[Avcheck] AVP and I-Worm.Nimda

Piotr Klaban poczta@klaban.torun.pl
Wed, 10 Oct 2001 09:51:40 +0200


On Tue, Oct 09, 2001 at 08:21:12PM -0600, Robert Dalton wrote:
> I-Worm.Nimda with Avpdaemon or kavdaemon ?
> 
> It seems a little odd that I haven't seen a single instance of
> this worm blocked. Im just curious if for some reason
> that kavdaemon isn't blocking this correctly ?

I filter out some Nimda files with X-Unsent: 1 header check, and 'name="readme.exe"'
but I have downloaded such a readme.exe one time, and checked it with
kavscanner and Nimda worm has been detected.

-- 
Piotr Klaban