I don't know if this is relevant for Trend but I know it is an issue with some programs This is from Clearswift. Cheers Dan Dear Subscriber, Over the weekend variants D, E, F, G and H of the W32/Mimail mass mailing worm were identiifed in the wild, but did not generally spread in significant numbers. These variants are of particular interest to MAILsweeper for SMTP users due to malformation of the zip file attachments. We have seen samples of the zip files (all called readnow.zip and containing readnow.doc.scr) that are deliberately malformed and may be classified as binary by MAILsweeper. We advise any customers who are not already doing so to block the attachments with a File Detector scenario, using the explicit masks "photos.zip" and "readnow.zip". Work is under way to provide a patch to enable correct decomposition of similarly malformed zip files and customers will be advised of availability in due course. Pete Simpson ThreatLab Manager -----Original Message----- From: Greg Reese [mailto:GReese@xxxxxxxxxxxxxxxx] Sent: Wednesday, November 05, 2003 4:46 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Odd Email yeah it looks like the mimail but it really bothers me that my AV did not catch it. My users are dumb enough to open it right up to see what it is. Greg -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Daniel Ensor Sent: Wednesday, November 05, 2003 11:26 AM To: 'windows2000@xxxxxxxxxxxxx' Subject: [windows2000] Re: Odd Email Greg I think that's Minmail F the new variant? But I could be wrong. Cheers Dan -----Original Message----- From: Greg Reese [mailto:GReese@xxxxxxxxxxxxxxxx] Sent: Wednesday, November 05, 2003 4:11 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Odd Email I got an email this morning that has all the markings of a virus. I don't know the person, the story sounds fishy and the attachment is a zip file containing an exe. Several other identical messages from different senders have been kicked to me from exchange as delivery failures for users that no longer exist here. Anyway, the email made it through my Trend ScanMail which updates every hour. I double checked and I am up to date. Trend does not see this as a virus. Yet. Anyone else seen any goofy emails with a file attached called MyMovies.zip? Greg ******************************************************** This Weeks Sponsor Pearl Software Internet Monitoring, Filtering, and Control Solutions Enabling User & Group Level Oversight & Access Policies Fully Functional in a Thick or Thin Client Environment http://www.pearlsw.com ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm Visit the new FDL web - site designed to serve you better - http://www.fdl.co.uk This message has been sent from Fuerst Day Lawson Ltd and confirms that the email has been scanned and to the best of our knowledge is free from virus infection. The unauthorised use, disclosure, forwarding or copying of this message and any attachments is strictly prohibited. If you have received this message in error, please email moderator@xxxxxxxxx This message and any attachments, which are confidential and may be privileged, are for the use of the addressee(s) only. The views and opinions expressed in this email message are the author's own and may not reflect the views and opinions of Fuerst Day Lawson Ltd. ******************************************************** This Weeks Sponsor Pearl Software Internet Monitoring, Filtering, and Control Solutions Enabling User & Group Level Oversight & Access Policies Fully Functional in a Thick or Thin Client Environment http://www.pearlsw.com ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor Pearl Software Internet Monitoring, Filtering, and Control Solutions Enabling User & Group Level Oversight & Access Policies Fully Functional in a Thick or Thin Client Environment http://www.pearlsw.com ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm Visit the new FDL web - site designed to serve you better - http://www.fdl.co.uk This message has been sent from Fuerst Day Lawson Ltd and confirms that the email has been scanned and to the best of our knowledge is free from virus infection. The unauthorised use, disclosure, forwarding or copying of this message and any attachments is strictly prohibited. If you have received this message in error, please email moderator@xxxxxxxxx This message and any attachments, which are confidential and may be privileged, are for the use of the addressee(s) only. The views and opinions expressed in this email message are the author's own and may not reflect the views and opinions of Fuerst Day Lawson Ltd. ******************************************************** This Weeks Sponsor Pearl Software Internet Monitoring, Filtering, and Control Solutions Enabling User & Group Level Oversight & Access Policies Fully Functional in a Thick or Thin Client Environment http://www.pearlsw.com ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm