Re: FW: [Declude.Virus] can we block by attachment file name
Venkateswarlu, You need a current service agreement and the latest beta, 1.79 in order to block password protected zip files. The beta can be downloaded from the Declude Virus manual page: http://www.declude.com/virus/manual.htm See this post for more information on how to block password protected zip files according to what version of Declude Virus you have: http://www.mail-archive.com/[EMAIL PROTECTED]/msg10090.html You can't detect a virus in a password protected zip if it is randomly encoded because your virus scanner doesn't know how to take it apart to scan it. You can however see what types of files lie within such a file and depending on your version, you can either ban all of them, or just ban the ones that contain files with one of your banned extensions in it. Matt Venkateswarlu Swarna wrote: Hi Guys, Please through some light on this. Thanks regards Venkateswarlu Swarna Systems Engineer Intelligroup Asia pvt. Ltd. Hyderabad - 500063 Tel: +91-040-23297487 Cell: +91-09440310410 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Venkateswarlu Swarna Sent: Tuesday, July 27, 2004 10:56 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] can we block by attachment file name Hi All, Can we block mails by attachment file names in declude v1.75 standard? We are already blocking by attachment file type it is working fine. We are allowing zip files, we are getting lot of virus attachments in zip file formats with password protected. Please help me to block these virus attachments. Thanks regards Venkateswarlu Swarna Systems Engineer Intelligroup Asia pvt. Ltd. Hyderabad - 500063 Tel: +91-040-23297487 Cell: +91-09440310410 --- [This E-mail scanned for viruses by Declude Anti-Virus Tool] -DISCLAIMER This Message and any attachments (the message) is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its Purpose, any dissemination or disclosure, either whole or partial, is Prohibited except formal approval. The internet cannot guarantee the integrity of this message. BSNL shall (will) not therefore be liable for the message if modified. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Anti-Virus Tool1] --- [This E-mail scanned for viruses by Declude Anti-Virus Tool] --- [This E-mail scanned for viruses by Declude Anti-Virus Tool] -DISCLAIMER This Message and any attachments (the message) is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its Purpose, any dissemination or disclosure, either whole or partial, is Prohibited except formal approval. The internet cannot guarantee the integrity of this message. BSNL shall (will) not therefore be liable for the message if modified. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] OT: Hello?
Title: OT: Hello? I haven't rec'd anything from either of these lists today? Sharyn
RE: [Declude.Virus] OT: Hello?
Title: OT: Hello? There have been a few posts. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharyn Schmidt Sent: Thursday, July 29, 2004 9:58 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.Virus] OT: Hello? I haven't rec'd anything from either of these lists today? Sharyn
RE: [Declude.Virus] OT: Hello?
Title: OT: Hello? Hi Sharyn. I haven't seen anything today either, maybe everyone in the north-east is out looking at that strange yellow object in the sky (the sun) and trying to dry out. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Sharyn SchmidtSent: Thursday, July 29, 2004 12:58 PMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: [Declude.Virus] OT: Hello? I haven't rec'd anything from either of these lists today? Sharyn
RE: [Declude.Virus] OT: Hello?
Title: OT: Hello? Also, don't forget a temperature above 70.. Maybe even 80 by now.. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc CatuognoSent: Thursday, July 29, 2004 1:37 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.Virus] OT: Hello? Hi Sharyn. I haven't seen anything today either, maybe everyone in the north-east is out looking at that strange yellow object in the sky (the sun) and trying to dry out. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Sharyn SchmidtSent: Thursday, July 29, 2004 12:58 PMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: [Declude.Virus] OT: Hello? I haven't rec'd anything from either of these lists today? Sharyn
Re[2]: [Declude.Virus] OT: Hello?
On Thursday, July 29, 2004, 1:36:45 PM, Marc wrote: MC Hi Sharyn. MC MC I haven't seen anything today either, maybe everyone in the MC north-east is out looking at that strange yellow object in the sky MC (the sun) and trying to dry out. That's not the sun. It's a hologram projected overhead by ILM and the sound crew that faked the Apollo missions to prevent us from freaking while the government negotiates with the aliens who scooped us up while we were sleeping... you'll see... %^b (sorry, couldn't resist) _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.Virus] OT: Hello?
