rom: Antony Stone [mailto:[EMAIL PROTECTED]
Sent: Saturday, September 20, 2003 12:29
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] RE: UPDATE81.exe getting thru
The zero-length attachments on Gibe.F emails I've seen so far have all
had
.exe extensions, so they get blocked by my server (al
W.D. McKinney wrote:
On Sat, 2003-09-20 at 16:40, Diego d'Ambra wrote:
The current standpoint of the team maintaining the DB is to include
signatures that also detect damaged viruses. These signatures are often
used to detect e-mails that somehow "lost" the damaging part. This is to
prevent users
On Sat, 2003-09-20 at 16:40, Diego d'Ambra wrote:
>
> The current standpoint of the team maintaining the DB is to include
> signatures that also detect damaged viruses. These signatures are often
> used to detect e-mails that somehow "lost" the damaging part. This is to
> prevent users from getti
> -Original Message-
> From: Antony Stone [mailto:[EMAIL PROTECTED]
> Sent: 20. september 2003 21:31
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] RE: UPDATE81.exe getting thru
>
> On Saturday 20 September 2003 6:39 pm, Daniel J McDonald wrote:
>
> >
> -Original Message-
> From: Noel Jones [mailto:[EMAIL PROTECTED]
> Sent: 20. september 2003 20:13
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] RE: UPDATE81.exe getting thru
>
> On Sat, Sep 20, 2003 at 12:39:33PM -0500, Daniel J McDonald wrote:
> >
&g
On Saturday 20 September 2003 6:39 pm, Daniel J McDonald wrote:
> I would prefer that clamav be able to determine if it appears to
> be a virus, even one damaged to the point of non-existance.
Detecting something which doesn't exist sounds tricky to me.
Antony.
--
I vote "no" to this proposal
On Sat, Sep 20, 2003 at 12:39:33PM -0500, Daniel J McDonald wrote:
>
> Thus, I would prefer that clamav be able to determine if it appears to
> be a virus, even one damaged to the point of non-existance.
maybe someone could post a signature for the gif here and those who
wish to block it can add
On Sat, 2003-09-20 at 12:16, Thomas Lamy wrote:
> Antony Stone wrote:
> > On Saturday 20 September 2003 4:54 pm, Daniel J McDonald wrote:
> >
> >
> >>On Sat, 2003-09-20 at 10:40, Antony Stone wrote:
> >
> >
> >>>A gif is not a virus, so it should not be detected by an anti-virus
> >>>program.
>
We host e-mail for schools, business's, etc. It's not feasible to
enforce blocking .exe's and keep customers. Simple economics.
Support costs are an issue and it's a small trade off in this incident
to go blocking the gif route.
Dee
On Sat, 2003-09-20 at 09:16, Thomas Lamy wrote:
> Antony Stone
Antony Stone wrote:
On Saturday 20 September 2003 4:54 pm, Daniel J McDonald wrote:
On Sat, 2003-09-20 at 10:40, Antony Stone wrote:
A gif is not a virus, so it should not be detected by an anti-virus
program.
Anyway, what's the point? Why bother blocking a 'damaged' copy of a
virus, where 'd
On Saturday 20 September 2003 4:54 pm, Daniel J McDonald wrote:
> On Sat, 2003-09-20 at 10:40, Antony Stone wrote:
> > A gif is not a virus, so it should not be detected by an anti-virus
> > program.
> >
> > Anyway, what's the point? Why bother blocking a 'damaged' copy of a
> > virus, where 'd
On Sat, 2003-09-20 at 10:40, Antony Stone wrote:
> On Saturday 20 September 2003 4:04 pm, Daniel J McDonald wrote:
>
> > On Fri, 2003-09-19 at 18:47, Diego d'Ambra wrote:
> > > > -Original Message-
> > >
> > > Since the binary is completely missing it's difficult to create a
> > > signatur
On Saturday 20 September 2003 4:04 pm, Daniel J McDonald wrote:
> On Fri, 2003-09-19 at 18:47, Diego d'Ambra wrote:
> > > -Original Message-
> >
> > Since the binary is completely missing it's difficult to create a
> > signature that will catch the "damaged" versions of Gibe.F.
>
> You cou
On Fri, 2003-09-19 at 18:47, Diego d'Ambra wrote:
> > -Original Message-
>
> Since the binary is completely missing it's difficult to create a
> signature that will catch the "damaged" versions of Gibe.F.
>
You could probably match on the gif file that is included - I've got the
same 4.9
> -Original Message-
> From: Jesse Guardiani [mailto:[EMAIL PROTECTED]
> Sent: 19. september 2003 23:51
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] RE: UPDATE81.exe getting thru
>
> Kevin Hanser wrote:
>
> > Yes, I received a couple of these this m
On Friday 19 September 2003 11:23 pm, W.D. McKinney wrote:
> On Fri, 2003-09-19 at 13:51, Jesse Guardiani wrote:
> > Kevin Hanser wrote:
> > > Yes, I received a couple of these this morning, one with an attachment
> > > called Update53.exe, and another w/an attachment called Install932.exe.
> > >
On Friday 19 September 2003 11:23 pm, W.D. McKinney wrote:
> On Fri, 2003-09-19 at 13:51, Jesse Guardiani wrote:
> > Kevin Hanser wrote:
> > > Yes, I received a couple of these this morning, one with an attachment
> > > called Update53.exe, and another w/an attachment called Install932.exe.
> > >
On Fri, 2003-09-19 at 13:51, Jesse Guardiani wrote:
> Kevin Hanser wrote:
>
> > Yes, I received a couple of these this morning, one with an attachment
> > called Update53.exe, and another w/an attachment called Install932.exe.
> >
> > I'm assuming this is the new "Swen" virus I have recently hear
Kevin Hanser wrote:
> Yes, I received a couple of these this morning, one with an attachment
> called Update53.exe, and another w/an attachment called Install932.exe.
>
> I'm assuming this is the new "Swen" virus I have recently heard about?
Yes, also Gibe-F apparently. But ClamAV's current viru
19 matches
Mail list logo
