[Avcheck] AVP and I-Worm.Nimda
Piotr Klaban
poczta@klaban.torun.pl
Wed, 10 Oct 2001 09:51:40 +0200
On Tue, Oct 09, 2001 at 08:21:12PM -0600, Robert Dalton wrote:
> I-Worm.Nimda with Avpdaemon or kavdaemon ?
>
> It seems a little odd that I haven't seen a single instance of
> this worm blocked. Im just curious if for some reason
> that kavdaemon isn't blocking this correctly ?
I filter out some Nimda files with X-Unsent: 1 header check, and 'name="readme.exe"'
but I have downloaded such a readme.exe one time, and checked it with
kavscanner and Nimda worm has been detected.
--
Piotr Klaban