[Declude.Virus] Virtual domains
My company is merging with another printing company (they are moving in w/us) I setup a virtual domain for their old domain and also the new domain. Email is flowing just fine. Does declude AV protect virtual domains? Chris --- [This E-mail scanned for viruses by Declude/F-Prot AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Release version
Scott, I just DLed the release and the declude -diag shows it at 1.75 Chris Hunt The only new release today is 1.80, which as expected, had the GDIPlus.dll Exploit detection. --- [This E-mail scanned for viruses by Declude/F-Prot AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] INor.D
I just had a email slip by my IMail server to my PC with the Inor.D in a .zip (with a .exe inside) Both are running latest .C version of F-Prot. What could I have in my virus.cfg that allowed this? I still have the .zip if anyone wants it. Chris --- [This E-mail scanned for viruses by Declude/F-Prot AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] new forging worm: Bagle
If you banned exe attachments then you would already be protected. How about telling us the version of F-Prot and Declude? At 10:08 AM 01/19/2004 -0500, you wrote: Scott, These are my def status: SIGN.DEF created 18 January 2004 SIGN2.DEF created 19 January 2004 MACRO.DEF created 12 January 2004 Mario Antonio --- [This E-mail scanned for viruses by Declude/F-Prot AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Zips are corrupt
I'm trying to narrow down a problem where zip attachments that are received via IMail 8.03 w/hf are corrupt. Same zip via FTP or HTTP check out OK. Using the latest Declude virus beta and F-Prot 3.14b. The declude log looks great, no errors. Chris [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude/F-Prot AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Zips are corrupt
They are regular emails, I just sent you an example. Chris At 12:56 PM 11/03/2003 -0500, you wrote: I'm trying to narrow down a problem where zip attachments that are received via IMail 8.03 w/hf are corrupt. Same zip via FTP or HTTP check out OK. Using the latest Declude virus beta and F-Prot 3.14b. The declude log looks great, no errors. Are they being sent as attachment-only E-mails (specially crafted E-mails that have no message body, not even a blank one)? If they are sent that way (which they shouldn't), the footer may incorrectly be seen as part of the attachment. I would recommend temporarily disabling the footer (by removing or commenting out the FOOTER line(s) in the \IMail\Declude\virus.cfg file) to see if that takes care of the problem. --- [This E-mail scanned for viruses by Declude/F-Prot AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] IMail 7.15 and F-Prot 3.14
Since upgrading to F-Prot 3.14 windows (without real-time) I've now seen web messaging lock up twice and I get a SMTP error on the IMail server. The error message (didn't write it down) is a pop-up window on the server. I'm running Declude Virus v1.70 also. Chris --- [This E-mail scanned for viruses by Declude/F-Prot AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] IMail 7.15 and F-Prot 3.14
I don't see anything unusual in the declude or imail logs and my virus.cfg has SCANFILE e:\F-Prot\Fpcmd.exe -TYPE -SILENT -NOMEM -ARCHIVE -NOBOOT -DUMB -REPORT=report.txt I'll have to wait until the next lockup/error message. Chris server. I'm running Declude Virus v1.70 also. Chris, you know we need the error message. Maybe even a log snippet or 2. F-Prot 3.14 shouldn't be able to cause an SMTP error. Are you using F-Prot.exe or fpcmd.exe (in the SCANFILE line in the \IMail\Declude\virus.cfg file)? If you are using F-Prot.exe, I would --- [This E-mail scanned for viruses by Declude/F-Prot AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus software
Paul, for a whopping $40 you could get the commercial version of F-Prot that also gives you a licence for 19 other PCs. www.frisk.is Personally, I've found McAfee and Symantec use way to much PC resources. Chris At 02:35 PM 07/15/2002 -0400, you wrote: We own a copy of Declude Virus. The version of the virus software is MacAfee 4.0 using the scan.exe file with Declude. We now need to upgrade to 6.0. Will Declude work with this? How do I unconfigure 4.0 and configure 6.0 to work. Normally the Net admin would do this but he is on vacation so I get the job. Paul R. Weber Director/IT Cornell Law School 481 Myron Taylor Hall Phone: 607 255-1315 Email: [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude/F-Prot AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] DriveA Boot Sector
