eTrust - Lagging Virus Definitions

Rob sysadmin at FLEETONE.COM
Thu Mar 4 18:08:00 GMT 2004 

We moved away from CA long ago for the reasons you just ran into.  They
always seemed to be at least 1 step behind everyone else.

Rob

----- Original Message -----
From: "Nathan Johanson" <nathan at TCPNETWORKS.NET>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Thursday, March 04, 2004 12:05 PM
Subject: eTrust - Lagging Virus Definitions


Just a heads up for eTrust users... While this is indicative of other
AntiVirus vendors recently, they finally got around to releasing
definitions for W32/Beagle.J and variants). These things were blowing
right past my system. I finally blocked zip files altogether until I've
had a chance to upgrade to the latest release.

Maybe my expectations are too high, but this is inexcusable. I saw the
first virus of this type enter my system on Mon 03/01/04. It took
Computer Associates just about four days to release definitions that
would detect it. A sorry state of affairs.

====


 This is to notify you of the results of your submission, issue number
298013.

With regards to the file "Mandy.zip" submitted by you on 04 Mar
18:21:00 (Australian Eastern Standard Time), we have added cure
instructions for Win32/Bagle.ZIP.Worm to the signature files for the
InoculateIT engine.

The PkWare Zip Archive file "Mandy.zip" has been determined to be
malicious. The file has been identified as ZIP.Bagle worm.

Aliases reported by other AV products are listed here:
(Win32/Bagle.gen.zip) (W32/Bagle.h!pwdzip) (W32.Beagle.F at mm)

CA antivirus products address this malware as follows:
------------------------------------------------------
eTrust Antivirus 6.x/v7 (Vet Engine)
    Engine                Update version        Last Update
    11.4.0                11.4.8187             04 Mar

eTrust Antivirus 6.x/v7 (InoculateIT Engine)
    Engine                Update version        Last Update
    23.64.0               23.64.29              05 Mar

Inoculan/InoculateIT 4.x
    Engine                Update version        Last Update
    46.0*                 46.29*                05 Mar
    * Limited ability to cure infections, i.e. cleaning Windows
    registry. CA will be dropping support for this product, please read
    http://support.ca.com/techbases/ilnt/ino_drop.html


This automated scanning service "Virtue" complements our regular
technical support service. It is not a replacement for it. If the
automatic responses you receive are incomplete or irrelevant to your
query, a technician will contact you. If you have further queries,
please submit them with reference number 298013 in "Plain Text" email
format to virus at ca.com.
Users of Microsoft Outlook/Outlook Express can configure the outgoing
email format in the
Tools|Options...|Send|Mail Sending Format...
menu. To improve your security we recommend sending email in "Plain
Text" format only. .

If you would like to comment on the quality of this automated service,
please send email to virtue.feedback at ca.com.

eTrust Global Antivirus Research Team
Computer Associates

This is to notify you of the results of your submission, issue number
298013.

With regards to the file "Mandy.zip" submitted by you on 04 Mar
18:21:00 (Australian Eastern Standard Time), we have added cure
instructions for Win32/Bagle.ZIP.Worm to the signature files for the
InoculateIT engine.

The PkWare Zip Archive file "Mandy.zip" has been determined to be
malicious. The file has been identified as ZIP.Bagle worm.

Aliases reported by other AV products are listed here:
(Win32/Bagle.gen.zip) (W32/Bagle.h!pwdzip) (W32.Beagle.F at mm)

CA antivirus products address this malware as follows:
------------------------------------------------------
eTrust Antivirus 6.x/v7 (Vet Engine)
    Engine                Update version        Last Update
    11.4.0                11.4.8187             04 Mar

eTrust Antivirus 6.x/v7 (InoculateIT Engine)
    Engine                Update version        Last Update
    23.64.0               23.64.29              05 Mar

Inoculan/InoculateIT 4.x
    Engine                Update version        Last Update
    46.0*                 46.29*                05 Mar
    * Limited ability to cure infections, i.e. cleaning Windows
    registry. CA will be dropping support for this product, please read
    http://support.ca.com/techbases/ilnt/ino_drop.html


This automated scanning service "Virtue" complements our regular
technical support service. It is not a replacement for it. If the
automatic responses you receive are incomplete or irrelevant to your
query, a technician will contact you. If you have further queries,
please submit them with reference number 298013 in "Plain Text" email
format to virus at ca.com.
Users of Microsoft Outlook/Outlook Express can configure the outgoing
email format in the
Tools|Options...|Send|Mail Sending Format...
menu. To improve your security we recommend sending email in "Plain
Text" format only. .

If you would like to comment on the quality of this automated service,
please send email to virtue.feedback at ca.com.

eTrust Global Antivirus Research Team
Computer Associates This is to notify you of the results of your
submission, issue number
298013.

With regards to the file "Mandy.zip" submitted by you on 04 Mar
18:21:00 (Australian Eastern Standard Time), we have added cure
instructions for Win32/Bagle.ZIP.Worm to the signature files for the
InoculateIT engine.

The PkWare Zip Archive file "Mandy.zip" has been determined to be
malicious. The file has been identified as ZIP.Bagle worm.

Aliases reported by other AV products are listed here:
(Win32/Bagle.gen.zip) (W32/Bagle.h!pwdzip) (W32.Beagle.F at mm)

CA antivirus products address this malware as follows:
------------------------------------------------------
eTrust Antivirus 6.x/v7 (Vet Engine)
    Engine                Update version        Last Update
    11.4.0                11.4.8187             04 Mar

eTrust Antivirus 6.x/v7 (InoculateIT Engine)
    Engine                Update version        Last Update
    23.64.0               23.64.29              05 Mar

Inoculan/InoculateIT 4.x
    Engine                Update version        Last Update
    46.0*                 46.29*                05 Mar
    * Limited ability to cure infections, i.e. cleaning Windows
    registry. CA will be dropping support for this product, please read
    http://support.ca.com/techbases/ilnt/ino_drop.html


This automated scanning service "Virtue" complements our regular
technical support service. It is not a replacement for it. If the
automatic responses you receive are incomplete or irrelevant to your
query, a technician will contact you. If you have further queries,
please submit them with reference number 298013 in "Plain Text" email
format to virus at ca.com.
Users of Microsoft Outlook/Outlook Express can configure the outgoing
email format in the
Tools|Options...|Send|Mail Sending Format...
menu. To improve your security we recommend sending email in "Plain
Text" format only. .

If you would like to comment on the quality of this automated service,
please send email to virtue.feedback at ca.com.

eTrust Global Antivirus Research Team
Computer Associates

More information about the MailScanner mailing list