RE: [Declude.Virus] Declude Virus inoperable for 13% of th year?
I didn't want to weigh in on this, but since I have a lot of experience with trying to do too much with too few resources I feel the need. First I'll say that item c. in David's response came across badly and certainly seemed to express a certain degree of frustration, probably due to the problem occurring in the first place as much as the responses from users. When you don't have enough resources you sometimes let things slip. You get them working with every intention of going back to put in place the needed checks to keep everything working. It's simple to add an appointment to a calendar, but unless you have a common calendar you're only giving yourself notice and that's probably not the best way to handle it. So, you plan to do it right and then it slips away in the rush of getting other problems fixed. David has stated that he has put procedures in place to prevent this from happening again and you either believe him or you don't. If you don't then you are probably already looking for an alternative product, and working on your security budget to accommodate the higher cost. I have received great service from Declude and since Interceptor came out I'm virtually ecstatic so I'll be sticking around and hoping that the prices stay low. Dan Shadix IT Systems Administrator Terry Reilly Health Services From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, June 03, 2009 10:12 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Declude Virus inoperable for 13% of th year? Sensitivity: Personal Hi, Oh, now you really got me going. Declude Virus does not have a built in system to report this error as with this specific example The problem is not the hard-coded expiration itself. Clearly, when this API (including the hardcoded expiry) was originally implemented, the fact that there was an expiry was a known fact to that developer - cause (s)he added it. Whoever wrote this API implementation simply was too lazy to properly handle and report on the condition that absolutely was going to occur with 100% certainty on 4/10. That's a programming 101 and this flaw must be fixed, not discussed. It's when an Anti-Virus product doesn't report that it has decided to stop detecting viruses. how much more are you prepared to pay for your service agreement Nice try, but to me, money is secondary to function. I rather would pay appropriate maintenance for a product that is enhanced with features (as it was in the first few years when I had purchased it) than to pay a lesser annual maintenance for a dormant product! However, I'm NOT willing to pay a company just so that they can pursue OTHER technical, legal and marketing ventures INSTEAD of enhancing the product. The problem with Declude is that they lost focus - this instance makes this painfully obvious! increase our prices dramatically so we can hire more developers Let's get real. I remember looking at your web site a while ago and seeing a huge roster of management. I also remember web site project and other products being launched and initating legal actions. Here's what you need: Start laying off managers and other supervisory staff, cut the retainers for your attorneys, etc. and don't stop until you have enough money to finally pay ONE full time developer that actually works on continually enhancing the product we are all paying for and gets as much done as the original author of the product did for YEARS. Once caught up with 3 years of backlog, then sell me the upgrade!) You don't need additional personnel - you to need replace overhead-personnel with production personnel. I suspect the problem is not lack of funds but diversion of it. Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, June 03, 2009 11:07 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Declude Virus inoperable for 13% of th year? Sensitivity: Personal Andy, a. Declude Virus does not have a built in system to report this error as with this specific example. What happened here is not the norm but an exception. It was not our choice to hard code the expiration date but a requirement from AVG. In this instance the specific persons who we had been working with at AVG are no longer with the company and the process of having this renewed took longer than usual. b. I am not sure if you are being facetious, but if it makes you feel better, sure you can schedule a reminder for me, please email me at least 3 month prior of the new expiration date 2010-12-31 c. Yes AVG was not working as it should have been since 2009-04-10 I agree with you - this is totally unacceptable, intolerable, painful and should not be brushed aside lightly. You are correct in your observations, we should increase our prices dramatically so we can hire more developers to ensure unfortunate incidents
RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures
BANEXT rar has been working great for me. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, April 26, 2007 11:36 PM To: declude.virus@declude.com Subject: [Declude.Virus] More info about encrypted RAR virus and Declude failures I have downloaded a copy of the virus and inspected it. The file is a functional encrypted RAR with an EXE inside of the same file name. I also researched why Declude might not be catching this and I believe that I know why. Declude will properly detect an executable within a RAR file and the fact that the file is encrypted. I verified this with my own test on a file that I encrypted. The problem however is the fact that you can also encrypt the file name within a RAR and not just the file. The virus that was being spammed encrypted both the file name and the file, so Declude likely got hung up on trying to extract the name from the RAR. Note to Dave. This took me all of 30 minutes to figure out. Unfortunately there is somewhat of a conundrum here as you will need to introduce new functionality in order to handle this appropriately. While I don't expect that RAR files will be commonly used for viruses due to the rarity of the client, it is definitely necessary to allow users to block encrypted RAR's when the file names are not extractable. I have a recommendation for how to handle this which would be quite consistent with current behavior and possibly help with unexpected conditions with ZIP's too: For both encrypted ZIP's and encrypted RAR's where the file names can't be extracted, assume that it contains an EXE. This will allow for those that want to block all encrypted files and those that only want to block them when there is an executable inside to maintain proper levels of protection. Let me know if you would like some more feedback or information. Thanks, Matt --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. The information contained in this communication is privileged and confidential. If you have received this communication in error, please forward back to the sender and delete your copy immediately. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Virus notifications
I meant the postmaster notifications when a virus is caught, but it magically started working right after I sent that message. I didn't intentionally do anything to fix it, just looked around in the config files without making any changes. Scary. Thanks for trying to help, Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, March 28, 2007 9:16 PM To: declude.virus@declude.com Subject: re: [Declude.Virus] Virus notifications What do you mean by virus notifications? Email from some mailing list? Updates to your anti-virus definitions? Gary Original Message From: Dan Shadix [EMAIL PROTECTED] Sent: Wednesday, March 28, 2007 6:55 PM To: declude.virus@declude.com declude.virus@declude.com Subject: [Declude.Virus] Virus notifications Since switching to SmarterMail, I haven't been receiving virus notifications. Can someone give me a quick fix? Thanks in advance, Dan --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Virus notifications
Since switching to SmarterMail, I haven't been receiving virus notifications. Can someone give me a quick fix? Thanks in advance, Dan --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Support
I read occasionally on here about support or the lack thereof, but I just used support for the first time for anything other than a minor issue. This was the best support I've received from any company at any time. A few others have come close, but my support experience was absolutely wonderful. I don't know if I should mention the tech by name but let me just say that if my wife knew how much hand holding had been going on I'd be in big trouble. Dan Shadix --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude and Imail 7.15
I am running Declude 2.0.6 with Imail v7.15 but would like to upgrade to Declude Security Suite 4.2. I can do it legally, but am wondering if anyone else has done it. I've been waiting for the version that doesn't require a separate mail server but I'd like to start taking advantage of the stuff I've been paying for all this time. So, is anyone using Declude 4.2 with Imail 7.15? Thanks in advance, Dan
[Declude.Virus] The new Declude
I have just unsubscribed from the Imail list and am ready to put that era behind me. The only reason I stayed with Imail this long is because it was the only way I can run Declude. In a few months I'll begin migrating my users to Exchange server. The fine folks at Declude have promised to take care of me in the virus scanning and spam filtering areas. I'm taking them at their work and putting my faith in them. So, to the Declude team I say "Don't let me down and I'll remain a loyal customer". To the other list members I say, "Speak up". In an earlier message I stated what I want to see from the new Imailless Declude. If you don't let them know what you want, you can't complain if they don't give it to you. Dan
Re: [Declude.Virus] Making or buying a MAIL SERVER proposal
The fine folks at Declude will offer whatever they think will sell, but I would prefer to see a standalone product that does just what Declude does now. No pop, imap, or webmail. Just a robust smtp service that integrates with their present products and allows me to reinject blocked mail if it was a false positive. The only thing I'd really like added is the ability to block invalid users by checking ldap or a text file of valid users. If they create a nice product to scan the held messages and delete or resubmit for delivery I'll probably buy that too. If they decide to offer pop etc. I hope it will be as an addon so I won't have to buy it. That said I would probably would buy it anyway as long as the price is right. Panda Consulting S.A. Luis Alberto Arango wrote: Proposal to Computerized Horizons - DECLUDE 1. Develop a mail server software with the features most users are looking for. Antispam, Antivirus, webmail, nice administration and full administration, fast, collaboration, heavy load. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Scott, what is our future?
