Good question. I just sent email to NAI to request an
updated DAT for Virex that would detect & clean this virus.
Will post if I hear back from them.
-Pat
-----------
Greg Paschall <gregp@ssl.berkeley.edu> writes:
> Does anybody have any idea when/if this will protection will be
> wrapped into a Virex update? I have a Mac user that received the
> virus from campus in a Word attachment and opened it before she saw
> the retraction. We downloaded the latest (6/1) Virex update and
> scanned her machine, and it came up clean. Today, she sent out a new
> Word document to our entire department, and the LBL scanner tells us
> it was infected with this dumb W97M_EIGHT941.D macro virus.
>
> Thanks,
>
> Greg Paschall -- gregp@ssl.berkeley.edu
>
>
> At 6:44 PM -0700 5/31/00, Jason Jed wrote:
> >The 4080 definitions made available on the NAI website today (5/31) and
> >through autoupdate will protect against the newest W97M/Eight variant. Note
> >that VirusScan must be running at least scan engine version 4.0.25 for these
> >definitions to be effective. You can update the scan engine by installing
> >the current SuperDat available from NAI (this will also update the virus
> >definitions to 4080)
> >http://www.nai.com/asp_set/download/dats/superdat.asp
> >
> >Thanks to Pat McPeak and Karin Hansen for helping to resolve this issue!
> >
> >- Jason
> >
> >
> >> -----Original Message-----
> >> From: owner-micronet-list@uclink4.berkeley.edu
> >> [mailto:owner-micronet-list@uclink4.berkeley.edu]On Behalf Of Pat McPeak
> >> Sent: Wednesday, May 31, 2000 8:56 AM
> >> To: micronet-list@uclink.berkeley.edu
> >> Subject: [Micronet] EIGHT941.D Word macro virus
> >>
> >>
> >> People here recently created a word document which was
> >> subsequently distributed to several other people, including
> >> a few at LBL. The viruswall at lbl.gov detected the
> > > W97M_EIGHT941.D macro virus in the document.
> >>
> >> We are running up-to-date VirusScan 4.5 (w/engine 4.0.70, virus
> >> definitions 4079) on our Windows machines and Virex 6.1
> >> (w/virus definitions dated June 1, 2000 (go figure)) on the
> >> Macs. Neither is detecting this virus, though the NAI website
> >> suggests the original version of the virus was first seen last
> >> October & that VirusScan w/4047 virus definitions and 4.0.25
> >> scan engine could detect it.
> >>
> >> In communication with the LBL folks, they indicated that this
> >> variant is fairly new, and they provided a URL for another site
> >> which describes the virus somewhat differently than the NAI site
> >> <http://www.antivirus.com/vinfo/virusencyclo/default5.aps5>,
> >> search on EIGHT941.
> >>
> >> Anyone able to provide enlightenment on this matter?
> >> And who is the campus liaison with NAI?
> >>
> >> -Pat
> >>
> >> Pat McPeak
> >> Computer Support pmcpeak@coe.berkeley.edu
> >> Dean's Office, College of Engineering 510-643-6966 (voice)
> >> University of California, Berkeley 510-642-9178 (fax)
> >>
> >> ------------------------------------------------------------------------
> >> The following was automatically added to this message by the list server:
> >>
> >> For information about Micronet, its meetings and events, and its
> >> mailing list, including information on subscribing and unsubscribing,
> >> see the Micronet Web site at <URL:http://wss-www.berkeley.edu/micronet/>.
> >>
> >
> >
> >------------------------------------------------------------------------
> >The following was automatically added to this message by the list server:
> >
> >For information about Micronet, its meetings and events, and its
> >mailing list, including information on subscribing and unsubscribing,
> >see the Micronet Web site at <URL:http://wss-www.berkeley.edu/micronet/>.
>
> --
>
> --------
> Greg Paschall -- gregp@ssl.berkeley.edu
> Programmer/Analyst
> Space Sciences Lab - University of California at Berkeley
> Room 230 -- (510) 643-6907
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <URL:http://mac.berkeley.edu/help/magnet/>.
This archive was generated by hypermail 2b29 : Mon Jun 05 2000 - 12:53:14 PDT