, May 31, 2005 8:42 PM
Subject: RE: [Declude.Virus] MS05-16 Exploit
Putting in 2 new
drives was the easy part.
Recreating 43
websites in IIS because the backup drive on the backup server departed for parts
unknown the week before and proceeded with the tape drive (Onstream) finally
giving out
a mass-mailing virus. Declude defaults to BANCSLID ON which may or may
not protect from such an attack. Some CSLID calls are entire valid and
normal for Outlook/Office generated E-mails, and I'm not totally sure
Plus the other question is does Declude look for the CSLID calls in files in
zi
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Tuesday, May 31, 2005
2:42 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus]
MS05-16 Exploit
Ok, John, get back to fixing that mirrored
drive set
Title: Message
Perhaps a new feature in Declude that can be implemented during an
outbreak(before the slow AV guys create defs) which reverses the logic of
the BAN module, making it an ALLOW module.
For
instance, ban all extensions except those specifically allowed- this
creates its own p
Title: Message
Hi Andy,
Colbeck, Andrew wrote:
Declude Virus will *not* detect abuse of MS05-16
with the Declude CLSID vulnerability detector.
They are entirely different animals, which
happen to have CLSID at their heart.
You are sure up to date with this stuff!
On Behalf Of Andy Schmidt
Sent: Tuesday, May 31, 2005 11:30 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] MS05-16 Exploit
Hi,
Enclosed a notice for the MS05-16 Exploit.
For the record:
I'm actually in favor of using STRICT interpretation of vulnerabilities -
no
Good point. What version of Declude introduced the 'BANCSLID ON'
feature?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Tuesday, May 31, 2005 2:21 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] MS05-16 Exploit
T
[mailto:[EMAIL PROTECTED]]
On Behalf Of Andy Schmidt
Sent: Tuesday, May 31, 2005 11:30 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] MS05-16 Exploit
Hi,
Enclosed a notice for the MS05-16 Exploit.
For the record:
I'm actually in favor of using STRICT interpretatio
[EMAIL PROTECTED]
> On Behalf Of Andy Schmidt
> Sent: Tuesday, May 31, 2005 11:30 AM
> To: Declude.Virus@declude.com
> Subject: [Declude.Virus] MS05-16 Exploit
>
> Hi,
>
> Enclosed a notice for the MS05-16 Exploit.
>
> For the record:
> I'm actuall
Hi,
Enclosed a notice for the MS05-16 Exploit.
For the record:
I'm actually in favor of using STRICT interpretation of vulnerabilities - no
matter how seldom one might actually occur. Whether a violation of
standards is due to an actual virus - or just a poor mass-mailer
application, I gladly us
10 matches
Mail list logo