I've recently became legit with F-Prot as a company wide standard (your can't beat their licensing vs. McAfee or Symantec) On my Desktop running 3.12 with 4/29defs Clean floppy, copy a text file to it from my desktop and I get Drive A Boot Sector could be infected with an unknown virus Running a OnDemand for the floppy and hard drives result in nothing found. Any ideas? Chris [EMAIL PROTECTED]
[Declude.Virus] F-Prot 3.11b
Speaking of F-Prot, a client of mine bought F-Prot 3.11b and complained of slowness problems with loading Lotus Organizer and Eudora. The frisk.is site mentions a problem with slowness with IE but I had him DL the zip. installed and rebooted and his slowness problems went away with his applications. Chris At 08:13 AM 03/13/2002 -0600, you wrote: me too, only we're running f-prot... jim --- [This E-mail scanned for viruses by Declude/F-Prot Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Prescaning the party
F-Prot has new Def data today 1/29/02 that fix the identity issue. Chris At 09:53 PM 01/29/2002 +, you wrote: And if I don't have a prescan line, the default is on or off ? BTW, someone just sent me a copy, and fprot did not identify the virus correctly, notification said unknown virus. others said here they were correctly identifying the virus, what do you think the problem is over here ? Prescan default to on ? or some other issue ? Thanks --- [This E-mail scanned for viruses by Declude/F-Prot Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] MY Party
My desktop F-Prot is on my Home Email which does not get scanned by Declude. Weird part is that F-Prot Real-Time protector alert me but does not offer to disinfect/delete Chris At 12:44 PM 01/28/2002 -0500, you wrote: Anyone catching these with Declude / F-Prot? We have seen dozens come in. Running F-Prot 3.11a with todays definitions (according to their site it should detect the virus 0ail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and --- [This E-mail scanned for viruses by Declude/F-Prot Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Funny how....
[EMAIL PROTECTED] is used only as a recipient for Declude Virus and now its getting (attempted) viruses. I thought the Badtrans was done but maybe some domains are slow ;) Chris === To: [EMAIL PROTECTED] Subject: virus detected Declude Virus v1.29 caught the : W32/Badtrans.B@mm virus in New_Napster_Site.MP3.pif from [EMAIL PROTECTED] to: [EMAIL PROTECTED] Date: 12/11/2001 06:46:49 Subject:Re: WARNING: YOU MAY HAVE A VIRUS Spool File: Df22714a.SMD --- [This E-mail scanned for viruses by Declude/F-Prot Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] New W32/Goner-A virus
In your virus.cfg file in your declude folder Works perfectly BANEXT lnk BANEXT vbs BANEXT scr BANEXT shs BANEXT wsh BANEXT vbx BANEXT bat BANEXT cab BANEXT nws BANEXT asp BANEXT dll BANEXT cmd BANEXT xml BANEXT sys BANEXT asd BANEXT chm BANEXT ocx BANEXT vbe BANEXT wsf BANEXT js Your vir*.log file will show 12/04/2001 15:17:03 Q2f3f104 Scanned: Virus Free [MIME: 3 2951] 12/04/2001 15:17:31 Q2f58104 MIME file: 3D Maze.scr [base64] 12/04/2001 15:17:32 Q2f58104 Banning file with scr extension. 12/04/2001 15:17:33 Q2f58104 Scanned: Banned file extension. [MIME: 2 478133] 12/04/2001 15:17:56 Q2f72104 Scanned: Virus Free [MIME: 1 210] 12/04/2001 15:18:02 Q2f79104 Scanned: Virus Free Chris At 02:17 PM 12/4/01 -0600, you wrote: Is there a way to kill all incoming .scr attachments? using declude or something else? i would prefer that it happen after the virus scan... just in case a new .scr virus comes out... thanks, jim - Original Message - From: Jerry Murdock [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 04, 2001 1:54 PM Subject: Re: [Declude.Virus] New W32/Goner-A virus I've caught about 30 with f-prot since noon-ish(EST) when the patterns were updated. Jerry Subject: Hi Incoming/Outgoing: incoming Number Recepients: 1 Message ID: 001401c17cf8$2ce20c70$6664a8c0@XX Date: 12/04/2001 Time: 14:17:52 QueueFile Name: D215d228.SMD Infected File: gone.scr Virus Name: W32/Goner.A@mm - Original Message - From: Paul Ingram [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 04, 2001 2:48 PM Subject: RE: [Declude.Virus] New W32/Goner-A virus No F-Prot is not chaching it ..I have caught 68 since 2:15pm when a user called me to ask could the install this screen saver. I am caching by filtering the subject line and body text. I also tried Macfee and I didn't see an update for them yet either. Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Grant Griffith Sent: Tuesday, December 04, 2001 2:40 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New W32/Goner-A virus I just downloaded the files from F-Prot and they are what we already had. F-Prot must either already catch it or has not updated the info yet. Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 ||-Original Message- ||From: [EMAIL PROTECTED] ||[mailto:[EMAIL PROTECTED]]On Behalf Of Andy Schmidt ||Sent: Tuesday, December 04, 2001 2:39 PM ||To: [EMAIL PROTECTED] ||Subject: RE: [Declude.Virus] New W32/Goner-A virus || || ||Yep - at least TWO client firms were infected this morning, spreading ||hundreds of new infections. || ||Best Regards ||Andy || || || ||-Original Message- ||From: [EMAIL PROTECTED] ||[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry ||Sent: Tuesday, December 04, 2001 02:31 PM ||To: [EMAIL PROTECTED] ||Subject: [Declude.Virus] New W32/Goner-A virus || || ||FYI, there is a new fast-spreading virus W32/Goner-A with an ||attachment ||Gone.SCR. I would strongly recommend that everyone update their virus || ||definitions immediately (even if you update daily, you might not want to || ||wait for the next update). F-Prot, McAfee, Sophos and likely others ||have ||new definitions out that catch this one. || -Scott || ||This E-mail came from the Declude.Virus mailing list. To ||unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ||type unsubscribe Declude.Virus. You can E-mail ||[EMAIL PROTECTED] for assistance. You can visit our web ||site at http://www.declude.com . || This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] H:
Hey Serge, how about not sending the whole list the virus? [EMAIL PROTECTED] would be better. Scott, Serge's email did get past my Declude 1.26a and F-Prot (Sept 22 defs), My desktop Mcafee caught it. Chris This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] H:Declude Enhancement
Scott, is there any way that the virMMDD.log for declude can contain more info that below when handling banned extensions? Thanks Chris 10/08/2001 08:39:57 Q9e9a13e Scanned: Banned file extension. [BINHEX: 1 0][MIME: 3 274192]
[Declude.Virus] H:Nimba
Yea, I finally got one ;) Ofcourse the FROM: is not valid Declude and DOS F-Prot Chris == Declude Virus v1.25a caught the : W95/Nimda.A@mm virus in readme.exe from [EMAIL PROTECTED] to: [EMAIL PROTECTED] Date: 09/19/2001 16:30:03 Subject:ware\Microsoft\WindoJb4 ñcircledownloadsbillybackyardtransactionsadr_indexcgimail25demoharless_billy _time_24junmarkbill1mcmj Spool File: D00241e8.SMD This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] H:Made my morning
Finally, after a week! Chris === To: [EMAIL PROTECTED] Subject: Declude Virus caught a virus Declude Virus caught a virus with the subject older folk who from [EMAIL PROTECTED] to: [EMAIL PROTECTED] The spool file name is Ded091d8.SMD. This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
H:Re: [Declude.Virus] F-Prot Updates?
At least your catching something. I installed Declude Virus last Thursday and have not caught 1 single infected virus, not that is powerful software! ;) It scares them into not even sending infected files. Of course when I'm at Myrtle Beach next week. Chris My data files are current as of the date I bought the software.. Aug 8th. I knew that viruses were rampant, but we've caught over 100 just today. We only have about 1000 mail boxes. Thanks JP
Re: REVDNS:Re: H:Re: [Declude.Virus] F-Prot Updates?
Yes and it emailed me and duped the alert to my nextel phone. The declude virus logs show activity. Outlook is banned in my company ;) I still have the 3,000 rules.ima I've been tweaking since V4 for SPAM control and virus backup. Chris At 07:41 AM 8/15/01 -0500, you wrote: Did you test the set up with the EICAR test virus from Scott's site? Even at our little (volume) server, we get at least five or six a day. And you're right -- things generally go wrong when we're off site and can't do anything about it. :) John This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .