RE: Bugbear.b not blocked! why?

I block those as well as anything with a "double file extension." (filename.jpg.vbs) I know that is sometimes controversial but seems to be prudent.

Jim Hunt
Network & Systems Engineer
Northwestern School Corporation
Technology Department

Network Monitoring Tools & Tutorials
http://www.netmon.org
Featured in Network Computing Magazine

-----Original Message-----
From: Dongen, Jeroen van [mailto:jvandongen@seneca.nl] Sent: Tuesday, June 10, 2003 9:26 AM
To: 'Nick Warr'; gdecurtis@ennedi.com
Cc: focus-virus@securityfocus.com
Subject: RE: Bugbear.b not blocked! why?

I've heard more 'rumblings' about the current reincarnation of bugbear not
being blocked 100% by AV - though a good practice would be to rigorously block/strip every attachement that contains '.exe', '.scr' or '.pif' somewhere in its filename. In combination with nohtml.dll (if you happen to
run Outlook 2000/2002, see e.g.
http://ntbugtraq.ntadvice.com/default.asp?sid=1&pid=55&did=38) this would
stop practically all Bears dead in their tracks, without harming functionality too much.

-----Original Message-----
From: Nick Warr [mailto:nick@mobilia.it] Sent: Tuesday, June 10, 2003 9:53 AM
To: gdecurtis@ennedi.com
Cc: focus-virus@securityfocus.com
Subject: Re: Bugbear.b not blocked! why?

I've seen viruses pass when they were corrupted (and non functional), we use
a different mail scanner (rav) though.

Nick
----- Original Message -----
From: <gdecurtis@ennedi.com>
To: <focus-virus@securityfocus.com>
Sent: Monday, June 09, 2003 2:04 PM
Subject: Bugbear.b not blocked! why?

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

> Hi all,
all
> infected e-mails with Bugbear.b.

--
-

>

------------------------------------------------------------------------
--
--

>




------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------