RE: [Declude.Virus] GDI false Postive
Is there a way for Declude to stop checking for the GDI Vulnerability and rely on F-Prot? I went to 1.8 and we found that MANY JPG photos were being caught as false positives. Mark Smith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Lines in the virus.cfg file
Title: Lines in the virus.cfg file I was looking through my virus.cfg and I noticed the following: # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG Should I now allow declude to scan jpg and gif files or is this totally different than the new jpeg vulnerability? Thanks, Sharyn
RE: [Declude.Virus] GDI false Postive
Can we advise anyone sending pictures from a MAC to zip them? Change the extension? Would either solution bypass the scanning? Changing the extension or zipping them would bypass the scanning. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] JPEG Vulnerability
Ok, maybe it's just me but something seems funky. Given that 99% of the jpg's will go through no problem and the other 1% will be caught, that means the 1% are unique in some way, shape or form. They are detectable which declude virus does and other virus packages do if you scan all files. In being unique, it was created or saved differently then other jpg's. What seems funky is that an update to the creation software/process should put it within the 99% group. The GDI+ tools, virus detection tools are trying to catch at the reciever/viewer which is good, but it's the creation tools that need updating. What I'm trying to figure here is how to tell users to fix the problems and minimize false positives since we use so many different graphics formats in our business. If they upgrade their software to the highest sp/rev, they have the needed patchs from MS, can they open the graphic without being hit and re-save it in a jpg format that will be safe? Did that make any sense? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 30, 2004 5:51 AM Subject: Re: [Declude.Virus] JPEG Vulnerability Ok... Declude virus does the detection. Correct. An AV program, can, as well if it wants to. Or it can just wait until a virus comes out using this exploit. So you may be protected with or without Declude Virus detecting the vulnerability, and you may or may not have false positives with or without Declude Virus detecting the vulnerability. If a jpeg is attached/embedded in the email, the email will be flagged as having the vulnerability whether it's actually infected or not. Correct? No. 99% of JPEGs will get through without a problem. It's that other 1% that Microsoft forgot about. If the sending pc, it's dll's, and software are updated with Microsoft's patch will the embedded jpg still be flagged as vulnerable? Yes. The updates for a computer only affect how it displays JPEG files, not how it creates them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. *Scanned for viruses by Declude Virus* *Scanned for viruses by Declude Virus* --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] JPEG Vulnerability
Doug, The fault is in the detection test not the JPG. And in the fact that this Vulnerability is so new that there has not been the usual time for careful testing before this test was released. (This is also why the test is found in an interim not a fully tested release.) Scott got us a quick fix based what was known at the time. He is also well aware of the "1% problem" and will keep us posted ASAP when a better test is available. For sites that need safety above all else, a broken test is better than nothing. For us (and you?) we just can't have 1% of good files called bad (unless there is a virus outbreak by e-mail that's not caught by normal AV programs). If you need to pass the files and can relay on AV to catch bugs switching back to 1.79-i?? will remove the over active test. I'm guessing (the detail doesn't make much difference) that it is based around a couple of simple string matches. If I find this sting of bytes here and another string of byte somewhere else than bingo a "bad" jpeg. But the test is too simple and is catching files that are not broken. Greg Doug Anderson wrote: Ok, maybe it's just me but something seems funky. Given that 99% of the jpg's will go through no problem and the other 1% will be caught, that means the 1% are unique in some way, shape or form. They are detectable which declude virus does and other virus packages do if you scan all files. In being unique, it was created or saved differently then other jpg's. What seems funky is that an update to the creation software/process should put it within the 99% group. The GDI+ tools, virus detection tools are trying to catch at the reciever/viewer which is good, but it's the creation tools that need updating. What I'm trying to figure here is how to tell users to fix the problems and minimize false positives since we use so many different graphics formats in our business. If they upgrade their software to the highest sp/rev, they have the needed patches from MS, can they open the graphic without being hit and re-save it in a jpg format that will be safe? Did that make any sense? --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Lines in the virus.cfg file
I should eliminate (comment out) at least the JPG line right away. The new test (when it's fully ready) provides a great safty net to backup the AV programs. The new test will ignore these lines and bad JPEGs will be caught. The test is available by install a new interim version of Declude. (The test in the current intermin 1.80 has some problems so wait until they are resolved or check the other messages for details.) The best advice I've seen is to eliminate at least the JPG line, because these lines will prevent the AV programs from being called. Until last week, you could safely save some CPU time on your e-mail server by not scanning JPEGs. Greg Sharyn Schmidt wrote: Lines in the virus.cfg file I was looking through my virus.cfg and I noticed the following: # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG Should I now allow declude to scan jpg and gif files or is this totally different than the new jpeg vulnerability? Thanks, Sharyn --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] GDI false Postive
When you release next fix, can you add the ability to disable this test from inside of declude and rely on the AV software? It killed our photos department yesterday... :) Mark Smith Associated Press -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, September 30, 2004 7:53 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] GDI false Postive Is there a way for Declude to stop checking for the GDI Vulnerability and rely on F-Prot? Yes, you can go back to 1.79. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Problem with 1.80 and Vulnerabilities
Testing Declude 1.80 with the test emails on Declude.com, I'm having an issue with Vulnerabilities. Declude AV catches the Vulnerability and sends the Recipient Email as expected. But the original message is also delivered. If I revert back to Declude 1.79 the original message is not delivered, just the Recipient Email, as expected. Running iMail 8.04 I believe, Windows 2003, F-Prot 3.15b. If I revert back to Declude 1.79 without changing anything else, it works as expected and only delivers the Recipient Email. I thought it might be because of these errors in the Declude Virus logs - the first line occurs 25 times or so, then the Time Out - log snip ERROR: Could not move virus-infected E-mail! Code: 3 0 ERROR: Could not move virus-infected E-mail: Timed out! ERROR: Could not move virus-infected E-mail2! Code: 2 0 /log snip So I changed delivererrors from ON to OFF. But both the Recipient Email and the original email are still delivered. Anyone else experience this, or have any idea what I have wrong? TIA, David Weber Windows 2000 MCP http://www.orcsweb.com/ Powerful Web Hosting Solutions #1 in Service and Support --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] GDI false Postive
When you release next fix, can you add the ability to disable this test from inside of declude and rely on the AV software? We probably will, but there should be no legitimate reason for JPEGs to contain the exploit. The issue is that Microsoft's algorithm for detecting them was bad. Our algorithm should be perfect. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] GDI false Postive
Scott, Any idea on ETA for the new algorithm? Also, will this be an interim, release, or beta? Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 30, 2004 10:21 AM Subject: RE: [Declude.Virus] GDI false Postive When you release next fix, can you add the ability to disable this test from inside of declude and rely on the AV software? We probably will, but there should be no legitimate reason for JPEGs to contain the exploit. The issue is that Microsoft's algorithm for detecting them was bad. Our algorithm should be perfect. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] ERR 005
I upgraded Declude to 1.80 two days ago. Today IMail has been logging the following error: 09:30 14:46 SMTP-(0714) ERR 005 - Send message thread exception handled I wonder if that error could be related to Declude new version. Any suggestions? Mario Antonio --- [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] GDI false Postive
How about adding per domain too.. for the pro.. ie, in virus_domains.txt do: DOMAINON / OFF / INONLY / OUTONLY ADD: DOMAIN FILEX.CFG and in x.cfg have the standard: Skipext, Banext, Prescan, Ban Options, Footer, Delivererrors,Delete options, which overwrite the standard settings in virus.cfg just for that domain. I am tearing my hair out trying to block all attachments for a single domain. without doing funky filters. When you release next fix, can you add the ability to disable this test from inside of declude and rely on the AV software? We probably will, but there should be no legitimate reason for JPEGs to contain the exploit. The issue is that Microsoft's algorithm for detecting them was bad. Our algorithm should be perfect. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com --- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ERR 005
I upgraded Declude to 1.80 two days ago. Today IMail has been logging the following error: 09:30 14:46 SMTP-(0714) ERR 005 - Send message thread exception handled I wonder if that error could be related to Declude new version. That shouldn't have anything to do with Declude. However, to be safe, I would suggest posting the lines with 0714 that occur before that one, which should help indicate if there are any errors that could indeed be caused by Declude. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] GDI false Postive
How about adding per domain too.. for the pro.. DOMAIN FILEX.CFG and in x.cfg have the standard: Skipext, Banext, Prescan, Ban Options, Footer, Delivererrors,Delete options, which overwrite the standard settings in virus.cfg just for that domain. We do have enhanced per-user/per-domain options in the suggestion database. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Problem with 1.80 and Vulnerabilities