Only a mad scientist would come up with that. ;) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, July 29, 2004 11:03 AM To: Marc Catuogno Subject: Re[2]: [Declude.Virus] OT: Hello? On Thursday, July 29, 2004, 1:36:45 PM, Marc wrote: MC Hi Sharyn. MC MC I haven't seen anything today either, maybe everyone in the MC north-east is out looking at that strange yellow object in the sky MC (the sun) and trying to dry out. That's not the sun. It's a hologram projected overhead by ILM and the sound crew that faked the Apollo missions to prevent us from freaking while the government negotiates with the aliens who scooped us up while we were sleeping... you'll see... %^b (sorry, couldn't resist) _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] 'Space Gap' in StarOffice mailer?
I found a false positive blocked message that failed a vulnerability detected in a message with the following X-Mailer: X-Mailer: Mozilla/3.0 (compatible; StarOffice/5.2;Linux) Is there a known problem in this version of StarOffice? If so, is there a version that I could recommend upgrading to that would fix the issue? Now that there is invalid file detection as a vulnerability, I'm concerned about turning this stuff off. Are file vulnerabilities tied to the same switch for vulnerability detection? Currently there is enough variability in my customer base that vulnerabilities are creating regular issues that require attention, and I'm sure that I'm not nearly catching them all. Better granularity would be appreciated and is often requested, but I know better than to expect that tomorrow. Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] viruses getting through
I just installed the latest f-prot last night and some viruses are getting through now. I ran the eicarzip test at declude and I received the attachment. This is a test message that was sent to you because you (or someone you know) visited our page at http://www.declude.com/tools . Declude 1.79i16 Imail 8.05 SCANFILEC:\Progra~1\FSI\F-Prot\fpcmd.exe /ARCHIVE=5 /NOBO /NOME /AR /DU /P /C /AU /DEL /AP /REPORT=report.txt How can I tell which version the fpcmd is? I want to make sure it updated. It is dated 6/25/04 Any ideas on what is wrong with my config? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] viruses getting through
Here is a list of viruses that norton has stopped but f-prot has not stopped. ,Threat category: VirusSource: EICAR.COM,Description: The email attachment EICAR.COM within eicar.zip is infected with the EICAR Test String virus. ,Threat category: VirusSource: [EMAIL PROTECTED],Description: The email attachment [EMAIL PROTECTED] within Unknown.data is infected with the [EMAIL PROTECTED] virus. ,Threat category: VirusSource: letter.zip,Description: The email attachment letter.zip within Unknown.data is infected with the [EMAIL PROTECTED] virus. ,Threat category: VirusSource: letter.zip,Description: The email attachment letter.zip within Unknown.data is infected with the [EMAIL PROTECTED] virus. ,Threat category: VirusSource: [EMAIL PROTECTED],Description: The email attachment [EMAIL PROTECTED] within Unknown.data is infected with the [EMAIL PROTECTED] virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Danny K Sent: Thursday, July 29, 2004 2:54 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] viruses getting through I just installed the latest f-prot last night and some viruses are getting through now. I ran the eicarzip test at declude and I received the attachment. This is a test message that was sent to you because you (or someone you know) visited our page at http://www.declude.com/tools . Declude 1.79i16 Imail 8.05 SCANFILEC:\Progra~1\FSI\F-Prot\fpcmd.exe /ARCHIVE=5 /NOBO /NOME /AR /DU /P /C /AU /DEL /AP /REPORT=report.txt How can I tell which version the fpcmd is? I want to make sure it updated. It is dated 6/25/04 Any ideas on what is wrong with my config? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] viruses getting through
I just installed the latest f-prot last night and some viruses are getting through now. I'm not surprised: SCANFILEC:\Progra~1\FSI\F-Prot\fpcmd.exe /ARCHIVE=5 /NOBO /NOME /AR /DU /P /C /AU /DEL /AP /REPORT=report.txt I don't believe those are valid options for F-Prot -- it looks like they were all abbreviated. You should use the line from the manual. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] 'Space Gap' in StarOffice mailer?
