eTrust - Lagging Virus Definitions

Nathan Johanson nathan at TCPNETWORKS.NET
Thu Mar 4 18:05:22 GMT 2004


Just a heads up for eTrust users... While this is indicative of other
AntiVirus vendors recently, they finally got around to releasing
definitions for W32/Beagle.J and variants). These things were blowing
right past my system. I finally blocked zip files altogether until I've
had a chance to upgrade to the latest release. 

Maybe my expectations are too high, but this is inexcusable. I saw the
first virus of this type enter my system on Mon 03/01/04. It took
Computer Associates just about four days to release definitions that
would detect it. A sorry state of affairs.

====


 This is to notify you of the results of your submission, issue number
298013. 

With regards to the file "Mandy.zip" submitted by you on 04 Mar
18:21:00 (Australian Eastern Standard Time), we have added cure
instructions for Win32/Bagle.ZIP.Worm to the signature files for the
InoculateIT engine. 

The PkWare Zip Archive file "Mandy.zip" has been determined to be
malicious. The file has been identified as ZIP.Bagle worm. 

Aliases reported by other AV products are listed here: 
(Win32/Bagle.gen.zip) (W32/Bagle.h!pwdzip) (W32.Beagle.F at mm) 

CA antivirus products address this malware as follows:
------------------------------------------------------ 
eTrust Antivirus 6.x/v7 (Vet Engine) 
    Engine                Update version        Last Update           
    11.4.0                11.4.8187             04 Mar                

eTrust Antivirus 6.x/v7 (InoculateIT Engine) 
    Engine                Update version        Last Update           
    23.64.0               23.64.29              05 Mar                

Inoculan/InoculateIT 4.x 
    Engine                Update version        Last Update           
    46.0*                 46.29*                05 Mar                
    * Limited ability to cure infections, i.e. cleaning Windows
    registry. CA will be dropping support for this product, please read
    http://support.ca.com/techbases/ilnt/ino_drop.html 


This automated scanning service "Virtue" complements our regular
technical support service. It is not a replacement for it. If the
automatic responses you receive are incomplete or irrelevant to your
query, a technician will contact you. If you have further queries,
please submit them with reference number 298013 in "Plain Text" email
format to virus at ca.com. 
Users of Microsoft Outlook/Outlook Express can configure the outgoing
email format in the 
Tools|Options...|Send|Mail Sending Format... 
menu. To improve your security we recommend sending email in "Plain
Text" format only. . 

If you would like to comment on the quality of this automated service,
please send email to virtue.feedback at ca.com. 

eTrust Global Antivirus Research Team 
Computer Associates 

This is to notify you of the results of your submission, issue number
298013. 

With regards to the file "Mandy.zip" submitted by you on 04 Mar
18:21:00 (Australian Eastern Standard Time), we have added cure
instructions for Win32/Bagle.ZIP.Worm to the signature files for the
InoculateIT engine. 

The PkWare Zip Archive file "Mandy.zip" has been determined to be
malicious. The file has been identified as ZIP.Bagle worm. 

Aliases reported by other AV products are listed here: 
(Win32/Bagle.gen.zip) (W32/Bagle.h!pwdzip) (W32.Beagle.F at mm) 

CA antivirus products address this malware as follows:
------------------------------------------------------ 
eTrust Antivirus 6.x/v7 (Vet Engine) 
    Engine                Update version        Last Update           
    11.4.0                11.4.8187             04 Mar                

eTrust Antivirus 6.x/v7 (InoculateIT Engine) 
    Engine                Update version        Last Update           
    23.64.0               23.64.29              05 Mar                

Inoculan/InoculateIT 4.x 
    Engine                Update version        Last Update           
    46.0*                 46.29*                05 Mar                
    * Limited ability to cure infections, i.e. cleaning Windows
    registry. CA will be dropping support for this product, please read
    http://support.ca.com/techbases/ilnt/ino_drop.html 


This automated scanning service "Virtue" complements our regular
technical support service. It is not a replacement for it. If the
automatic responses you receive are incomplete or irrelevant to your
query, a technician will contact you. If you have further queries,
please submit them with reference number 298013 in "Plain Text" email
format to virus at ca.com. 
Users of Microsoft Outlook/Outlook Express can configure the outgoing
email format in the 
Tools|Options...|Send|Mail Sending Format... 
menu. To improve your security we recommend sending email in "Plain
Text" format only. . 

If you would like to comment on the quality of this automated service,
please send email to virtue.feedback at ca.com. 

eTrust Global Antivirus Research Team 
Computer Associates This is to notify you of the results of your
submission, issue number
298013. 

With regards to the file "Mandy.zip" submitted by you on 04 Mar
18:21:00 (Australian Eastern Standard Time), we have added cure
instructions for Win32/Bagle.ZIP.Worm to the signature files for the
InoculateIT engine. 

The PkWare Zip Archive file "Mandy.zip" has been determined to be
malicious. The file has been identified as ZIP.Bagle worm. 

Aliases reported by other AV products are listed here: 
(Win32/Bagle.gen.zip) (W32/Bagle.h!pwdzip) (W32.Beagle.F at mm) 

CA antivirus products address this malware as follows:
------------------------------------------------------ 
eTrust Antivirus 6.x/v7 (Vet Engine) 
    Engine                Update version        Last Update           
    11.4.0                11.4.8187             04 Mar                

eTrust Antivirus 6.x/v7 (InoculateIT Engine) 
    Engine                Update version        Last Update           
    23.64.0               23.64.29              05 Mar                

Inoculan/InoculateIT 4.x 
    Engine                Update version        Last Update           
    46.0*                 46.29*                05 Mar                
    * Limited ability to cure infections, i.e. cleaning Windows
    registry. CA will be dropping support for this product, please read
    http://support.ca.com/techbases/ilnt/ino_drop.html 


This automated scanning service "Virtue" complements our regular
technical support service. It is not a replacement for it. If the
automatic responses you receive are incomplete or irrelevant to your
query, a technician will contact you. If you have further queries,
please submit them with reference number 298013 in "Plain Text" email
format to virus at ca.com. 
Users of Microsoft Outlook/Outlook Express can configure the outgoing
email format in the 
Tools|Options...|Send|Mail Sending Format... 
menu. To improve your security we recommend sending email in "Plain
Text" format only. . 

If you would like to comment on the quality of this automated service,
please send email to virtue.feedback at ca.com. 

eTrust Global Antivirus Research Team 
Computer Associates 




More information about the MailScanner mailing list