promote Braid/A to "viruses.to.delete.conf"

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Thu Nov 7 14:35:52 GMT 2002 

If you use McAfee, use W32/Braid at MM.

BTW in the last 2 days we trapped 9 Braid-infected attachments because
we don't let .EXE files through.  McAfee just issued their DAT file
yesterday afternoon and now they flag the files as virus-infected.  Had
it not been of our .EXE rule we would have let 9 virus-infected files
through!

Better safe than sorry!

Denis
On Thu, 2002-11-07 at 09:19, Jeff A. Earickson (by way of Julian Field )
wrote:
> Y'all,
> 
>     I suggest that you add "Braid/A" to your silently-delete list in
> viruses.to.delete.conf.  I got the warning below from my own mailscanner
> and I don't use a PC for email.  I saw someplace the other day that
> Braid/A uses the same tricks as Klez/H to forge the sender.
> 
> -----------------------------------
> Jeff A. Earickson, Ph.D
> Senior UNIX Sysadmin and Email Guru
> Information Technology Services
> Colby College, 4214 Mayflower Hill,
> Waterville ME, 04901-8842
> phone: 207-872-3659 (fax = 3076)
> -----------------------------------
> 
> ---------- Forwarded message ----------
> Return-Path: <postmaster at colby.edu>
> Received: from emerald.colby.edu (localhost [127.0.0.1])
>         by emerald.colby.edu (8.12.6/8.12.6/1.13') with ESMTP id
>      gA7827uf022629
>         for <jaearick at colby.edu>; Thu, 7 Nov 2002 03:02:07 -0500 (EST)
> Received: (from root at localhost)
>         by emerald.colby.edu (8.12.6/8.12.5/Submit) id gA7827ZA022628;
>         Thu, 7 Nov 2002 03:02:07 -0500 (EST)
> Date: Thu, 7 Nov 2002 03:02:07 -0500 (EST)
> Message-Id: <200211070802.gA7827ZA022628 at emerald.colby.edu>
> From: "MailScanner" <postmaster at colby.edu>
> To: jaearick at colby.edu
> Subject: Warning: E-mail viruses detected
> X-MailScanner: ftbc
> 
> Our virus detector has just been triggered by a message you sent:-
>    To: jaearick at colby.edu
>    Subject: ¾Ö´Ï
>    Date: Thu Nov  7 03:02:07 2002
> Any infected parts of the message have not been delivered.
> 
> This message is simply to warn you that your computer system may have a
> virus present and should be checked.
> 
> The virus detector said this about the message:
> Report: >>> Virus 'W32/Braid-A' found in file ./gA7820uf022539/README.EXE
> 
> -- 
> MailScanner
> Email Virus Scanner
> www.mailscanner.info
-- 
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045

More information about the MailScanner mailing list