I thought it might be because of these errors in the Declude Virus logs - the first line occurs 25 times or so, then the Time Out - log snip ERROR: Could not move virus-infected E-mail! Code: 3 0 Are there other numbers on that line? That line indicates a Windows Path not found error, which would suggest that your VIRDIR option is not set correctly (in the \IMail\Declude\virus.cfg file). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] GDI false Postive
R. Scott Perry wrote: We probably will, but there should be no legitimate reason for JPEGs to contain the exploit. The issue is that Microsoft's algorithm for detecting them was bad. Our algorithm should be perfect. If you provided a switch for all such vulnerabilities, then we wouldn't have to downgrade to fix another issue if it appeared, and of course we would have the granularity that we desire in our systems as far as vulnerability detection goes. This really must happen, and I have been waiting very patiently for it to happen for quite some time, and I will continue to wait patiently since I don't expect miracles to happen overnight, but I would really, really appreciate it if you could raise the priority of when to allow us to turn these all off and on individually. Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] GDI false Postive
And not to upset anyone, how long does it take it to make it to production or beta? I noticed this has been in the Suggestion Database for almost two years. --- From: R. Scott Perry Subject: Re: [Declude.Virus] Customized Footer for domain Date: Thu, 19 Dec 2002 15:40:28 -0800 Thanks for the aid on other question. We currently have the virus footer disabled, but I have one client who would like a footer added to his email that it was scanned for viruses. Is there a way to do this except globally in the virus.cfg file? Again, thank you. Unfortunately, there isn't any way to do it except globally. However, having footers configurable per domain is already in the suggestion database. -Scott -- William Stillwell Palm Harbor, FL. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 30, 2004 4:41 PM Subject: Re: [Declude.Virus] GDI false Postive How about adding per domain too.. for the pro.. DOMAIN FILEX.CFG and in x.cfg have the standard: Skipext, Banext, Prescan, Ban Options, Footer, Delivererrors,Delete options, which overwrite the standard settings in virus.cfg just for that domain. We do have enhanced per-user/per-domain options in the suggestion database. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com --- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] GDI false Postive
And not to upset anyone, how long does it take it to make it to production or beta? I noticed this has been in the Suggestion Database for almost two years. It is important to realize that the suggestion database is not a list of features for the next release. It is as the name implies -- a database of suggestions that have been reported by customers. So saying that it is already in the suggestion database simply means that it has been requested in the past, and will be considered for future releases. Whether or not it makes it to a future release depends on many factors -- the amount of development time allotted to the new release, how many customers will benefit from it, how long it would take to add the feature, etc. In this case, it is a feature that would likely require a lot of work. On the other hand, it is something that a number of customers have requested. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ERR 005
This is part of the logs: IMAIL = 09:30 11:15 SMTP-(07DC2889) processing d:\IMAIL\spool\Q22f30bf500ec93c4.SMD 09:30 11:15 SMTP-(07DC2889) ERR 005 - Send message thread exception handled DECLUDE === 09/30/2004 11:15:01 Q22f30bf500ec93c4 MIME file: [text/html][quoted-printable; Length=29150 Checksum=2402395] After this moment the queue manager went nuts. I had to move all the queue files to another folder (That was the only way of stooping those errors), and then put them back in batches. Any suggestions? Mario - Original Message - From: Mario Antonio [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 30, 2004 3:19 PM Subject: [Declude.Virus] ERR 005 I upgraded Declude to 1.80 two days ago. Today IMail has been logging the following error: 09:30 14:46 SMTP-(0714) ERR 005 - Send message thread exception handled I wonder if that error could be related to Declude new version. Any suggestions? Mario Antonio --- [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System] --- [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Problem with 1.80 and Vulnerabilities
Are there other numbers on that line? That line indicates a Windows Path not found error, which would suggest that your VIRDIR option is not set correctly (in the \IMail\Declude\virus.cfg file). The entire line is - 09/30/2004 12:18:26 Q31ad047f00a465ac ERROR: Could not move virus-infected E-mail! Code: 3 0 E:\IMAIL\spool\D31ad047f00a465ac.SMD D:\IMAIL\spool\virus\D31ad047f00a465ac.SMD. Re-trying. 09/30/200 This is using the same virus.cfg file that is being used when it works with 1.79. It's the same server; all that was done was deleting declude.exe from d:\imail and dropping the 1.80 declude.exe in the folder. Appreciate any suggestions. Thank you, David Weber Windows 2000 MCP http://www.orcsweb.com/ Powerful Web Hosting Solutions #1 in Service and Support - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 30, 2004 4:45 PM Subject: Re: [Declude.Virus] Problem with 1.80 and Vulnerabilities I thought it might be because of these errors in the Declude Virus logs - the first line occurs 25 times or so, then the Time Out - log snip ERROR: Could not move virus-infected E-mail! Code: 3 0 Are there other numbers on that line? That line indicates a Windows Path not found error, which would suggest that your VIRDIR option is not set correctly (in the \IMail\Declude\virus.cfg file). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ERR 005