That's great to hear. I've only stayed with Imail as long as I have because of Declude. I quit upgrading after 7.15 and let my Imail SA lapse. I'll be installing Exchange in a few months and will use my Imail/Declude setup as a front end to isolate the Exchange server from the Internet and plan to add Declude Anti-Spam at that time. If you create a standalone product that will replace my present Imail/Declude setup I'll be ecstatic (unless you pull and Ipswitch and charge an arm and a leg). R. Scott Perry wrote: But I can definitely say this: Declude isn't going to go away, no matter what Ipswitch may do. -- Dan Shadix IT Systems Administrator Terry Reilly Health Services --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: Fwd: Re: [Declude.Virus] www.testvirus.org Test 22
On Monday 14 June 2004 04:18 pm, R. Scott Perry wrote: Do you have a way to get the full headers of the E-mail that gets through (such as accessing the .mbx file directly), which would let us see the exact headers you are getting? -Scott Here's the message pulled directly from the mbx file.. I modified the attachment so that it's no longer really eicar since it appears that it was blocked when I sent it before. From [EMAIL PROTECTED] Tue Jun 15 05:55:12 2004 Received: from web.trhs.org [128.128.15.20] by trhs.org with ESMTP (SMTPD32-7.15) id A3A06540140; Tue, 15 Jun 2004 05:55:12 -0600 Received: from mail01.excedent.us (crc2.excedent.us [12.5.19.157]) by web.trhs.org (Postfix) with ESMTP id E73B6A055E for [EMAIL PROTECTED]; Tue, 15 Jun 2004 07:55:45 -0400 (EDT) X-Originating-Ip: 207.225.37.66 Message-Id: [EMAIL PROTECTED] Date: Tue, 15 Jun 2004 07:55:32 -0500 From: TESTVIRUS.org [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Virus Scanner Test #22 Mime-Version: 1.0 Content-Type: multipart/mixed; boundary==_804689079==_ X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 376546492 --=_804689079==_ Content-Type: text/plain; charset=us-ascii; format=flowed This message was sent to you because you or someone you know is testing your mail server's virus scanner at: http://www.testvirus.org This test message contains: Test #22: Eicar virus within zip file hidden using the MIME Continuation Vulnerability If your mail server's virus scanner did not detect this email, it allows some viruses through! Please note: This test message uses the EICAR test virus, which is completely benign and contains no viral code. For more information see: http://www.eicar.org This free test has been provided to you by Excedent Technologies (http://www.excedent.com) and Webmail.us (http://www.webmail.us) --=_804689079==_ name=nolongereicar.zip; Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=nolongereicar.zip AEQJRUlDQVIuQ09NWDVPIVAlQEFQWzRcUFpYNTQo UF4pN0NDKTd9JEVJQ0FSLVNUQU5JTEUhJEgrSCpQSwECFAAK AABmRqYsPM9RaEQAAABECQABACAARUsFBgAB AAEANwAAAGsAAA== --=_804689079==_-- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] A different view of banned files
I would like to be able to reverse the logic of BANEXT and block all attachments except a small list of allowed ones. ALLOWEXT doc ALLOWEXT mdb ALLOWEXT xls ALLOWEXT pub ALLOWEXT gif ALLOWEXT jpg That's all I can think of that I would allow, but if I noticed some being blocked I could easily add them. This follows the normal security logic. I also would like to be able to save the banned e-mails in a separate folder from the known viruses. Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] X-Declude-Status: Waiting for activation code
When do you think there will be a new release version? I'm still at 1.75 and like to stay with the release version if I can. Dan On Friday 20 February 2004 01:00 pm, you wrote: I'm seeing this is 1.77i27 also: 1.77i27 is no longer supported -- you should upgrade to 1.78 (the latest beta) at http://www.declude.com/virus/manual.htm , or the latest interim release (at http://www.declude.com/interim ) which takes care of the header in the subject of this thread. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Which version
I went to get the latest version and remembered why I hadn't downloaded 1.70. It's listed as a beta with 1.65 as the latest release version. I'm using 1.66i18. I don't remember what the problem was that prompted me to download the interim version but it was something I thought was important at the time. So what version should I be using? Is the web page just out of date? Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] What version should I be using?
I'm still using 1.66i18 since I hadn't had any problems with it and hadn't seen any reason to upgrade it. I don't remember 1.70 coming out and why I didn't install it. Is there a good reason why I should go to the newer version? Dan -- Original Message -- From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 03 Jun 2003 12:43:26 -0400 06/01/2003 22:36:28 Qb82911e Outlook 'MIME Header' Vulnerability: type=audio/x-midi, name=Fbvw.pif. 06/01/2003 22:36:30 Qb82911e Scanner 1: Virus= the W32/[EMAIL PROTECTED] virus !!! Attachment=Fbvw.pif [0] I 06/01/2003 22:36:31 Qb82911e Scanner 2: Virus=: W32/[EMAIL PROTECTED] Attachment=Fbvw.pif [0] I 06/01/2003 22:36:31 Qb82911e File(s) are INFECTED [[Outlook 'MIME Header' Vulnerability]: 3] generated a MIME header vulnerability email and not a virus notification. Thanks for pointing this out -- there is an interim release v1.70i2 at http://www.declude.com/release/170i/declude.exe that takes care of this issue. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Imail1.exe for scripting purposes
Imail1.exe doesn't work without Imail installed, but there are several good programs that will. Check the archives or Google for them. -- Original Message -- From: Mario Antonio [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 14 Feb 2003 18:53:05 -0500 Just for scripting purposes, by any chance, does anybody know how to make Imail1.exe work on a computer where Imail is not installed ? My apologies if this is a bit off the topic. Regards, Mario Antonio --- [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Are we safe?
Are we safe from these? http://www.messagelabs.com/viruseye/report.asp?id=130 Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Order of operations
I got this today and have a question. - Declude Virus v1.65 caught the [Outlook 'MIME Header' Vulnerability] virus in CLEAR.pif from [EMAIL PROTECTED] to: Does Declude check for the vulnerabilities and if one is found that's it? No virus check? Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot version
Actually it's just about opposite of that. Since Declude calls F-Prot directly you don't need to be logged in for it to work. The scheduler in the Windows version only runs if you are logged in. I haven't have any problems with being logged in with the screen locked so that's how I've handled it. Just laziness and lack of time. Dan -- Original Message -- From: Lynn Ritchie [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 12 Dec 2002 14:47:48 -0500 Dan Star wrote: Per the F-prot FAQ, the updater can be started from command line using switches. So use AT to schedule it and keep the server logged off. Haven't tried this yet as I log in everday to the mail server. I haven't tried the AT with the command line either, but several people have said it works just fine. Everything always worked so good just logging in and letting the schedule do it's job, that it is hard to take the time to explore other options. But to take this even more off topic, what about a server which isn't a mail server. I always understood that to have the anti-virus working, you needed to log in to start the program from the startup menu and have the F-prot icon in the system tray. So assuming You have the command line updater running us AT The anti-virus program doesn't start until you log in and the start up menu executes, You don't log into the server so the updater is working on it's schedule, every x hours it updates the virus files, but if you don't log in to the server the anti-virus program doesn't start? Is this right? If anti-virus isn't running. The updater really doesn't matter much. Sounds like the best answer for anti-virus protection, even with the issues pointed out by John, is to log in and lock the console. Lynn Ritchie City of Findlay Computer Services Department [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Opinion on Virus Scanner
F-Prot. Cost is next to nothing and it works great with Declude. Dan -- Original Message -- From: Keith Johnson [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 2 Dec 2002 22:56:30 -0500 I wanted to see what type of virus scanner everyone has had luck with. We have used Computer Assoc. Inoc. for years, however, the 6.0 SP1 version does not allow for the virus name to be extracted from the report.txt file. Any suggestions would be great (experience in the field is a much better gauge than websites). Thanks for the aid. N¬º{.nÇ+··*^jÐ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] installed.bin
