler" <[EMAIL PROTECTED]>
To:
Sent: Monday, May 02, 2005 3:09 PM
Subject: RE: [Declude.Virus] F-Prot and HTML object exploit
Question: Have you all running the latest v3.16b ?
I can't see any a
I am having the same problems here. It all started around 12:30 Central
time...
Don
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, May 02, 2005 12:56 PM
Subject: Re: [Declude.Virus] F-Prot and
HTML object exploit
John,Thanks a bunch f
We are many of these since about 5pm central time. Mcafee has definition
updates to catch this. We were catching it by the blocked extensions before
the Mcafee update was installed.
http://vil.nai.com/vil/content/v_131856.htm
At this time F-prot is not catching these..
Don
--
No virus found
We heard the exact same thing from them.
Don
- Original Message -
From: "Avolve Support" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 09, 2004 12:08 PM
Subject: RE: [Declude.Virus] IpSwitch Collaboration Suite Yearly renewal
costs up to $4995 per server per year
I
FYI - Mcafee is detecting it as a generic Mydoom variant. So far F-prot is
not...
Don
- Original Message -
From:
Don Hickey
To: [EMAIL PROTECTED]
Sent: Tuesday, November 09, 2004 8:13
AM
Subject: [Declude.Virus] New MyDoom
Variants
Since these emails
IFRAME vulnerability in Internet Explorer that
has not been patched by Microsoft.
Thanks
Don Hickey
Symantec has 3 new Bagle variants listed at www.sarc.com this morning...
Thanks for the Heads Up
Don
- Original Message -
From: "Markus Gufler" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 29, 2004 4:30 AM
Subject: [Declude.Virus] HEADS UP there is something st
Looks like a new MyDoom Virus going around.
We are seeing a lot of them incoming and the latest Mcafee beta definition
files detect is as MyDoom.O
http://vil.nai.com/vil/content/v_127033.htm
Don
- Original Message -
From: "Markus Gufler" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent
Here is Mcafee's response to the .CPL I have been receiving - Don
A.V.E.R.T. Sample Analysis
Issue Number: 677272
Virus Research Analyst - Hong Kong: V. Nguyen
Identified: W32/[EMAIL PROTECTED]
AVERT(tm) Labs, Hong Kong
Thank you for submitting your suspicious file.
Synopsis -
- Original
I submitted one of these to Mcafee. I am seeing a lot more of these than the
new Bagle.
Don
- Original Message -
From: "Scott Fisher" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, April 26, 2004 12:52 PM
Subject: [Declude.Virus] .CPL file blocked
Could be something new going
Look at the added extension that this variant uses
Also, the attachment has any of the following extensions:
. EXE
. PIF
. RAR
. ZIP
I have seen a couple of these so far as .ZIP files, I guess I will have to
see what happens when I add .rar to the BANEXT temporarily...
Don
---
[This E-mail
I am not sure about F-prot, but Mcafee updated their definition files last
night to catch this.
Mcafee calls it Proxy-Cidra
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100939
Don
- Original Message -
From: "Bennie" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent:
I have moved back to F-Prot 3.14b as more of these errors started showing
up.
Don
- Original Message -
From: "Don Hickey" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 10, 2004 8:58 AM
Subject: Re: [Declude.Virus] F-Prot version
> Spoke too
released the other day.
Don
- Original Message -
From: "Don Hickey" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 10, 2004 8:41 AM
Subject: Re: [Declude.Virus] F-Prot version
> Ok I took up the Guinea Pig slack, and installed the latest ve
Scott,
Using the test virus sender on your website, the eicar plain file gets
caught as a virus, where the eicar in a .zip file gets caught as a banned
extension.
I am running Declude 1.78i14 - I just tried 1.78.i20 also, same results..
Here is a section of the log file..
03/10/2004 08:42:40 Q
Ok I took up the Guinea Pig slack, and installed the latest version of
F-prot..
I have not seen the winmail.dat error since I installed it about 10 minutes
ago. I have caught many viruses during that time.
So far so good.
