[Dshield] FW: virus found in sent message "illegal..."
areust at comcast.net
Wed Mar 10 04:11:46 GMT 2004
This is interesting, I apologize in that I should have stated that this
particular machine was running Symantec Corporate 8.1 AV
It means that I should check to see if NSW 2003 will detect the same problem.
At 01:41 PM 3/9/2004 -0500, you wrote:
>I can't remember ever getting an alert from NAV 2003 while browsing in IE
>6/5, but then I'm the zealot with his ActiveX/Java and a bunch of other
>stuff turned off. Now while doing weekly scans, I've found & cleaned
>things in the cache that never got rendered by the browser.
>One would think that NAV stands between the incoming data & IE, therefore
>should be able to deny access to the file & remove it. Biggest surprise
>years ago was when a sample of the1st IE exploit changed files on my
>system & NAV at the time never raised any flags. Ever since then I've been
>using dumbed down IE settings & custom security zones.
>Emptying the cache is good & bad: Good in that there aren't a huge number
>of little files to be scanned. Bad in that if a site gave you an infected
>file, you wouldn't know at all. When scanning from a boot CD, I always
>clear the cache of suffer the potential hours of scanning temp Internet
>files w/ HDD caching.
>Won't be trying NAV 2004 w/ it's activation nightmares here, almost not
>even using 2003 after it crapped out a week before my subscription was to
>expire and taking my network stack with it (symtdi) doing an uninstall.
>At 09:32 AM 3/9/2004, Peter Stendahl-Juvonen wrote:
>>Should the Auto-Protect feature of the antivirus SW not be able to
>>delete the contaminated temporary Internet file as soon as the user
>>closes the browser?
>>At least that is how NAV2004 behaves when it detects and identifies the
>>threat as W32.Sobig.F at mm.enc.
>>[File located at C:\Documents and Settings\UserName\Local
>>Settings\Temporary Internet Files\Content.IE5\G5ABKTY7\msg00002.htm.
>>Should be no problem deleting that file, should there?]
>>Nevertheless, I second your recommendation about cleaning the Internet
>>cache and scanning the system for viruses post festum.
>>Yet the system should be clean as soon as the antivirus SW's
>>Auto-Protect feature is able to delete the infected temporary Internet
>>file, i.e. when user exits the browser (unloads IE from RAM).
>warpmedia at comcast.net
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see:
More information about the list