RE: [Declude.Virus] Imail/Declude Log Analyzer v1.32
That's pretty much all that changed. It depends how far back you started using usage.cmd. If you started at 1.0-1.2 you'll probably want to start fresh. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sheldon Koehler Sent: Thursday, February 28, 2002 10:56 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Imail/Declude Log Analyzer v1.32 This version should deal with the 1st day of the month and leap years. Can we just cut and paste the first of the month and leap year sections or did you change a lot more? Sheldon --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: MISSING_REVERSE_DNS:Re: [Declude.Virus] Imail/declude batch file log parser problems
Sorry, I couldn't bring myself to do that, but this certainly works. I was looking more for a suggestion regarding coverting octal to decimal without relying on things already included with NT. I am sure however that anyone using this command should fin this useful. Thanks for sharing, Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steven Jurgensmeyer Sent: Wednesday, January 09, 2002 4:46 PM To: [EMAIL PROTECTED] Subject: MISSING_REVERSE_DNS:Re: [Declude.Virus] Imail/declude batch file log parser problems here was my quick down and dirty work around. ::Skip report if day is 1st for now... IF %dd% EQU 01 goto end IF %dd% EQU 02 (set yd=01) IF %dd% EQU 03 (set yd=02) IF %dd% EQU 04 (set yd=03) IF %dd% EQU 05 (set yd=04) IF %dd% EQU 06 (set yd=05) IF %dd% EQU 07 (set yd=06) IF %dd% EQU 08 (set yd=07) IF %dd% EQU 09 (set yd=08) ::IF %pd% LEQ 9 (set yd=%pd%) else (set yd=%pd%) - Original Message - From: Jeff Pitoniak [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 09, 2002 2:18 PM Subject: [Declude.Virus] Imail/declude batch file log parser problems I have found the problem I have been having. The NT command interpeter interpets numeric values that begin with the number 0 as octal. The numbers 8 and 9 are not valid octal(0-7) numbers. The zero is need because it's in the name of the log file. I am currently working on a solution. Any suggestions would be appreciated. Best regards, Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Imail/Declude batch file log parser/reporter version 1.3
A quick and dirty patch courtesy of Steven Jurgensmeyer. The only other thing to fix that I am aware of is logic for creating yesterdays datewhen yesterday was thelsat day of the month(28th 29th 30th or 31st). That one should be fun. I won't be getting to that anytime soon... This log file parser has been quite a test in patience for me as it started off pretty simple and got pretty complicated. I still like the command line, but Linux is where I like to live from a systems admin standpoint. If it weren't just for the challenge of it,I would'vescp'd (Secure SHell copy)the logs to a Linux server running SSH with pscp.exe and just parsed the logs with regular expressions in a Linux shell, but what fun would that have been? Anyway, I felt like contributing in a way that would help others. Eventually I'll put this up on one of the Imail tools sites, but it needs better documentation first... Best regards, Jeff Pitoniak PCE Systems, Inc. -- "If your only tool is a hammer, pretty soon everything starts to look like a nail."-Dr. William Learner, Chiropractor Usage1-3.zip Description: Zip compressed data
[Declude.Virus] Imail/declude batch file log parser problems
I have found the problem I have been having. The NT command interpeter interpets numeric values that begin with the number 0 as octal. The numbers 8 and 9 are not valid octal(0-7) numbers. The zero is need because it's in the name of the log file. I am currently working on a solution. Any suggestions would be appreciated. Best regards, Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: MISSING_REVERSE_DNS:RE: [Declude.Virus] Imail/declude log parser...
John, I have attached the most recent version which is formatted a little differently with more error checking and feedback included. This file might work better for you. Either replace the date formatting section with the code below... ::Creates date variables for /f tokens=1-4 delims=/ %%a IN ('DATE/T') do ( set day=%%a set mm=%%b set dd=%%c set year=%%d set /A pd=%%c-1) ::Skip report if day is 1st for now... IF %dd% EQU 1 goto end IF %pd% LEQ 9 (set yd=0%pd%) else (set yd=%pd%) ...or just replace the old USAGE.CMD with the new one in the attached zip file and modify it. It's easier to get configured as you just run it and it tells you what's missing. Once the script can find everything it needs it starts working. Best regards, Jeff Pitoniak PCE Systems, Inc. -Original Message- From: John Shacklett [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 08, 2002 12:53 PM To: [EMAIL PROTECTED] Subject: RE: MISSING_REVERSE_DNS:RE: [Declude.Virus] Imail/declude log parser... Jeff, I just had this same error pop up after weeks of using your usage tool without incident. I attached a file with the cmd output. Just FYI. C:\SETLOCAL C:\SET sys=c:\winnt\system32\ C:\SET spl=c:\imail\spool\ C:\SET log=D:\Logs\ C:\SET send=c:\imail\imail1.exe C:\SET [EMAIL PROTECTED] C:\FOR /F %z IN ('TIME/T') DO set time=%z C:\set time=12:43p C:\FOR /F tokens=1-4 delims=/ %a IN ('DATE/T') DO (SET day=%a SET mm=%b SET dd=%c SET year=%d SET /A pd=%c-1 ) C:\(SET day=Tue SET mm=01 SET dd=08 SET year=2002 SET /A pd=08-1 ) Invalid number. Numeric constants are either decimal (17), hexidecimal (0x11), binary (0b10001) or octal (021). C:\IF EQU 0 GOTO END 0 was unexpected at this time. C:\ Usage1-2.zip Description: Zip compressed data
[Declude.Virus] Test
Sorry, just checking to see if MISSING_REVERSE_DNS stopped showing in the subject of my posts as I finally got around to reverse dns after a major network infrastructure re-engineering project we just finished. Regards, Jeff -- "If your only tool is a hammer, pretty soon everything starts to look like a nail."-Dr. William Learner, Chiropractor Jeff Pitoniak - Network Administration Security Consultant - PCE Systems, Inc. email: [EMAIL PROTECTED]Ph:(248)223-4888 ext.138 Fax:(248)223-4889
[Declude.Virus] Troubleshooting Imail/declude log parser v1.1 (usage.cmd)
If you are having problems with this command script, the following instructions allow you to see the output and errors of all of the commands involved. Open usage.cmd in a text editor (making sure that word wrap is not turned on) and add a colon to the 1st line of the script to disable hiding the output of the commands involved. For example: :@echo off When you run usage.cmd, direct the output into a file so you can review the results. For example: usage.cmd 1 use.log 21 The 1 directs the normal output (called STDOUT or standard ouput) and the 21 directs the error output (called STDERR or standard error output) to a file. Send me this logfile if you you don't understand what's wrong and I can help you figure out what's not working. Best regards, Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: MISSING_REVERSE_DNS:RE: [Declude.Virus] Troubleshooting Imail/declude log parser v1.1 (usage.cmd)
This script looks at Imail *and* Declude logs, hence the name Imail/Declude log parser. DOMLIST.EXE shows a summary of incoming and outgoing mail by domain. I have configured my Imail server to record POP3 and SMTP logs to the SYSLOG service which uses log.txt rather than to a file(sys.txt). Change all of the places in your usage USAGE.CMD to reflect the setting you chose when you configured these services. Only the Log Server or SYSMMDD.TXT settings work with this script. To view these settings in the Imail Administrator program look under [localhost] [services] [POP3] POP3 tab Log to: [SMTP] SMTP tab Log to: This line of code you mention runs DOMLIST.EXE to create a mail usage summary and filters the output so that the listings of incoming/outgoing mail by domain are listed minus the DOMLIST.EXE advertising blurb below Domain Lister - (C) Copyright 2001 Computerized Horizons - www.declude.com Please consider using our anti-virus and anti-spam software for IMail servers. Here's an example of the email message that shows up in my inbox