[Dshield] FW: virus found in sent message "illegal..."

warpmedia warpmedia at comcast.net
Tue Mar 9 18:41:52 GMT 2004


I can't remember ever getting an alert  from NAV 2003 while browsing in IE 
6/5, but then I'm the zealot with his ActiveX/Java and a bunch of other 
stuff turned off. Now while doing weekly scans, I've found & cleaned things 
in the cache that never got rendered by the browser.

One would think that NAV stands between the incoming data & IE, therefore 
should be able to deny access to the file & remove it. Biggest surprise 
years ago was when a sample of the1st IE exploit changed files on my system 
& NAV at the time never raised any flags. Ever since then I've been using 
dumbed down IE settings & custom security zones.

Emptying the cache is good & bad: Good in that there aren't a huge number 
of little files to be scanned. Bad in that if a site gave you an infected 
file, you wouldn't know at all. When scanning from a boot CD, I always 
clear the cache of suffer the potential hours of scanning temp Internet 
files w/ HDD caching.

Won't be trying NAV 2004 w/ it's activation nightmares here, almost not 
even using 2003 after it crapped out a week before my subscription was to 
expire and taking my network stack with it (symtdi) doing an uninstall.

At 09:32 AM 3/9/2004, Peter Stendahl-Juvonen wrote:

>Should the Auto-Protect feature of the antivirus SW not be able to
>delete the contaminated temporary Internet file as soon as the user
>closes the browser?
>
>At least that is how NAV2004 behaves when it detects and identifies the
>threat as W32.Sobig.F at mm.enc.
>
>[File located at C:\Documents and Settings\UserName\Local
>Settings\Temporary Internet Files\Content.IE5\G5ABKTY7\msg00002[1].htm.
>Should be no problem deleting that file, should there?]
>
>Nevertheless, I second your recommendation about cleaning the Internet
>cache and scanning the system for viruses post festum.
>
>Yet the system should be clean as soon as the antivirus SW's
>Auto-Protect feature is able to delete the infected temporary Internet
>file, i.e. when user exits the browser (unloads IE from RAM).

Joshua MacCraw
warpmedia at comcast.net
http://mywebpages.comcast.net/jmaccraw 




More information about the list mailing list