-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is another kind of protection (and I used it sucesfully in my network for last few months). Just set NORMAL.DOT read only attribute. When exiting Word user will be warned with message "unable to save modified Normal.dot" - he/she then comes to support, and then we know that we have problem. Of course - normal.dot is placed in user's profile. This is pretty simple kind of protection against macro-viruses in Word. Bronek Kozicki - -------------------------------------------------- ICQ UID: 25404796 PGP KeyID: 0x4A30FA9A 07EE 10E6 978C 6B33 5208 094E BD61 9067 4A30 FA9A - -----Original Message----- From: Bugtraq List [mailto:BUGTRAQat_private]On Behalf Of Brett Glass Sent: poniedziałek, 29 marca 1999 06:18 To: BUGTRAQat_private Subject: Re: Melissa Macro Virus No. This key would only prevent the 50-message burst of e-mail. However, the user's NORMAL.DOT template would still be infected. So would every document he or she opened or created. And the moment one of those documents hit a machine without the key that had Outlook running.... Blammo! Another salvo of messages. - --Brett At 12:25 PM 3/27/99 +0000, Matthew Kirkwood wrote: >On Fri, 26 Mar 1999, Nate Lawson wrote: > >> 2. See if machine is already infected >> Check HKCU\Software\Microsoft\Office\Melissa? for the string "... by >> Kwyjibo" > >Surely just adding this key would provide effective safety? (Until >modified versions hit the streets, anyway - ain't "open source" great >:) > >Matthew. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2i iQA/AwUBNwCxGr1hkGdKMPqaEQJBQQCg587thcxdR8CjaIxbo8UCayaN8EwAn3br 5s8HsoKmXblkIaaRd1+TBbm0 =9CNL -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:01 PDT