Security Incidents mailing list archives
Re: wmon16.exe
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 11 May 2004 12:20:20 +1200
"Willem Tahon" <tahon () un org> wrote:
Also keep in mind that some of the AV developers require specific handling of viruses (e.g. password-protected zipping) before sending them.
Indeed, which is why the McAfee entry appears as follows:
Network Associates (McAfee) <virus_research () nai com> (use a ZIP file with the password 'infected' without the quotes)
Some of the others may _prefer_ you to do similar or recommend you to do so to prevent the attachment being stripped by virus-scanning gateways between the sender and recipient (though these days, zealous content-filtering gateways will consider passworded ZIPs suitably dubious to be stripped anyway), but AFAIK only McAfee "requires" this (and even then they will accept non-ZIP'ed samples but weird things can happen due to stuffed-up internal message routing resulting in them sending you back a malicious file along with a message suggesting there is nothing wrong with it). Regards, Nick FitzGerald --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- wmon16.exe Jason High (May 10)
- Re: wmon16.exe Peter Kosinar (May 10)
- Re: wmon16.exe Harlan Carvey (May 10)
- Re: wmon16.exe KUIJPERS Jimmy (May 10)
- Re: wmon16.exe Nick FitzGerald (May 10)
- RE: wmon16.exe Ken Dunham (May 11)
- <Possible follow-ups>
- RE: wmon16.exe Meidinger Chris (May 10)
- RE: wmon16.exe Levinson, Karl (May 10)
- RE: wmon16.exe lsi (May 11)
- Re: wmon16.exe Willem Tahon (May 11)
- Re: wmon16.exe Nick FitzGerald (May 11)
- RE: wmon16.exe lsi (May 11)
- Re: wmon16.exe Willem Tahon (May 11)