[lugod@livepenguin.com: [vox] ello! =))]

Ken Bloom vox@lists.lugod.org
Wed, 3 Mar 2004 23:14:06 -0800


--h31gzZEtNLTqOjlF
Content-Type: text/plain; Format=Flowed; DelSp=Yes; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I got like 5 of these before UC Davis virus filters managed to pick up the =
=20
signature and squelch it.  Never understimate the user.

ClamAV also managed to pick up the signature and filter 3 of them to my =20
"probably-virus" mailbox. And before either of these checkers were =20
squelching the virus, I saw on Symantec's website that they can detect the =
=20
virus.

Virus checkers must have other strategies - remember, in the days when =20
virus writers were actually clever, they would do all kinds of things =20
(probably including encryption) to disguise viruses from virus software and=
 =20
technically oriented users. And virus checkers have to have the =20
infrastructure to deal with this.


On 2004.03.03 20:55, Rod Roark wrote:
> A couple of these have indeed come through the list.  They
> seem to contain encrypted zip files, so there's no signature
> for the virus checkers to recognize.
>=20
> On the other hand they will require the user to be both dumb
> enough and conscious enough to enter the password supplied
> with the email to decrypt the payload, so it seems unlikely
> we'll see much replication of these.
>=20
> -- Rod
>=20
> On Wednesday 03 March 2004 06:07 pm, R. Douglas Barbieri wrote:
> > Has anyone else been getting this message? It contains a zip file with
> > an .exe file in it...gee, do you think it's a windows virus? ;-)
> >
> > I just find the to and from addresses interesting...
> >
> > ----- Forwarded message from lugod@livepenguin.com -----
> >
> > To: vox@livepenguin.com
> > From: lugod@livepenguin.com
> > Subject: [vox] ello! =3D))
> > Date: Wed, 03 Mar 2004 19:44:43 -0600
> > X-Bogosity: No, tests=3Dbogofilter, spamicity=3D0.000000, version=3D0.1=
3.6.2,
> algorithm=3Dfisher
> >
> > Looking forward  for  a response :P
> >
> > pass: 36606
> >
> >
> >
> > ----- End forwarded message -----
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
>

--=20
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 10/14/2003. If you use GPG *please* see me about
signing the key. ***** My computer can't give you viruses by email. ***

--h31gzZEtNLTqOjlF
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBARtc+lHapveKyytERAliFAJwKI7/wqFKwj5uTm6H5dgbpT6G7wgCggRmh
/AxZETjK9+PU5s7z1QAzurY=
=RDAu
-----END PGP SIGNATURE-----

--h31gzZEtNLTqOjlF--