<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body>
Jan Elmqvist Nielsen wrote:<br>
<blockquote cite="mids0450b0a.069@ahpost.ah.dk" type="cite">
<pre wrap="">Hi
I have seen 1.
Kaspersky:
/var/spool/MailScanner/incoming/23295/i22K6AC28320/AttachedDocument.zip/ycfgeutj.scr
infected: I-Worm.Bagle.h
in the mail is writing this:
You have won!!!
password -- 01251
I am also running f-prot, it dosn't catch it.
</pre>
</blockquote>
F-Port haven't officially recognised it (Or not according to their
website) so there isn't a definition yet. I've just installed Clam
also, any one know how to check if that's got it covered yet?<br>
<blockquote cite="mids0450b0a.069@ahpost.ah.dk" type="cite">
<pre wrap="">I don't know how kaspersky detect it in the password protected zip fil.
But it does :-)
Last kaspersky update from 19.01
/Jan Elmqvist Nielsen
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap=""><a class="moz-txt-link-abbreviated" href="mailto:marco@MUW.EDU">marco@MUW.EDU</a> 02-03-04 18:12 >>>
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap=""><!---->I can confirm that Bagle-I worm did make it through our MS gateways. I
am
running both Sophos and Command AV (up-to-date) and both let it slip
through.
We are running MS 4.26.8-1 and will upgrade to the latest one soon, if
it
helps. Meanwhile, I have blocked zip files temporarily.
Quoting Derek Winkler <a class="moz-txt-link-rfc2396E" href="mailto:dwinkler@ALGORITHMICS.COM"><dwinkler@ALGORITHMICS.COM></a>:
</pre>
<blockquote type="cite">
<pre wrap="">For Bagle-H Sophos included this note:
"W32/Bagle-H sends itself as a password protected ZIP file that is not
detected by this identity. However, when unzipped by the user the worm
</pre>
</blockquote>
<pre wrap=""><!---->will
</pre>
<blockquote type="cite">
<pre wrap="">be detected by Sophos Anti-Virus at the user's desktop."
May be true of Bagle-I since it also uses password protected ZIP files
</pre>
</blockquote>
<pre wrap=""><!---->as
</pre>
<blockquote type="cite">
<pre wrap="">well, although they didn't specifically say.
</pre>
</blockquote>
</blockquote>
</body>
<br />--
<br />In line with our <a href="http://www.themarshalls.co.uk/policy">policy</a>, this message has been scanned for
<br />viruses and dangerous content by
<a href="http://www.mailscanner.info/">MailScanner</a>, and is
<br />believed to be clean.
</html>