Don
- Original Message -
From: "Darin Cox" <[EMAIL PROTECTED]>
Actually, I think this might be a new variant. I submitted it to Mcafee last
night and they sent back an extra.dat file to me. The filename is different
than the one in their write-up. Also the ones we were seeing were caught by
the banned extension until I copied over the extra.dat file.
Ahh just
Scott, posted this last week:
With the latest interim release, you can use:
BANEXT EZIP - This line will ban all .ZIP files with an
encrypted file in them
BANZIPEXTS ON - This line (Pro version only) will ban all file extensions
listed in BANEXT lines, if they appear in non-encrypte
I tried this with 1,2,3 spaces and tabs between the BANZIPEXTS, BANZIPEXTS
and the ON.
Then I send myself a compress .pif file both pw protected and not pw
proteced and every single one was caught (eight total) (as banned extensions
ZIP-PIF).
All my BANEXT lines have one space between it and the
Mcafee's write up on it...
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101030
Don
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 17, 2004 9:01 AM
Subject: [Declude.Virus] New virus Tanx
> FYI, there
I will second this once again, I submitted this to Mcafee and the extra.dat
file I got mentioned W32/[EMAIL PROTECTED]
I haven't received anything back from them since about 1/2 hour ago. So for
the .exe name has changed on the ones we have seen.
Here is an example from one of the messages we hav
) and your message to the list shortly after that. That
gave me time to add the .zip extension and contain this quickly. I know
some made it through, but it would have been much worse without the features you
keep adding and making things more easier on us.
Thanks,
Don Hickey
Knox College
We have seen about 35 so far this morning.
Mcafee says it is a Forging virus...
Don
- Original Message -
From: "Fritz Squib" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 19, 2004 7:38 AM
Subject: RE: [Declude.Virus] new forging worm: Bagle
> F-Prot reports it as [
.
Attachment: photos.zip
I added
BANNAME PHOTOS.zip
to my virus.cfg fileuntil the av software updates
Don Hickey
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declud
This is an awesome feature to add. This will also help with future virus
outbreaks that have us waiting for definition files to be updated
from our antivirus vendors...
Thanks
Don Hickey
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMA
I wonder what the heck has happend to F-prot...I have lost all my confidence
in them..
Four days is way to long to take to solve this problem. Their website hasn't
been updated for a while now...
Don
- Original Message -
From: "Bill Landry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Se
so notice some posts showing up in the
newsgroups with the same problem...
Hopefully this will help others that have friends who call them when they
are infected by this.
Don Hickey
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came fr
Take a look the the log file and you can see what scanner detected the
virus...
Scanner 2: Virus= the W32/[EMAIL PROTECTED] virus !!! Attachment=message.zip [2]
This is from this morning and F-Prot is still not catching it...
Don Hickey
- Original Message -
From: "Hirthe, Alex
Title: Message
Another variant is making it's rounds. This time it comes in a .zip file
named your_details.zip.
We have received 5 of these in the last twenty minutes. F-Prot catches it
with today's signatures.
Don
Has anyone installed the newest version of F-prot yet and have you had any
issues?
Don
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubsc
was
from one of our lists) to another user saying lets go to this.
Pretty unevenfull message, but Declude caught this and stopped it
Thanks
Don Hickey
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com
27;t know if it will work with InoculateIT 6.0, though
one of these days I intend to find out.
Stan Buck
- Original Message -
From:
Don Hickey
To: [EMAIL PROTECTED]
Sent: Wednesday, June 12, 2002 2:29
PM
Subject: [Declude.Virus] Declude and
Is anyone running declude and InoculteIT 6.0 and able to receive the virus
name in the message. I am close but wasn't sure if anyone has had any luck
getting this to work. If so could you please send your command line
I am trying to use inocmd32.exe to do the scanning.
Thanks
Don H
I have the BANEXT and the notify working fine. My question is there a way to
send the notify email to the postmaster (me) also to let me know that
someone tried to send a banned extension?
Thanks
Don Hickey
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com
37 matches
Mail list logo