Re: [Declude.Virus] MS05-16 Exploit

2005-06-01 Thread Darin Cox
, May 31, 2005 8:42 PM Subject: RE: [Declude.Virus] MS05-16 Exploit Putting in 2 new drives was the easy part.   Recreating 43 websites in IIS because the backup drive on the backup server departed for parts unknown the week before and proceeded with the tape drive (Onstream) finally giving out

Re: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread Darrell \([EMAIL PROTECTED])
a mass-mailing virus. Declude defaults to BANCSLID ON which may or may not protect from such an attack. Some CSLID calls are entire valid and normal for Outlook/Office generated E-mails, and I'm not totally sure Plus the other question is does Declude look for the CSLID calls in files in zi

RE: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread John Tolmachoff \(Lists\)
  -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, May 31, 2005 2:42 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] MS05-16 Exploit   Ok, John, get back to fixing that mirrored drive set

RE: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread Dave Marchette
Title: Message Perhaps a new feature in Declude that can be implemented during an outbreak(before the slow AV guys create defs) which reverses the logic of the BAN module, making it an ALLOW module.   For instance, ban all extensions except those specifically allowed-  this creates its own p

Re: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread NIck Hayer
Title: Message Hi Andy, Colbeck, Andrew wrote: Declude Virus will *not* detect abuse of MS05-16 with the Declude CLSID vulnerability detector.   They are entirely different animals, which happen to have CLSID at their heart. You are sure up to date with this stuff!  

RE: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread Colbeck, Andrew
On Behalf Of Andy Schmidt Sent: Tuesday, May 31, 2005 11:30 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] MS05-16 Exploit Hi, Enclosed a notice for the MS05-16 Exploit. For the record: I'm actually in favor of using STRICT interpretation of vulnerabilities - no

RE: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread Dave Marchette
Good point. What version of Declude introduced the 'BANCSLID ON' feature? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Tuesday, May 31, 2005 2:21 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] MS05-16 Exploit T

Re: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread Matt
[mailto:[EMAIL PROTECTED]] On Behalf Of Andy Schmidt Sent: Tuesday, May 31, 2005 11:30 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] MS05-16 Exploit Hi, Enclosed a notice for the MS05-16 Exploit. For the record: I'm actually in favor of using STRICT interpretatio

RE: [Declude.Virus] MS05-16 Exploit

2005-05-31 Thread John Tolmachoff \(Lists\)
[EMAIL PROTECTED] > On Behalf Of Andy Schmidt > Sent: Tuesday, May 31, 2005 11:30 AM > To: Declude.Virus@declude.com > Subject: [Declude.Virus] MS05-16 Exploit > > Hi, > > Enclosed a notice for the MS05-16 Exploit. > > For the record: > I'm actuall

[Declude.Virus] MS05-16 Exploit

2005-05-31 Thread Andy Schmidt
Hi, Enclosed a notice for the MS05-16 Exploit. For the record: I'm actually in favor of using STRICT interpretation of vulnerabilities - no matter how seldom one might actually occur. Whether a violation of standards is due to an actual virus - or just a poor mass-mailer application, I gladly us