Hosting Provided By

R: Bugbear.b not blocked! why?

From: <gdecurtis(at)ennedi.com>
Date: Tue Jun 10 2003 - 13:29:16 EDT

It's very strange because the latest engine of uvscan v4.2.40/v4270 doesn't detect bugbear.
While Interscan iscan: v3.1/v6.510-1002/561/54025 from time to time detects PE_BUGBEAR.DAM.
I have to block all attach .exe .pif and .scr. This is the only solution until new updates?

-----Messaggio originale-----
Da: Dongen, Jeroen van [mailto:jvandongen@seneca.nl] Inviato: martedì 10 giugno 2003 16.26
A: 'Nick Warr'; gdecurtis@ennedi.com
Cc: focus-virus@securityfocus.com
Oggetto: RE: Bugbear.b not blocked! why?

I've heard more 'rumblings' about the current reincarnation of bugbear not being blocked 100% by AV - though a good practice would be to rigorously block/strip every attachement that contains '.exe', '.scr' or '.pif' somewhere in its filename. In combination with nohtml.dll (if you happen to run Outlook 2000/2002, see e.g.
http://ntbugtraq.ntadvice.com/default.asp?sid=1&pid=55&did=38) this would stop practically all Bears dead in their tracks, without harming functionality too much.

-----Original Message-----
From: Nick Warr [mailto:nick@mobilia.it] Sent: Tuesday, June 10, 2003 9:53 AM
To: gdecurtis@ennedi.com
Cc: focus-virus@securityfocus.com
Subject: Re: Bugbear.b not blocked! why?

I've seen viruses pass when they were corrupted (and non functional), we use a different mail scanner (rav) though.

Nick
----- Original Message -----
From: <gdecurtis@ennedi.com>
To: <focus-virus@securityfocus.com>
Sent: Monday, June 09, 2003 2:04 PM
Subject: Bugbear.b not blocked! why?

> Hi all,
-
> --------------------------------------------------------------------------

--

>




---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Received on Tue Jun 10 14:07:45 2003

This message: [ Message body ]
Next message: Bruce Martins: "RE: Bugbear.b not blocked! why?"
Previous message: Hunt, Jim: "RE: Bugbear.b not blocked! why?"
In reply to: Dongen, Jeroen van: "RE: Bugbear.b not blocked! why?"
In reply to gdecurtis(at)ennedi.com: "Bugbear.b not blocked! why?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:39 EDT

Do you need help?