Or have the batch file that creates the file send you an e-mail with the information to you. Dan -- Original Message -- From: Uhte, Russ [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 22 Nov 2002 13:48:50 -0500 So, let me get this straight... You can't do a \\mailserver\c$ and get to your mail servers C drive? Can the mailserver get to your c drive? Our is there a machine that both the mailserver, and your machine have access to?? If so, you could make the batch file map a drive using a specified username/password. -Russ -Original Message- From: John Shacklett [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 12:27 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] installed.bin I like this idea, but I'm still trying to address the situation where I don't have ready access to the mailserver or its C: drive. And I can't use terminal services. And I need more information than just the version number. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Uhte, Russ Sent: Friday, 22 November 2002 12:12 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.Virus] installed.bin John, Just a quick suggestion... If this is information you use routinely, make a batch file that runs the command (declude -diag C:\declude.txt) and use the NT at command to make it run every x hours... Then you could pull that declude.txt file and know that it was last updated x hours ago... Just my $0.02 -Russ -Original Message- From: John Shacklett [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 12:09 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] installed.bin No, that's exactly what I can't to do, although I understand the thinking and appreciate the suggestion. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Matuska Sent: Friday, 22 November 2002 11:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] installed.bin You could always setup terminal services or another remote access terminal program on your server too. Jim Matuska Jr. Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: John Shacklett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 22, 2002 8:54 AM Subject: RE: [Declude.Virus] installed.bin You don't say. Anywhere I want. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff Sent: Friday, 22 November 2002 11:46 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] installed.bin You can always use declude -diag C:\declude.txt or where ever you want it. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett Sent: Friday, November 22, 2002 8:27 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] installed.bin The installed.bin file in the Declude directory has the current version info. Could that be expanded to include more of the declude -diag data? -- John Shacklett www.continentaloffice.com [EMAIL PROTECTED] [EMAIL PROTECTED] Before you criticize someone, walk a mile in his shoes. Then when you do criticize that person, you'll be a mile away and you'll have his shoes! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at
Re: [Declude.Virus] fprot 3.12b and declude?
I can't figure out what I'm doing wrong. I'm using the windows version and ran the upgrade to 3.12b right after it came out. I haven't had any problems at all. Are there any others out there? Seriously though, I'm concerned that something might be wrong that I'm just missing and it will come back to bite me later. Dan Mike Wiegers wrote: I just changed from \F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt to \fpcmd.exe -TYPE -SILENT -NOMEM -ARCHIVE -NOFLOPPY -NOBOOT -DUMB -REPORT=report.txt and it still doesn't catch the EICAR test virus (the F-Prot line will catch it). What did I miss? Thanks Mike -Original Message- *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] *On Behalf Of *John Dobbin *Sent:* Monday, October 07, 2002 4:32 PM *To:* [EMAIL PROTECTED] *Subject:* Re: [Declude.Virus] fprot 3.12b and declude? The switches for the executable change from /option to -option. We made the change and so far so good. John Dobbin Pen Publishing Interactive - Original Message - *From:* Mike Wiegers mailto:[EMAIL PROTECTED] *To:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] *Sent:* Monday, October 07, 2002 4:27 PM *Subject:* RE: [Declude.Virus] fprot 3.12b and declude? I was having this problem so I went back to 3.12a. I updated again and changed my virus.cfg to fpcmd.exe. I ran the test EICAR_Test_File and the log reported that is was clean and it did sent the com test file. Changed the line back to f-prot.exe and it caught the virus. This was all done with 3.12b. Anyone else have any problems with the new command line? Mike -Original Message- *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] *On Behalf Of *Frederick P. Squib, Jr. *Sent:* Monday, October 07, 2002 1:20 PM *To:* [EMAIL PROTECTED] *Subject:* RE: [Declude.Virus] fprot 3.12b and declude? I may have missed this if ti was posted earlier, but the fine folks a f-prot said... Dear Frederick, Please use FPCMD.EXE instead of F-Prot.EXE with the same command line switches. Best regards, Arnar Thor At 22:40 3.10.2002 -0400, you wrote: I have been seeing this popping up on my screen and in the event log since upgrading to the 312b version of f-prot today 3 October 2002. Running the command line version on win2k Advanced server. Application popup: 16 bit MS-DOS Subsystem : C:\Progra~1\FSI\F-Prot\F-Prot.exe X#=0D, CS=01CF IP=5703. The NTVDM CPU has encountered an unhandled exception. Choose 'Close' to terminate the application. Any suggestions ? Frederick P. Squib, Jr. Customer #X Network Administrator Citizens Internet Services _http://www.wpa.net_ http://www.wpa.net/ Frederick P. Squib, Jr. Network Administrator Citizens Internet Services http://www.wpa.net http://www.wpa.net/ -Original Message- *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] *On Behalf Of *Scott MacLean *Sent:* Thursday, October 03, 2002 5:40 PM *To:* [EMAIL PROTECTED] *Subject:* Re: [Declude.Virus] fprot 3.12b and declude? I've been getting a lot (2-3/day) of these pop-up boxes since upgrading: Application popup: 16 bit MS-DOS Subsystem : C:\Progra~1\FSI\F-Prot\F-Prot.exe X#=0D, CS=01CF IP=5703. The NTVDM CPU has encountered an unhandled exception. Choose 'Close' to terminate the application. At 05:08 PM 10/3/2002, Jim Jones, Jr. wrote: any known problems in running this new version of fprot? Thanks, Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com http://www.mail-archive.com/. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011
Re: [Declude.Virus] Amazon ad caught as virus
I don't think that it's really something that Amazon is doing wrong. If they called themselves Amazon without .com it wouldn't trigger the BANEXT but that doesn't mean they shouldn't be able to use their real name. That said, if the way it is now is safer than the way it used to be I'd like to keep the more stringent check. Even better would be an option to do it either way. Dan John Tolmachoff wrote: Scott, being that this is a rare occurance, why not leaves it the way it is and let Amazon be flooded with all the notices. Maybe they will get wise and correct the problem. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, September 24, 2002 4:58 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Amazon ad caught as virus I have had hundreds of the Amazon AD here as I'm sure has everyone else. Before I go asking for an interim release I will ask how common the problem that caught the Amazon Ad is. The Amazon email was rejected as a com attachment. I assume all similar emails would be the same given the format of the lowley com file. Is this likely to be a more frequent occurrence. And, has it happen more often than we realized but just didn't see it because of low volume. A major ad campaign certainly brought it to our attention. It took just over 5 months from the time Declude Virus first would start to catch these before we received our first report of the problem, so I would say it would be a rare occurrence (with this one exception). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Declude Virus v1.61 (beta) released
I can't be sure that this is related, but since I've installed 1.61 I started getting some messages from Amazon.com being caught by BANEXT com when they don't appear to have an attachment with a .com extension. Dan [EMAIL PROTECTED] wrote: FWIW, installed 1.61 about six hours ago. No problems. Jack At 08:47 AM 9/23/2002, you wrote: We have just released Declude Virus v1.61 (beta). See http://www.declude.com/virus/manual.htm . Changes include: o Adds detection of numerous new vulnerabilities. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] .shs files possible virus?
It has been used for virii in the past. See http://www.pchell.com/virus/stagesworm.shtml Dan John Tolmachoff wrote:http://www.pchell.com/virus/stagesworm.shtml Found it: http://whatis.techtarget.com/fileFormatA/0,289933,sid9,00.html SHS Shell scrap file; reportedly used to send password stealers I am going to add this to my banned extension list. John Tolmachoff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Virus getting by F-Prot
My exe filter caught a message with an attachment named picacu which is apparently one of the Klez variants. I am using F-Prot 3.12a with the latest defs and it caught another of the same virus. I thought that all of these should be caught by the anti-virus instead of BANEXT. Do I have something configured incorrectly or is something else causing this? -- Dan Shadix IT Systems Administrator Terry Reilly Health Services --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] HELO:Configuration questions
I just purchased Declude Virus and have a few questions before I put it into service. Since I haven't received any messages from the list yet I decided to just ask. First, what have been your experiences with using the otherpostmaser.eml notification? I toned down the stuff about how they should be scanning their mail (even though they should) so they don't get angry before they look at the problem and added a link to the Declude web page. Still, I'd like to hear other's experiences. Second, should I go ahead and use v1.56 beta or stick with the v1.53 release? I don't normally use beta software but on the Imail list it appears that some folks are using a v1.55 with good results. Third, what do you have under BANEXT? I'm using the following list: BANEXT scr BANEXT pif BANEXT vbs BANEXT exe BANEXT com BANEXT js BANEXT bat BANEXT jse BANEXT vbe BANEXT wsf BANEXT wsh BANEXT shs BANEXT shb BANEXT chm BANEXT lnk BANEXT vbx BANEXT cab BANEXT nws BANEXT dll BANEXT asp BANEXT xml BANEXT cmd BANEXT sys BANEXT asd BANEXT ocx BANEXT htm BANEXT hta BANEXT html Thanks, -- Dan Shadix IT Systems Administrator Terry Reilly Health Services (208) 318-1248 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .