Enrico_C Posted March 5, 2004 Share Posted March 5, 2004 An email with Win32/Bagle.gen.zip worm (the virus with an attached zip, that tells you the password to open, you know) was kept in Heldmail but not blocked as virus. X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-spam-Level: X-spam-Status: hits=0.6 tests=FROM_HAS_MIXED_NUMS,NO_REAL_NAME version=2.63 X-SpamCop-Checked: 192.168.1.101 212.187.118.241 X-SpamCop-Disposition: Blocked sbl.spamhaus.org Then, I let it pass through (Forward and NOT whitelist) as a test, and popped it on my system, and the infected email was automatically identified as such by NOD32 / IMON Link to comment Share on other sites More sharing options...
Wazoo Posted March 5, 2004 Share Posted March 5, 2004 Well, as I posted over in one of the "SpamCop does not send virus" Topics, thee hasn't been an update posted that thet virus scanning tool have had their engines updated for this last batch of crud ... and in yet another thread, there's mention of the mutations that these have been making, somethime 3 or 4 major shifts a day. I can only point out that anti-virus tools are reactionary, offering protection only after the virus has been identified and catalogued, so there is a that time lag between the appearance and the tools for identification and removel ... (yes, I know I'm talking general case here) .. but should also note that the code running on an e-mail server isn't quite the same as something run on an individual system, so there's also this that has to be added into the time lag .. Link to comment Share on other sites More sharing options...
jefft Posted March 6, 2004 Share Posted March 6, 2004 An email with Win32/Bagle.gen.zip worm (the virus with an attached zip, that tells you the password to open, you know) was kept in Heldmail but not blocked as virus. X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-spam-Level: X-spam-Status: hits=0.6 tests=FROM_HAS_MIXED_NUMS,NO_REAL_NAME version=2.63 X-SpamCop-Checked: 192.168.1.101 212.187.118.241 X-SpamCop-Disposition: Blocked sbl.spamhaus.org Then, I let it pass through (Forward and NOT whitelist) as a test, and popped it on my system, and the infected email was automatically identified as such by NOD32 / IMONĀ I've been told by our AV vendor that they were not blocking that virus originally, but that they are now. They had to do a major update to be able to handle it, I think. Anyway, as of a couple days ago, we should be blocking those. JT Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.