[ngw] regarding the current virus

Charles Solomon csolomon at aldridge-borden.com
Mon Jun 26 20:30:13 UTC 2000


Mike,
      Try adding a block of some arbitrary file type just to use as a test.  That way you can know for sure whether the *.vbs's are being blocked due to the entry in the VIRTHIRD.BAT file or the built in VBS blocker in Guinevere 1.0.13b and later.
Also, I would check the names of the "test.shs" and "test.txt.shs" files from a dos prompt, because if you have not unchecked the "hide extensions for known file types" in windows, you can actually end up with a file that appears to be named "test.txt.shs" in windows, but in fact it is named something like "test.txt.shs.txt."  ― Confusing as can be, but it does happen.

Let us know how it goes, as I am very interested in this problem.

Charles
>>> "Al Bray" <Al.Bray at usdwp.msu.edu> 2:20:16 PM >>>
After a certain version of Guinevere (1.0.13b), VBS file extension blocking was built into Guinevere itself and didn't even need to be added to the VIRTHIRD.BAT file.  In fact, doing so in our environment resulted in two messages to the administrator for each VBS file blocked.

I emailed Micheal Bell about this and he said it was intentional due to the recent outbreak of .VBS file extension viruses.

So that may explain part of what you are seeing.

- Al

==================================
Al Bray
Systems Analyst
University Services Division
Michigan State University
Phone: (517) 355-0357  Ext. 161
Email: bray at msu.edu 
==================================


>>> Mherzli at nabi.com 06/21/00 11:34AM >>>
I'll double check the configuration, but what is really confusing is that vbs attachments are being blocked (I retested vbs blocking this morning) so the problem must be somewhere else.  I've checked the syntax several times over and I don't see anything wrong.  Is it possible guinevere is not using the virthrd.bat file in the guin folder?  I shouldn't have to reboot the workstation.  

I did update my virus patterns so I should have protection from that front, but I prefer to block all attachments to handle new variations of the virus.

Mike




---------------------------------------------------------------------
Visit http://www.ngwlist.com for help with the list.
Brought to you by the letter N, the letter G and the letter W!





More information about the ngw mailing list