I found a false positive blocked message that failed a vulnerability detected in a message with the following X-Mailer: X-Mailer: Mozilla/3.0 (compatible; StarOffice/5.2;Linux) Is there a known problem in this version of StarOffice? If so, is there a version that I could recommend upgrading to that would fix the issue? Which vulnerability was detected? Typically the vulnerabilities are added for unusual reasons (the subject happens to be the wrong length, the user cuts-and-pastes information, etc.), so it may not even be known that a mail client is vulnerable until it sends out an E-mail with a vulnerability. Now that there is invalid file detection as a vulnerability, I'm concerned about turning this stuff off. Are file vulnerabilities tied to the same switch for vulnerability detection? Yes. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] 'Space Gap' in StarOffice mailer?
R. Scott Perry wrote: I found a false positive blocked message that failed a vulnerability detected in a message with the following X-Mailer: X-Mailer: Mozilla/3.0 (compatible; StarOffice/5.2;Linux) Is there a known problem in this version of StarOffice? If so, is there a version that I could recommend upgrading to that would fix the issue? Which vulnerability was detected? Typically the vulnerabilities are added for unusual reasons (the subject happens to be the wrong length, the user cuts-and-pastes information, etc.), so it may not even be known that a mail client is vulnerable until it sends out an E-mail with a vulnerability. 'Space Gap' was the issue. I assume that this is related to how the addresses are listed in this E-mail client. I can shoot you the headers if you wish. Now that there is invalid file detection as a vulnerability, I'm concerned about turning this stuff off. Are file vulnerabilities tied to the same switch for vulnerability detection? Yes. That's very unfortunate. Please consider the ability to at least turn these off and on seperate from the other vulnerabilities. Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] 'Space Gap' in StarOffice mailer?
I found a false positive blocked message that failed a vulnerability detected in a message with the following X-Mailer: X-Mailer: Mozilla/3.0 (compatible; StarOffice/5.2;Linux) Is there a known problem in this version of StarOffice? If so, is there a version that I could recommend upgrading to that would fix the issue? Which vulnerability was detected? Typically the vulnerabilities are added for unusual reasons (the subject happens to be the wrong length, the user cuts-and-pastes information, etc.), so it may not even be known that a mail client is vulnerable until it sends out an E-mail with a vulnerability. 'Space Gap' was the issue. I assume that this is related to how the addresses are listed in this E-mail client. I can shoot you the headers if you wish. If you could send the headers, that would be helpful. It most likely is due to a version of Mozilla that isn't RFC-compliant, but by checking the headers I can let you know for certain. Now that there is invalid file detection as a vulnerability, I'm concerned about turning this stuff off. Are file vulnerabilities tied to the same switch for vulnerability detection? Yes. That's very unfortunate. Please consider the ability to at least turn these off and on seperate from the other vulnerabilities. It's something that we are considering. I personally don't like the idea, but if the boss wants it, it'll happen. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] 'Space Gap' in StarOffice mailer?
Note that the headers really indicate StarOffice. I'm pretty sure that it isn't Mozilla based. The X-Mailer identifier is done the same way that browsers identify themselves, and even IE identifies itself as Mozilla which became a defacto standard for browser compatibility checks. Besides, there is no open source Mozilla 3.0. I'll send the full source in a follow-up off list. Barry will earn big points from me if he forces you to change the way Declude handles granularity in vulnerability checks :) Thanks, Matt R. Scott Perry wrote: I found a false positive blocked message that failed a vulnerability detected in a message with the following X-Mailer: X-Mailer: Mozilla/3.0 (compatible; StarOffice/5.2;Linux) Is there a known problem in this version of StarOffice? If so, is there a version that I could recommend upgrading to that would fix the issue? Which vulnerability was detected? Typically the vulnerabilities are added for unusual reasons (the subject happens to be the wrong length, the user cuts-and-pastes information, etc.), so it may not even be known that a mail client is vulnerable until it sends out an E-mail with a vulnerability. 'Space Gap' was the issue. I assume that this is related to how the addresses are listed in this E-mail client. I can shoot you the headers if you wish. If you could send the headers, that would be helpful. It most likely is due to a version of Mozilla that isn't RFC-compliant, but by checking the headers I can let you know for certain. Now that there is invalid file detection as a vulnerability, I'm concerned about turning this stuff off. Are file vulnerabilities tied to the same switch for vulnerability detection? Yes. That's very unfortunate. Please consider the ability to at least turn these off and on seperate from the other vulnerabilities. It's something that we are considering. I personally don't like the idea, but if the boss wants it, it'll happen. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.