09:30 11:15 SMTP-(07DC2889) processing d:\IMAIL\spool\Q22f30bf500ec93c4.SMD 09:30 11:15 SMTP-(07DC2889) ERR 005 - Send message thread exception handled I would recommend letting Ipswitch know about this (assuming you are running the latest version of IMail) -- it appears to be an issue with IMail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] GDI false Postive
Is there a test yet? I would really like to know if we are atleast protected by email. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 30, 2004 2:21 PM Subject: Re: [Declude.Virus] GDI false Postive And not to upset anyone, how long does it take it to make it to production or beta? I noticed this has been in the Suggestion Database for almost two years. It is important to realize that the suggestion database is not a list of features for the next release. It is as the name implies -- a database of suggestions that have been reported by customers. So saying that it is already in the suggestion database simply means that it has been requested in the past, and will be considered for future releases. Whether or not it makes it to a future release depends on many factors -- the amount of development time allotted to the new release, how many customers will benefit from it, how long it would take to add the feature, etc. In this case, it is a feature that would likely require a lot of work. On the other hand, it is something that a number of customers have requested. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] new interim version
I note a new interim version - Does this fix the GDI false Postive issue? Thursday, September 30, 2004 3:27 PM 506785 Declude.exe P --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ERR 005
Thanks a lot for your prompt answer. After troubleshooting I find that there is just one particular email with an special format that makes the queue manager crash. First time I have seen that happens in our server. will you be willing to take a look at these files (header file and Queue file) to see if there is something special with those files? I could send them to you off list. Mario Antonio - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 30, 2004 7:04 PM Subject: Re: [Declude.Virus] ERR 005 09:30 11:15 SMTP-(07DC2889) processing d:\IMAIL\spool\Q22f30bf500ec93c4.SMD 09:30 11:15 SMTP-(07DC2889) ERR 005 - Send message thread exception handled I would recommend letting Ipswitch know about this (assuming you are running the latest version of IMail) -- it appears to be an issue with IMail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System] --- [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ERR 005
After troubleshooting I find that there is just one particular email with an special format that makes the queue manager crash. First time I have seen that happens in our server. will you be willing to take a look at these files (header file and Queue file) to see if there is something special with those files? I could send them to you off list. Sure -- if you could send them to [EMAIL PROTECTED] (in a .ZIP file, preferably), we'll take a look at them and see what we can find out. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Problem with 1.80 and Vulnerabilities
Is IMail installed in D:\IMail or E:\IMail? It looks like it is installed in E:\IMail, but Declude Virus is trying to move the E-mail to a non-existent D:\IMAIL\spool\virus\ directory (which would occur if the VIRDIR option in the virus.cfg file pointed to the D: drive). Thanks Scott. iMail is installed in D, the spool is in E. I'll double-check that the config file and the Registry are in synch, but I don't have any problem when running 1.79, only with 1.80 - AFAIK. Thanks, David Weber Windows 2000 MCP http://www.orcsweb.com/ Powerful Web Hosting Solutions #1 in Service and Support --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Problem with 1.80 and Vulnerabilities
Thanks Scott. iMail is installed in D, the spool is in E. I'll double-check that the config file and the Registry are in synch, but I don't have any problem when running 1.79, only with 1.80 - AFAIK. I confirmed that iMail is installed in D:\imail and the spool and logs are E:\imail\spool. I hope this helps. Thank you, David Weber Windows 2000 MCP http://www.orcsweb.com/ Powerful Web Hosting Solutions #1 in Service and Support - Original Message - From: David [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 30, 2004 8:59 PM Subject: Re: [Declude.Virus] Problem with 1.80 and Vulnerabilities Is IMail installed in D:\IMail or E:\IMail? It looks like it is installed in E:\IMail, but Declude Virus is trying to move the E-mail to a non-existent D:\IMAIL\spool\virus\ directory (which would occur if the VIRDIR option in the virus.cfg file pointed to the D: drive). Thanks Scott. iMail is installed in D, the spool is in E. I'll double-check that the config file and the Registry are in synch, but I don't have any problem when running 1.79, only with 1.80 - AFAIK. Thanks, David Weber Windows 2000 MCP http://www.orcsweb.com/ Powerful Web Hosting Solutions #1 in Service and Support --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
