----- Original Message ----- From: "Chris Edwards" <[EMAIL PROTECTED]>
> On Fri, 12 Nov 2004, Dennis Davis wrote: > > | Sophos appear to have just issued an IDE file for this: > | > | http://www.sophos.com/virusinfo/analyses/w32bofrag.html > > But I'm skeptical that's going to recognise the emails generated by the > thing. Ours doesn't seen to anyway :-( I suspect this IDE will only have > an effect on a compromised windows box. [...] > I suspect other ports are in use too, but haven't noticed. The next > version will no doubt randomize the port. Dodgy emails will simply say: > "check this >URL<" at which point email content scanners have next to > nothing to go on. Some virus scanners now check http links, as well. Sometimes a switch needs to be set to enable this. For example, newer versions of ClamAV support the following switch: --mail-follow-urls Download and scan URLs Bill