every morning at 2:30am. From: Mail Admin [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 13, 2001 2:30 AM To: [EMAIL PROTECTED] Subject: Thu 12-12-2001 Mail usage/Virus report Report created 2:30a 2001-12-13 by Usage(v1.1) on Imail server (for 2001-12-12) Domain # In # OutBytes In Bytes Out -- pcesystems.com 372136678032592262220 needaparts.com89 19 2327162 732767 ford.com 0139 0 282015 [postmaster] 0 5 0 11228 fordmss.com1 11740 1993 adminfslc.org 34 2412046444 51939 visteon.com0 1 0 1170 wcspcesystems.com 8 7 43296 32907 pcesystems.net 1 0 4201409 0 bounce.em5000.net 0 1 0 5006 -- Total: 505333864233103381245 Virus Detections: 0 Viruses detected for 12-12-2001 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul W. Lucido Sent: Thursday, December 13, 2001 11:20 AM To: [EMAIL PROTECTED] Subject: MISSING_REVERSE_DNS:RE: [Declude.Virus] Troubleshooting Imail/declude log parser v1.1 (usage.cmd) I guess my question is, what log file are you scanning for viruses? Looking at the following command: %spl%DOMLIST %spl%log%mm%%yd%.txt | find /V Domain Lister - (C) Copyright 2001 | find /V Please consider using our %log%%mm%%yd%usage.log this performs a domlist.exe on log1212.txt. What viruses are found in the log.txt file? I only have log.txt files for the days I stopped and started services. Is it supposed to point to a different file? Happy Holidays, Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Pitoniak Sent: Thursday, December 13, 2001 9:22 AM To: Declude. Virus@declude. com Cc: Keith Yount Subject: [Declude.Virus] Troubleshooting Imail/declude log parser v1.1 (usage.cmd) If you are having problems with this command script, the following instructions allow you to see the output and errors of all of the commands involved. Open usage.cmd in a text editor (making sure that word wrap is not turned on) and add a colon to the 1st line of the script to disable hiding the output of the commands involved. For example: :@echo off When you run usage.cmd, direct the output into a file so you can review the results. For example: usage.cmd 1 use.log 21 The 1 directs the normal output (called STDOUT or standard ouput) and the 21 directs the error output (called STDERR or standard error output) to a file. Send me this logfile if you you don't understand what's wrong and I can help you figure out what's not working. Best regards, Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus
MISSING_REVERSE_DNS:RE: [Declude.Virus] Where is the virus information in vir####.log
First you need to change declude configuration to give you more info. Look for X:\Imail\declude\virus.cfg and make sure logging is set to mid. # The in the LOGFILE option automatically gets replaced with the month/date LOGFILE D:\IMail\spool\vir.log LOGLEVEL MID CONSOLEOFF Also make sure that you have the correct SCANFILE directive. I use McAffee so this is what I have. (note: SCANFILE through /REPORT report.txt must be on the same line.) # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. SCANFILE C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP /UNZIP /SILENT /NODDA /PANALYZE /REPORT report.txt VIRUSCODE 13 REPORT Found And finally I wrote an NT command script that parses your mail and virus logs to create a summary that is mailed to the address of your choice every morning for the previous day. The only other software you need for it to work is DOMLIST.EXE from the IPswitch Imail website under free tools. Best regards, Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of FIRST Internet Declude Virus Account Sent: Tuesday, December 11, 2001 9:16 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Where is the virus information in vir.log Am I missing something? In the past I thought that the vir.log actually listed the names of the viruses found - but I am not seeing this. All I am seeing are generic messages such as '12/09/2001 21:57:49 Q249e036 File(s) are INFECTED [3]' Is this a result of using the PRESCAN, or is it something else? Am I just imagining things when I think I saw actual itemization of viruses in the vir.log file in the past? Mike Tindor 1st.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . Usage1-1.zip Description: Zip compressed data
RE: [Declude.Virus] MISSING_REVERSE_DNS:Imail/declude log parser...
Oops, sorry, my mistake. The prerequisite app is DOMLIST.EXE. I am sorry, I was in a hurry yesterday when I posted USAGE.CMD. You'll also find a zip file of USAGE.CMD attached. Regards, Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Pitoniak Sent: Wednesday, December 05, 2001 5:05 PM To: Declude. Virus@declude. com Subject: [Declude.Virus] MISSING_REVERSE_DNS:Imail/declude log parser... I have just completed an NT batch file that creates an email with a domain summary and virus detection exerpt. It relies on domain.exe and the rest is done with NT batch commands (whew!). I would be willing to share if anyone is interested. I set it to run every morning at 2:30am with the NT chedule service and it parses the logs from the previous day. It would probably need to be customized slightly to fit your paticular cfg. It's very rudimentary, but you should be able to customize to fit your needs. Best regards, Jeff Here's an example: Report created 4:52p 2001-12-05 by Usage.cmd on Imail server Total number of messages for Wed 12-04-2001 Incoming: 618 Outgoing: 351 Domain # In # OutBytes In Bytes Out -- needaparts.com 117 16 2639041 73815 pcesystems.com 402 85209153062419907 adminfslc.org 66 3317166830 730028 [postmaster] 0 4 0 9422 ford.com 0191 0 404437 wcspcesystems.com 25 8 50540 96391 fordmss.com5 11 13091 22933 visteon.com0 3 0 4809 pcesystems.net 3 0 4202727 0 -- Total: 618351449875353761742 Virus Detections: 2 Viruses detected for 12-04-2001 12/04/2001 18:58:55 Q633e20e Virus=: EICAR test file NOT a virus. Attachment= [-858993460] 12/04/2001 18:58:55 Q633e20e File(s) are INFECTED [13] 12/04/2001 18:58:55 Q633e20e Scanned: CONTAINS A VIRUS [MIME: 2 6209] 12/04/2001 18:58:55 Q633e20e From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] 12/04/2001 18:58:55 Q633e20e Subject: FW: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~TEST 12/04/2001 19:54:05 Q702c2b4 Virus= the W32/Magistr.b@MM virus !!! Attachment=choose.com [0] 12/04/2001 19:54:05 Q702c2b4 File(s) are INFECTED [13] 12/04/2001 19:54:05 Q702c2b4 Scanned: CONTAINS A VIRUS [MIME: 2 62048] 12/04/2001 19:54:05 Q702c2b4 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] 12/04/2001 19:54:05 Q702c2b4 Subject: [Fwd: I have specific time set aside] -- If your only tool is a hammer, pretty soon everything starts to look like a nail.-Dr. William Learner, Chiropractor Jeff Pitoniak - Network Administration Security Consultant - PCE Systems, Inc. email: [EMAIL PROTECTED] Ph:(248)223-4888 ext.138 Fax:(248)223-4889 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Usage.zip Description: Zip compressed data
RE: [Declude.Virus] MISSING_REVERSE_DNS:Imail/declude log parser...
If your vir.log files are in a different directory, then you will need to change some paths. There are 2 sections that parse the declude log files. The first counts the number of virus detections. Replace %spl% with the path to your declude logfile path only in the sections below. My comments are on lines that begin with :: and also have brackets [] around them in the sections below and should not be in your final script. The /\ and \/ are just cheesey arrows pointing to the item to be changed. If the section below is viewed with a fixed width font, it will be less confusing. ...snip from usage.cmd... ::Virus detections: Echo.Virus Detections: %log%%mm%%yd%usage.log for /f tokens=3 %%v IN ('%sys%find /C Virus= %spl%vir%mm%%yd%.log') DO SET virs=%%v ::[replace /\ this %spl% with your vir.log path] Echo.%virs% Viruses detected for %mm%-%yd%-%year% %log%%mm%%yd%usage.log ::Virus detail ::echo %day%, %mm%-%dd%-%year% yesterday: %yd% Echo. viri.tmp Echo. viri.dat :: [replace \/ this %spl% with you vir.log path] FOR /f tokens=1-3 %%v IN ('%sys%find Virus= %spl%vir%mm%%yd%.log') DO ECHO.%%x | %sys%find Q viri.tmp :: [replace \/ this %spl% as well] FOR /f skip=1 %%j IN (viri.tmp) DO %sys%find %%j %spl%vir%mm%%yd%.log viri.dat %sys%find /v D: viri.dat | %sys%find /v %log%%mm%%yd%usage.log :: [replace /\ this D: with so different paths aren't an issue] ...snip from usage.cmd... I hope I haven't confused anybody more. Best regards, Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Serge Dergham Sent: Thursday, December 06, 2001 5:57 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MISSING_REVERSE_DNS:Imail/declude log parser... thanks I can't find domain.exe, there is a domlist.exe, but no domain.exe can someone please post a download link. also, I have vir.log files in a separate directory (not the spool directory), should I change anything in the batch ? - Original Message - From: Jeff Pitoniak [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 06, 2001 10:15 PM Subject: RE: [Declude.Virus] MISSING_REVERSE_DNS:Imail/declude log parser... Put this usage.cmd in c:\tools (or modify paths in the scipt to match where you put it) Put domain.exe in the Imail spool directory. (available on the Imail website under free tools) Create a d:\logs directory for these usage logs or create your own and update the log variable in usage.cmd And finally, I installed Imail on the D:\ drive so make sure your paths match the script file's. Make sure that the Task Scheduler is set to automatic in the services control panel and paste this ito a command prompt to automate usage.cmd. AT 02:30 /EVERY:M,T,W,Th,F,S,Su c:\winnt\system32\cmd.exe /c c:\tools\usage.cmd (note: if you put usage.cmd somewhere else chang the AT command above to reflect this) Good luck. Best regards, Jeff -- If your only tool is a hammer, pretty soon everything starts to look like a nail.-Dr. William Learner, Chiropractor Jeff Pitoniak - Network Administration Security Consultant - PCE Systems, Inc. email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Ph:(248)223-4888 ext.138 Fax:(248)223-4889 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
RE: [Declude.Virus] MISSING_REVERSE_DNS:Imail/declude log parser...
Put this usage.cmd in c:\tools (or modify paths in the scipt to match where you put it) Put domain.exe in the Imail spool directory. (available on the Imail website under free tools) Create a d:\logs directory for these usage logs or create your own and update the log variable in usage.cmd And finally, I installed Imail on the D:\ drive so make sure your paths match the script file's. Make sure that the Task Scheduler is set to automatic in the services control panel and paste this ito a command prompt to automate usage.cmd. AT 02:30 /EVERY:M,T,W,Th,F,S,Su c:\winnt\system32\cmd.exe /c c:\tools\usage.cmd (note: if you put usage.cmd somewhere else chang the AT command above to reflect this) Good luck. Best regards, Jeff -- If your only tool is a hammer, pretty soon everything starts to look like a nail.-Dr. William Learner, Chiropractor Jeff Pitoniak - Network Administration Security Consultant - PCE Systems, Inc. email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Ph:(248)223-4888 ext.138 Fax:(248)223-4889 usage.cmd Description: Binary data
RE: [Declude.Virus] MISSING_REVERSE_DNS:Neshield
According to McAfee's Getting Started Guide for NetShield 4.5 page 53 item 11, the pagefile.sys is automatically excluded as NetShield cannot open the pagefile to begin with. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Serge Dergham Sent: Friday, October 12, 2001 3:42 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MISSING_REVERSE_DNS:Neshield OK, I think I found out what was wrong you have to stop and restart the netshieldd service for the exclusions to take effect seems strange, but now it is working still pop3 is much slower, does netshield monitor the memory swap file ? can this be the problem ? guess I need a new server with 2x1GHz cpus !!! Thanks all have a great week end! - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 12, 2001 5:01 PM Subject: Re: [Declude.Virus] MISSING_REVERSE_DNS:Neshield I exluded all imail directories (spool, domaines, users, ...) and the subdirectories from netshield scanning, but it is still trying to scan the spool (see below). Anyone run into this problem before ? please help ! 12/10/01 06:32 Cleaned AUTORITE NT\SYSTEM E:\imailsrvr\Spool\D8e81268.vir\0.bat W32/Magistr.b@MM Does NetShield have an option 'include subdirectories' or something like that? It may be that it is not scanning the spool directory, but is scanning subdirectories below it (where Declude stores the temporary files). -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Configuration
Declude: Please do not use the registry or anything MS for saving configuration. Gui Admins: Take a little time to learn the power of batch files and scripting. Not only will you never succumb to carpal tunnel, you may actually find that you can automate 85% of what you currently do with a mouse.The realsweet spot is that if you can do it with a command prompt, you can do it from anywhere, securely.I like the fact that I don't /have/ to be in the office to do my job. I alsolike the fact that declude is small, efficient, and simple. Something you don't see alot these days... Kudos to declude.