Re: [Declude.Virus] False Positives
Thanks for your help Linda. Here are a couple log snippets of the 'uuencoding bad end' Vulnerability 05/06/2010 15:39:30.823 q126c7cd3e05f.smd Vulnerability flags = 65 05/06/2010 15:39:31.854 q126c7cd3e05f.smd 'uuencoding bad end' vulnerability in line 208152 05/06/2010 15:39:32.166 q126c7cd3e05f.smd Scanned: CONTAINS A VIRUS [UU: 2 46771][MIME: 3 13110006] 05/06/2010 15:41:21.916 qa51e7cdae07c.smd Vulnerability flags = 65 05/06/2010 15:41:22.932 qa51e7cdae07c.smd 'uuencoding bad end' vulnerability in line 203543 05/06/2010 15:41:23.276 qa51e7cdae07c.smd Scanned: CONTAINS A VIRUS [UU: 2 46771][MIME: 3 12819408] On 5/7/2010 7:31 AM, Linda Pagillo wrote: Hi Kevin. Thanks for your post. I first would like to explain that what you are seeing is not a false-positive. The address that the emails are coming from are not a factor in the case of vulnerabilities. Our vulnerability checking looks for exploits in an email. If it finds one, it will mark it no matter who it is coming from. This is correct behavior for the tests and therefore, not a false-positive. As for allowing these for everyone who sends to your server, I would advise against it, but of course, it is your choice. Instead I would allow vulnerabilities on a per-sender basis in order to be safe. For example, you said that you received 10 emails from a legit address that were caught as a vulnerability. In that case, I would allow vulnerabilities for that particular user. You can do that by adding a line to your virus.cfg file... ALLOWVULNERABILITIESFROMu...@domain.com If you wanted to allow vulnerabilities from the entire domain, you would add the following line instead... ALLOWVULNERABILITIESFROMdomain.com (without the @ symbol) You mentioned that the vulnerability you are seeing from the user in question is the 'uuencoding bad end' Vulnerability. Where are you seeing this? Is it in the email or the virus.cfg log? Could you copy and paste it from the log or email so I can send it over to development for review? Thanks again. -- From: Kevin Rogers ke...@rootdesign.com Sent: Thursday, May 06, 2010 8:39 PM To: declude.virus@declude.com Subject: [Declude.Virus] False Positives I'm getting several false positives a day for the following tests: [Outlook 'Blank Folding' Vulnerability] MIME segment in MIME Postamble Today I received 10 false positives (from the same legit email address) of ['uuencoding bad end' Vulnerability] I can't even find the 'uuencoding bad end' vulnerability in virus.cfg to allow it. This is the first I've seen of this test. I was getting too many of the OLMIMESEGMIMEPRE test before I had to allow them. I am running the latest v4.10.48 on Imail. Are other people using these tests without many/any false positives? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] False Positives
I'm getting several false positives a day for the following tests: [Outlook 'Blank Folding' Vulnerability] MIME segment in MIME Postamble Today I received 10 false positives (from the same legit email address) of ['uuencoding bad end' Vulnerability] I can't even find the 'uuencoding bad end' vulnerability in virus.cfg to allow it. This is the first I've seen of this test. I was getting too many of the OLMIMESEGMIMEPRE test before I had to allow them. I am running the latest v4.10.48 on Imail. Are other people using these tests without many/any false positives? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Hundreds
All throughout the day, hundreds of D and T files (each of them 0KB) show up in my spool directory. I spoke with Ipswitch about this and they said they had heard of it only with other Declude users and that it most likely is caused by Declude. Very quickly (way quicker than if they were all being delivered), they all disappear (e.g., 500 files are gone in an instant). Anyone else experiencing this, or know what could be causing it? I'm running Declude 4.6.35 and Imail 11 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Database error after upgrading
So I emailed David about this issue and he had me turn off AUTOWHITELIST and that seemed to get rid of the error. It seems that Imail 11 changed the database it uses for contacts and this is why Declude was generating that error. But I'd really like to turn AUTOWHITELIST back on. And, since the upgrade all emails are failing the DYNHELO and HELOBOGUS tests so I've had to reduce their weights for the time being. Has anyone seen this or have any ideas how to correct? Thanks. Kevin Rogers wrote: I upgraded to 4.6.35 because of the AVG scanner issue, but now in my declude logs I am seeing error messages like this: 06/23/2009 00:38:48.986 q8f0c00670096.smd DataBase Error = ['(unknown)' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides. Driver's SQLSetConnectAttr failed ] I didn't have these errors before my upgrade. Any ideas? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Database error after upgrading
1. We've been using MS SQL Server for years for our user/mailbox list (using the External Database option in Imail). Which database are you referencing? The user list database, or the contact database? There weren't any changes to the user SQL Server database tables in Imail 11 as far as I know. And if you're referencing the contact database, why would that affect AUTOWHITELIST? 2. Great. I hope a fix comes out soon. The lack of the AUTOWHITELIST combined with two tests that add up to close-to-threshold weights caused a lot of legit email to be put into our bulk folders. Kevin David Barker wrote: Hi Kevin. 1. If you are using the IMail MS SQL database this is different to their previous version MS Access database, we are in the process of coding and testing for Declude using MS SQL to use AUTOWHITELIST. I am not sure if you have the option to use the old MS Access database in Imail or if it is just MS SQL, if you can use MS Acccess then Declude AUTOWHITELIST will work or you have to wait for our release. 2. We are currently also looking into this issue to determine what exactly is causing this and if it is legitimate or a problem with IMail new format. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Kevin Rogers Sent: Thursday, June 25, 2009 2:35 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Database error after upgrading So I emailed David about this issue and he had me turn off AUTOWHITELIST and that seemed to get rid of the error. It seems that Imail 11 changed the database it uses for contacts and this is why Declude was generating that error. But I'd really like to turn AUTOWHITELIST back on. And, since the upgrade all emails are failing the DYNHELO and HELOBOGUS tests so I've had to reduce their weights for the time being. Has anyone seen this or have any ideas how to correct? Thanks. Kevin Rogers wrote: I upgraded to 4.6.35 because of the AVG scanner issue, but now in my declude logs I am seeing error messages like this: 06/23/2009 00:38:48.986 q8f0c00670096.smd DataBase Error = ['(unknown)' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides. Driver's SQLSetConnectAttr failed ] I didn't have these errors before my upgrade. Any ideas? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Database error after upgrading
I upgraded to 4.6.35 because of the AVG scanner issue, but now in my declude logs I am seeing error messages like this: 06/23/2009 00:38:48.986 q8f0c00670096.smd DataBase Error = ['(unknown)' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides. Driver's SQLSetConnectAttr failed ] I didn't have these errors before my upgrade. Any ideas? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] EZIPs
Some of my clients need to be able to receive password-protected ZIP files and I'm wondering if people on this list ban the EZIP extension outright, or if they allow it but ban all the other extensions that could be harmful from within a EZIP file. Declude's virus.cfg file states that # The BANEXT EZIP line blocks all encrypted .ZIP and .RAR files, which is necessary # to be fully protected against viruses (since it is impossible to detect a well- # constructed virus within an encrypted .ZIP or .RAR file) Is this true? Do you need to ban it outright? or are the other bans adequate? Thanks. Kevin --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ? Name Voting Time
I think a good name would include something that intimates that with this version, you are getting everything. So my suggestion is: All Decluded or All Decluded 1.0 You could even start an ad campaign with the slogan Are You All Decluded? and promote your various products under this guise. Some variations include (ha ha): Get Decluded Email Not Decluded Emails Decluded Chris Anton wrote: Mark me down for one vote for Declude ForePlay :-) -Anton --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] 3.0.5.10
I agree as well. Perhaps even simple installation instructions for the newbs like me. Darin Cox wrote: Totally agree... there are not enough announcements of bugs and fixes/releases especially when there's an unused list for that purpose. Darin. - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Saturday, October 22, 2005 4:52 PM Subject: RE: [Declude.Virus] 3.0.5.10 Well, that's just plain wrong. When there's enough time to update versions and a web site, it should be time enough to either send an email to the Declude announcement list - or to update a simple what's new page with 3 or 4 lines of text. It's important to know what was wrong with a release I just installed a day earlier by looking at whatever is fixed in the new release. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Saturday, October 22, 2005 12:28 AM To: Declude.JunkMail@declude.com; Declude.Virus@declude.com Subject: [Declude.Virus] 3.0.5.10 This one is just for the record since .10 is not on the website anymore -- thank goodness. Put 3.0.5.10 in place to this afternoon (before I knew .11 was available). MISTAKE! Things looked ok at first, but didn't realize mail was stacking up in \proc\. When I was not getting anything at the house, came back in (around 11pm) and found 6,500 msgs in \proc. Put in .11 and restarted. It is flowing now. Wonder if that is the reason .10 disappeared from the web site so fast. This raises (at least for me) an old discussion. I know new documentation for each little update is not possible or even reasonable to expect. But maybe a quick and dirty page on what the update fixed.?? John --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot... autoupdates??
Yes. There are a couple of ways. One is to just run a scheduled task that calls the Updater. Something like: C:\Program Files\FSI\F-Prot\FP-Updater\Updater.exe /INTERNET /QUIT /HIDDEN Chris Anton wrote: Hi all, We are running F-Prot and are wondering if there is a way to configure the updates such that we don't have to login everytime a new update is released. What are your thoughts? Thanks! -Chris --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Slightly OT: Encrypting or Securing Email Content
Yes, but it's $100 per user and (correct me if I'm wrong here), with PGP both the sender and the recipient need to have PGP installed in order to use it. Which is most likely out of the question for us. But I've checked their site and I'm not positive about this. Darrell ([EMAIL PROTECTED]) wrote: Kevin, I thought PGP had a desktop version that integrates directly with outlook? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Kevin Rogers writes: We're looking for a simple way to opportunistically allow our users to encrypt or password-protect certain emails and/or their attachments that contain sensitive data. We're running Declude Pro and have banned EZIP extensions (the highly recommended suggestion from several people on this forum), so that kinda rules out PKZIP and any kind of ZIP program (because as soon as you password-protect a ZIP file, it becomes an EZIP file). We looked at PGP, but it seems very complex and seems to require a hardware proxy in between our mail server and the Net. Is there a simple and effective way to encrypt or password protect documents for email transmission that doesn't cause problems with Imail or Declude and doesn't require software to be installed on the recipient's end? Thanks. Kevin --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Slightly OT: Encrypting or Securing Email Content
But even in Declude's virus.cfg file it says # # The BANEXT EZIP line blocks all encrypted .ZIP and .RAR files, which is necessary # to be fully protected against viruses (since it is impossible to detect a well- # constructed virus within an encrypted .ZIP or .RAR file). # Should I ban EZIPs or not? I always thought I had to. It'd be nice to be able to allow them through since creating password-protected ZIP files is one of the easiest ways to add a decent amount of security to email attachments. Kevin John T (Lists) wrote: FYI, I do not ban EZIP outright. What I do is BANEZIPEXTs which will ban an EZIP file containing a file that is banned. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Monday, October 10, 2005 10:26 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Slightly OT: Encrypting or Securing Email Content We're looking for a simple way to opportunistically allow our users to encrypt or password-protect certain emails and/or their attachments that contain sensitive data. We're running Declude Pro and have banned EZIP extensions (the highly recommended suggestion from several people on this forum), so that kinda rules out PKZIP and any kind of ZIP program (because as soon as you password-protect a ZIP file, it becomes an EZIP file). We looked at PGP, but it seems very complex and seems to require a hardware proxy in between our mail server and the Net. Is there a simple and effective way to encrypt or password protect documents for email transmission that doesn't cause problems with Imail or Declude and doesn't require software to be installed on the recipient's end? Thanks. Kevin --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Slightly OT: Encrypting or Securing Email Content
So it's this forum's consensus that if I have PRO I should not block all EZIPs - I should just block the other extensions even if they are found within ZIP files? I do send out notices when a file gets blocked, but I don't have a requeue script in place. I'll search for one and see what I can do. Thanks. Darin Cox wrote: If you have Declude Virus/EVA Pro you can switch to banning extensions within zips. With Standard, you may want to continue to ban encrypted zips. In either case, you will probably want to send out notices for banned files, notifying the intended recipient that a file sent to them was blocked. Include a link in the notification for them to requeue the message if it was legit and they want to receive it. Scripts to requeue messages have been posted to the list in the past, but they are very simple to create by just moving the Q and D files back to the spool directory... possibly going as far as launching the SMTP32 process to immediately send the message if you don't want your user to wait for the next queue run. Darin. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, October 11, 2005 1:26 AM Subject: [Declude.Virus] Slightly OT: Encrypting or Securing Email Content We're looking for a simple way to opportunistically allow our users to encrypt or password-protect certain emails and/or their attachments that contain sensitive data. We're running Declude Pro and have banned EZIP extensions (the highly recommended suggestion from several people on this forum), so that kinda rules out PKZIP and any kind of ZIP program (because as soon as you password-protect a ZIP file, it becomes an EZIP file). We looked at PGP, but it seems very complex and seems to require a hardware proxy in between our mail server and the Net. Is there a simple and effective way to encrypt or password protect documents for email transmission that doesn't cause problems with Imail or Declude and doesn't require software to be installed on the recipient's end? Thanks. Kevin --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Slightly OT: Encrypting or Securing Email Content
Ok OK already. lol So some people block EZIPs and some don't. If you don't block EZIPs but do block certain file extensions within EZIPs, is it the same security as if you blocked them outright? Or are there ways to slip bad stuff through an EZIP even if you block most bad extensions? Or can you really not scan EZIPs as well as other files. Thanks Scott Fisher wrote: I block all encrypted zips based on the fact that I can't virus scan them. But then again I'm slightly paranoid and should not be trusted with sharp objects. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, October 11, 2005 3:08 PM Subject: Re: [Declude.Virus] Slightly OT: Encrypting or Securing Email Content So it's this forum's consensus that if I have PRO I should not block all EZIPs - I should just block the other extensions even if they are found within ZIP files? I do send out notices when a file gets blocked, but I don't have a requeue script in place. I'll search for one and see what I can do. Thanks. Darin Cox wrote: If you have Declude Virus/EVA Pro you can switch to banning extensions within zips. With Standard, you may want to continue to ban encrypted zips. In either case, you will probably want to send out notices for banned files, notifying the intended recipient that a file sent to them was blocked. Include a link in the notification for them to requeue the message if it was legit and they want to receive it. Scripts to requeue messages have been posted to the list in the past, but they are very simple to create by just moving the Q and D files back to the spool directory... possibly going as far as launching the SMTP32 process to immediately send the message if you don't want your user to wait for the next queue run. Darin. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, October 11, 2005 1:26 AM Subject: [Declude.Virus] Slightly OT: Encrypting or Securing Email Content We're looking for a simple way to opportunistically allow our users to encrypt or password-protect certain emails and/or their attachments that contain sensitive data. We're running Declude Pro and have banned EZIP extensions (the highly recommended suggestion from several people on this forum), so that kinda rules out PKZIP and any kind of ZIP program (because as soon as you password-protect a ZIP file, it becomes an EZIP file). We looked at PGP, but it seems very complex and seems to require a hardware proxy in between our mail server and the Net. Is there a simple and effective way to encrypt or password protect documents for email transmission that doesn't cause problems with Imail or Declude and doesn't require software to be installed on the recipient's end? Thanks. Kevin --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Slightly OT: Encrypting or Securing Email Content
We're looking for a simple way to opportunistically allow our users to encrypt or password-protect certain emails and/or their attachments that contain sensitive data. We're running Declude Pro and have banned EZIP extensions (the highly recommended suggestion from several people on this forum), so that kinda rules out PKZIP and any kind of ZIP program (because as soon as you password-protect a ZIP file, it becomes an EZIP file). We looked at PGP, but it seems very complex and seems to require a hardware proxy in between our mail server and the Net. Is there a simple and effective way to encrypt or password protect documents for email transmission that doesn't cause problems with Imail or Declude and doesn't require software to be installed on the recipient's end? Thanks. Kevin --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Newbie question
Should I put AVAFTERJM ON in my global.cfg file? And does it matter where I put it inside the file? Thanks. David Franco-Rocha [ Declude ] wrote: Thanks. This will be added to the manual. David Franco-Rocha Declude Technical Support - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Monday, June 06, 2005 10:58 AM Subject: Re: [Declude.Virus] Newbie question Great... Could the Declude staff have this added to the manual? Darin. - Original Message - From: Guhl, Markus (LDS) [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Monday, June 06, 2005 4:28 AM Subject: AW: [Declude.Virus] Newbie question hi darin, we use AVAFTERJM ON with Declude 2.0.6.14 and it works like we need it. mfg i.a. gez. markus guhl *** lds nrw ref. 241 tel.: 0211 9449 2578 fax.: 0211 9449 8344 mailto:[EMAIL PROTECTED] *** -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Darin Cox Gesendet: Sonntag, 5. Juni 2005 23:02 An: Declude.Virus@declude.com Betreff: Re: [Declude.Virus] Newbie question I don't know if it still exists since it is not in the current manual, but there was an option in previous versions of AV called AVAFTERJM that allowed JunkMail to run first. Otherwise you are correct that AV would run first. Darin. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Sunday, June 05, 2005 3:17 PM Subject: Re: [Declude.Virus] Newbie question Thanks for the quick response. Yes, I have the Pro versions for both AV and Junkmail. Darin Cox wrote: Do you have the Pro version of Declude Junkmail? You have to have pro to use filters and outbound scanning. The fromfile filter I mentioned will work in the standard version, though. Darin. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Sunday, June 05, 2005 2:56 PM Subject: Re: [Declude.Virus] Newbie question I changed it to HEADERS and still I am receiving emails from these addresses (got 4 of them personally yesterday). My virus scanner is now updated every four hours, so F-Prot caught these viruses, but I still am receiving the virus notifications. Perhaps the scanning takes place (and the notifications are sent out) before my filter is called? This is what my filter file contains: HEADERS0CONTAINS[EMAIL PROTECTED] HEADERS0CONTAINS[EMAIL PROTECTED] etc. This is what I have in my global.cfg MYFILTERfilterC:\Imail\Declude\Filter.txtx200 This is in my $default$.junkmail file WEIGHT20HOLD What am I missing? Thanks. Scott Fisher wrote: The MAILFROM filter test is seperate from anything in the headers. It is the envelope sender. If you want to test on the header from (I call it display from because that's what Outlook displays), you need to check the HEADERS. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Friday, June 03, 2005 3:26 AM Subject: Re: [Declude.Virus] Newbie question Great. Exactly what I needed. I was also confused about the MAILFROM. Does MAILFROM mean what is displayed as the FROM: in the headers or what it says in the X-Note: This E-mail was sent from 206-72-95-86.wi.skypipeline.com ([206.72.95.86]) or in the X-Declude-Sender field? Maybe I should just use the HEADERS 0 CONTAINS instead. Thanks again. Scott Fisher wrote: One caveat. The MAILFROM uses the envelope mailfrom, which is different than the ones displayed in the headers. If the below doesn't stop it, add HEADERS 0 CONTAINS [EMAIL PROTECTED] HEADERS 0 CONTAINS [EMAIL PROTECTED] - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 10:37 PM Subject: Re: [Declude.Virus] Newbie question I looked up the filter section at the manual. This is what I did. I made a file called filter.txt. This contains: MAILFROM0CONTAINS[EMAIL PROTECTED] MAILFROM 0CONTAINS[EMAIL PROTECTED] etc. I then added this line in global.cfg: MYFILTERfilterC:\Imail\Declude\filter.txtx200 In my $default$.junkmail file there was already this line: WEIGHT20HOLD Do I need to do anything else to the junkmail file to reference MYFILTER or does the WEIGHT20 take care of everything? Thanks. Kevin Darin Cox wrote: Nope... add a filter test and put those lines in it. The same thing I mentioned without pro applies here for adding test names to the global.cfg and $default$.junkmail. The manual at http://declude.com/junkmail/manual.htm decribes adding filter files pretty well. Darin. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 7:09 PM Subject: Re: [Declude.Virus] Newbie
Re: [Declude.Virus] Newbie question
I changed it to HEADERS and still I am receiving emails from these addresses (got 4 of them personally yesterday). My virus scanner is now updated every four hours, so F-Prot caught these viruses, but I still am receiving the virus notifications. Perhaps the scanning takes place (and the notifications are sent out) before my filter is called? This is what my filter file contains: HEADERS0CONTAINS[EMAIL PROTECTED] HEADERS0CONTAINS[EMAIL PROTECTED] etc. This is what I have in my global.cfg MYFILTERfilterC:\Imail\Declude\Filter.txtx200 This is in my $default$.junkmail file WEIGHT20HOLD What am I missing? Thanks. Scott Fisher wrote: The MAILFROM filter test is seperate from anything in the headers. It is the envelope sender. If you want to test on the header from (I call it display from because that's what Outlook displays), you need to check the HEADERS. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Friday, June 03, 2005 3:26 AM Subject: Re: [Declude.Virus] Newbie question Great. Exactly what I needed. I was also confused about the MAILFROM. Does MAILFROM mean what is displayed as the FROM: in the headers or what it says in the X-Note: This E-mail was sent from 206-72-95-86.wi.skypipeline.com ([206.72.95.86]) or in the X-Declude-Sender field? Maybe I should just use the HEADERS 0 CONTAINS instead. Thanks again. Scott Fisher wrote: One caveat. The MAILFROM uses the envelope mailfrom, which is different than the ones displayed in the headers. If the below doesn't stop it, add HEADERS 0 CONTAINS [EMAIL PROTECTED] HEADERS 0 CONTAINS [EMAIL PROTECTED] - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 10:37 PM Subject: Re: [Declude.Virus] Newbie question I looked up the filter section at the manual. This is what I did. I made a file called filter.txt. This contains: MAILFROM0CONTAINS[EMAIL PROTECTED] MAILFROM 0CONTAINS[EMAIL PROTECTED] etc. I then added this line in global.cfg: MYFILTERfilterC:\Imail\Declude\filter.txtx200 In my $default$.junkmail file there was already this line: WEIGHT20HOLD Do I need to do anything else to the junkmail file to reference MYFILTER or does the WEIGHT20 take care of everything? Thanks. Kevin Darin Cox wrote: Nope... add a filter test and put those lines in it. The same thing I mentioned without pro applies here for adding test names to the global.cfg and $default$.junkmail. The manual at http://declude.com/junkmail/manual.htm decribes adding filter files pretty well. Darin. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 7:09 PM Subject: Re: [Declude.Virus] Newbie question I have pro. How do I add filters? Should I add that line MAILFROM10 CONTAINS [EMAIL PROTECTED] in virus.cfg or global.cfg? Do I need to use another file? If I use the HEADERS option HEADERS 10 CONTAINS [EMAIL PROTECTED] - where would I put that? Sorry for the newbie questions. Kevin Scott Fisher wrote: If you've got pro, you could add a filter: MAILFROM10 CONTAINS [EMAIL PROTECTED] that will check the envelope mailfrom. To check for those addresses in the headers: HEADERS 10 CONTAINS [EMAIL PROTECTED] Another option is to update your virus software more often to minimize the opportunity window for the virus. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 5:15 PM Subject: [Declude.Virus] Newbie question How do I ban certain email addresses? Some viruses have gotten through lately (first that I know about since installing Declude) sent from forged email addresses using our own domain. We do not whitelist our domain. I'd like to ban some of these common addresses (e.g., [EMAIL PROTECTED], [EMAIL PROTECTED], etc.) Thanks. --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Re: [Declude.Virus] Newbie question
Thanks for the quick response. Yes, I have the Pro versions for both AV and Junkmail. Darin Cox wrote: Do you have the Pro version of Declude Junkmail? You have to have pro to use filters and outbound scanning. The fromfile filter I mentioned will work in the standard version, though. Darin. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Sunday, June 05, 2005 2:56 PM Subject: Re: [Declude.Virus] Newbie question I changed it to HEADERS and still I am receiving emails from these addresses (got 4 of them personally yesterday). My virus scanner is now updated every four hours, so F-Prot caught these viruses, but I still am receiving the virus notifications. Perhaps the scanning takes place (and the notifications are sent out) before my filter is called? This is what my filter file contains: HEADERS0CONTAINS[EMAIL PROTECTED] HEADERS0CONTAINS[EMAIL PROTECTED] etc. This is what I have in my global.cfg MYFILTERfilterC:\Imail\Declude\Filter.txtx200 This is in my $default$.junkmail file WEIGHT20HOLD What am I missing? Thanks. Scott Fisher wrote: The MAILFROM filter test is seperate from anything in the headers. It is the envelope sender. If you want to test on the header from (I call it display from because that's what Outlook displays), you need to check the HEADERS. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Friday, June 03, 2005 3:26 AM Subject: Re: [Declude.Virus] Newbie question Great. Exactly what I needed. I was also confused about the MAILFROM. Does MAILFROM mean what is displayed as the FROM: in the headers or what it says in the X-Note: This E-mail was sent from 206-72-95-86.wi.skypipeline.com ([206.72.95.86]) or in the X-Declude-Sender field? Maybe I should just use the HEADERS 0 CONTAINS instead. Thanks again. Scott Fisher wrote: One caveat. The MAILFROM uses the envelope mailfrom, which is different than the ones displayed in the headers. If the below doesn't stop it, add HEADERS 0 CONTAINS [EMAIL PROTECTED] HEADERS 0 CONTAINS [EMAIL PROTECTED] - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 10:37 PM Subject: Re: [Declude.Virus] Newbie question I looked up the filter section at the manual. This is what I did. I made a file called filter.txt. This contains: MAILFROM0CONTAINS[EMAIL PROTECTED] MAILFROM 0CONTAINS[EMAIL PROTECTED] etc. I then added this line in global.cfg: MYFILTERfilterC:\Imail\Declude\filter.txtx200 In my $default$.junkmail file there was already this line: WEIGHT20HOLD Do I need to do anything else to the junkmail file to reference MYFILTER or does the WEIGHT20 take care of everything? Thanks. Kevin Darin Cox wrote: Nope... add a filter test and put those lines in it. The same thing I mentioned without pro applies here for adding test names to the global.cfg and $default$.junkmail. The manual at http://declude.com/junkmail/manual.htm decribes adding filter files pretty well. Darin. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 7:09 PM Subject: Re: [Declude.Virus] Newbie question I have pro. How do I add filters? Should I add that line MAILFROM10 CONTAINS [EMAIL PROTECTED] in virus.cfg or global.cfg? Do I need to use another file? If I use the HEADERS option HEADERS 10 CONTAINS [EMAIL PROTECTED] - where would I put that? Sorry for the newbie questions. Kevin Scott Fisher wrote: If you've got pro, you could add a filter: MAILFROM10 CONTAINS [EMAIL PROTECTED] that will check the envelope mailfrom. To check for those addresses in the headers: HEADERS 10 CONTAINS [EMAIL PROTECTED] Another option is to update your virus software more often to minimize the opportunity window for the virus. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 5:15 PM Subject: [Declude.Virus] Newbie question How do I ban certain email addresses? Some viruses have gotten through lately (first that I know about since installing Declude) sent from forged email addresses using our own domain. We do not whitelist our domain. I'd like to ban some of these common addresses (e.g., [EMAIL PROTECTED], [EMAIL PROTECTED], etc.) Thanks. --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED
Re: [Declude.Virus] Newbie question
Great. Exactly what I needed. I was also confused about the MAILFROM. Does MAILFROM mean what is displayed as the FROM: in the headers or what it says in the X-Note: This E-mail was sent from 206-72-95-86.wi.skypipeline.com ([206.72.95.86]) or in the X-Declude-Sender field? Maybe I should just use the HEADERS 0 CONTAINS instead. Thanks again. Scott Fisher wrote: One caveat. The MAILFROM uses the envelope mailfrom, which is different than the ones displayed in the headers. If the below doesn't stop it, add HEADERS 0 CONTAINS [EMAIL PROTECTED] HEADERS 0 CONTAINS [EMAIL PROTECTED] - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 10:37 PM Subject: Re: [Declude.Virus] Newbie question I looked up the filter section at the manual. This is what I did. I made a file called filter.txt. This contains: MAILFROM0CONTAINS[EMAIL PROTECTED] MAILFROM 0CONTAINS[EMAIL PROTECTED] etc. I then added this line in global.cfg: MYFILTERfilterC:\Imail\Declude\filter.txtx200 In my $default$.junkmail file there was already this line: WEIGHT20HOLD Do I need to do anything else to the junkmail file to reference MYFILTER or does the WEIGHT20 take care of everything? Thanks. Kevin Darin Cox wrote: Nope... add a filter test and put those lines in it. The same thing I mentioned without pro applies here for adding test names to the global.cfg and $default$.junkmail. The manual at http://declude.com/junkmail/manual.htm decribes adding filter files pretty well. Darin. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 7:09 PM Subject: Re: [Declude.Virus] Newbie question I have pro. How do I add filters? Should I add that line MAILFROM10 CONTAINS [EMAIL PROTECTED] in virus.cfg or global.cfg? Do I need to use another file? If I use the HEADERS option HEADERS 10 CONTAINS [EMAIL PROTECTED] - where would I put that? Sorry for the newbie questions. Kevin Scott Fisher wrote: If you've got pro, you could add a filter: MAILFROM10 CONTAINS [EMAIL PROTECTED] that will check the envelope mailfrom. To check for those addresses in the headers: HEADERS 10 CONTAINS [EMAIL PROTECTED] Another option is to update your virus software more often to minimize the opportunity window for the virus. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 5:15 PM Subject: [Declude.Virus] Newbie question How do I ban certain email addresses? Some viruses have gotten through lately (first that I know about since installing Declude) sent from forged email addresses using our own domain. We do not whitelist our domain. I'd like to ban some of these common addresses (e.g., [EMAIL PROTECTED], [EMAIL PROTECTED], etc.) Thanks. --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Newbie question
How do I ban certain email addresses? Some viruses have gotten through lately (first that I know about since installing Declude) sent from forged email addresses using our own domain. We do not whitelist our domain. I'd like to ban some of these common addresses (e.g., [EMAIL PROTECTED], [EMAIL PROTECTED], etc.) Thanks. --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Newbie question
I have pro. How do I add filters? Should I add that line MAILFROM10 CONTAINS [EMAIL PROTECTED] in virus.cfg or global.cfg? Do I need to use another file? If I use the HEADERS option HEADERS 10 CONTAINS [EMAIL PROTECTED] - where would I put that? Sorry for the newbie questions. Kevin Scott Fisher wrote: If you've got pro, you could add a filter: MAILFROM10 CONTAINS [EMAIL PROTECTED] that will check the envelope mailfrom. To check for those addresses in the headers: HEADERS 10 CONTAINS [EMAIL PROTECTED] Another option is to update your virus software more often to minimize the opportunity window for the virus. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 5:15 PM Subject: [Declude.Virus] Newbie question How do I ban certain email addresses? Some viruses have gotten through lately (first that I know about since installing Declude) sent from forged email addresses using our own domain. We do not whitelist our domain. I'd like to ban some of these common addresses (e.g., [EMAIL PROTECTED], [EMAIL PROTECTED], etc.) Thanks. --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Newbie question
I looked up the filter section at the manual. This is what I did. I made a file called filter.txt. This contains: MAILFROM0CONTAINS[EMAIL PROTECTED] MAILFROM 0CONTAINS[EMAIL PROTECTED] etc. I then added this line in global.cfg: MYFILTERfilterC:\Imail\Declude\filter.txtx200 In my $default$.junkmail file there was already this line: WEIGHT20HOLD Do I need to do anything else to the junkmail file to reference MYFILTER or does the WEIGHT20 take care of everything? Thanks. Kevin Darin Cox wrote: Nope... add a filter test and put those lines in it. The same thing I mentioned without pro applies here for adding test names to the global.cfg and $default$.junkmail. The manual at http://declude.com/junkmail/manual.htm decribes adding filter files pretty well. Darin. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 7:09 PM Subject: Re: [Declude.Virus] Newbie question I have pro. How do I add filters? Should I add that line MAILFROM10 CONTAINS [EMAIL PROTECTED] in virus.cfg or global.cfg? Do I need to use another file? If I use the HEADERS option HEADERS 10 CONTAINS [EMAIL PROTECTED] - where would I put that? Sorry for the newbie questions. Kevin Scott Fisher wrote: If you've got pro, you could add a filter: MAILFROM10 CONTAINS [EMAIL PROTECTED] that will check the envelope mailfrom. To check for those addresses in the headers: HEADERS 10 CONTAINS [EMAIL PROTECTED] Another option is to update your virus software more often to minimize the opportunity window for the virus. - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 5:15 PM Subject: [Declude.Virus] Newbie question How do I ban certain email addresses? Some viruses have gotten through lately (first that I know about since installing Declude) sent from forged email addresses using our own domain. We do not whitelist our domain. I'd like to ban some of these common addresses (e.g., [EMAIL PROTECTED], [EMAIL PROTECTED], etc.) Thanks. --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot and HTML object exploit
I'm having the same problem. Again - how do you rollback the virus defs? Wind wrote: Thank you for the tip, John. I searched the logs and since the update there are legitimate E-mail, which are caught. Uwe - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Monday, May 02, 2005 7:46 PM Subject: [Declude.Virus] F-Prot and HTML object exploit It appears that something has updated on F-Prot in the last hour. Now, a lot of outbound HTML e-mails are being flagged by F-Prot as having the HTML object exploit. Running the file on www.virustotal.com shows clean. Any one else seeing problems? For now, as I am at a client, I have turned off F-Prot scanning relying on AVG. John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot and HTML object exploit
sure - thanks! Has anyone let F-Prot know about this? Kevin Bill Landry wrote: Depends on how you execute your updates. I use a script that saves a copy of the previous defs to a backup directory. I can zip and send the previous defs to you if you do not have copies of them. Bill - Original Message - From: Jeff [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Monday, May 02, 2005 11:50 AM Subject: Re: [Declude.Virus] F-Prot and HTML object exploit How can I roll back ?? - Original Message - From: Bill Landry [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Monday, May 02, 2005 2:12 PM Subject: Re: [Declude.Virus] F-Prot and HTML object exploit Yes, this is a problem! I rolled back to my latest defs prior to the last update and all is well again. I disabled my updates for a while to see if F-Prot fixes this issue. Bill - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Monday, May 02, 2005 10:46 AM Subject: [Declude.Virus] F-Prot and HTML object exploit It appears that something has updated on F-Prot in the last hour. Now, a lot of outbound HTML e-mails are being flagged by F-Prot as having the HTML object exploit. Running the file on www.virustotal.com shows clean. Any one else seeing problems? For now, as I am at a client, I have turned off F-Prot scanning relying on AVG. John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot and HTML object exploit
I've been running 3.15b - I'm downloading the latest version now. Should I install? or will this have no effect on this particular issue? And what about the previous defs - anyone out there want to email me a previous def file as a work around?? Thanks Kevin Markus Gufler wrote: Question: Have you all running the latest v3.16b ? I can't see any appearance of HTML/ObjData in the entire current logfile, but I've still running 3.16a Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, May 02, 2005 7:47 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] F-Prot and HTML object exploit It appears that something has updated on F-Prot in the last hour. Now, a lot of outbound HTML e-mails are being flagged by F-Prot as having the HTML object exploit. Running the file on www.virustotal.com shows clean. Any one else seeing problems? For now, as I am at a client, I have turned off F-Prot scanning relying on AVG. John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot and HTML object exploit
I also filled out the form at FProt's site. Thanks for the defs. When I open up FProt, though, it says that my defs are up-to-date, even though I replaced the newest ones with the ones that you sent. I hope that that message indicates whether we've downloaded the latest - not whether we are actually using the latest defs. Colbeck, Andrew wrote: I don't think the engine version matters, just the pattern file. I've confirmed that the culprit is this, the most recent sign.def from 05/02/2005 01:32 PM And yes, I've sent in a support request via their web page; I'd like to supply them with several samples. I've also played around with the switch settings and found that there are no relevant switches that can be used as a workaround (i.e. /ai /noheur and /server make no difference in the detection or not of this false-positive). All of the messages detected either had Office 10 or Office 11 headers or were replies to messages created with Office 10 or Office 11. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Monday, May 02, 2005 1:10 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] F-Prot and HTML object exploit Question: Have you all running the latest v3.16b ? I can't see any appearance of HTML/ObjData in the entire current logfile, but I've still running 3.16a Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, May 02, 2005 7:47 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] F-Prot and HTML object exploit It appears that something has updated on F-Prot in the last hour. Now, a lot of outbound HTML e-mails are being flagged by F-Prot as having the HTML object exploit. Running the file on www.virustotal.com shows clean. Any one else seeing problems? For now, as I am at a client, I have turned off F-Prot scanning relying on AVG. John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Covad has a problem with our RBL
I received the following email today from Covad - our access provider. It looks like they have a problem with Declude checking inbound emails against a realtime blackhole list. (The problem could also be several emails we've received lately with hundreds of recipients, many of which were invalid - so it could be the NDR problem mentioned). Does anyone know if Declude, setup normally without much modification, is using more than 1 RBL, or, irregardless of how many it uses, would it be checking the RBL 12000 times an hour for a mail server that delivers about 6000 messages a day? Or do you think this most likely has to do with the too-many-invalid-recipients problem? Thanks. Kevin MESSAGE FOLLOWS --- Dear Covad Customer, Our records indicate that your computer has made 12497 requests during the hour we monitored it which accounted for 5.13% of the total traffic to the Covad nameservers in your region. The high volume of requests made by your computer to our nameservers causes a degradation of service for other Covad customers. The IP address implicated is: XX.XXX.XXX.XXX Possible causes for this excessive activity includes, but not limited to the following reasons: -Virus infected computer(s) sending infected emails which causes Covad servers to receive MX queries for every infected message. -Computer hosting an open proxy or relay that is being abused by a spammer. Each outbound email will generate a DNS request. -Mail server configured to check every inbound email on a realtime blackhole list (RBL). This could oppose a problem if there are more than two lists being queried. -Mail server configured to send a non delivery receipt (NDR) for every email received at an invalid email address. NDR messages cause Covad servers to receive DNS requests as well as generate unnecessary traffic on a customer's network. NDR messages is also a way for spammers to confirm valid email addresses which could cause mail servers to receive even more spammed emails. --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Covad has a problem with our RBL
Correction: We're not connecting to the RBL 12000 times an hour - we're connecting to Covad's nameservers 12000 times an hour. Kevin Rogers wrote: I received the following email today from Covad - our access provider. It looks like they have a problem with Declude checking inbound emails against a realtime blackhole list. (The problem could also be several emails we've received lately with hundreds of recipients, many of which were invalid - so it could be the NDR problem mentioned). Does anyone know if Declude, setup normally without much modification, is using more than 1 RBL, or, irregardless of how many it uses, would it be checking the RBL 12000 times an hour for a mail server that delivers about 6000 messages a day? Or do you think this most likely has to do with the too-many-invalid-recipients problem? Thanks. Kevin MESSAGE FOLLOWS --- Dear Covad Customer, Our records indicate that your computer has made 12497 requests during the hour we monitored it which accounted for 5.13% of the total traffic to the Covad nameservers in your region. The high volume of requests made by your computer to our nameservers causes a degradation of service for other Covad customers. The IP address implicated is: XX.XXX.XXX.XXX Possible causes for this excessive activity includes, but not limited to the following reasons: -Virus infected computer(s) sending infected emails which causes Covad servers to receive MX queries for every infected message. -Computer hosting an open proxy or relay that is being abused by a spammer. Each outbound email will generate a DNS request. -Mail server configured to check every inbound email on a realtime blackhole list (RBL). This could oppose a problem if there are more than two lists being queried. -Mail server configured to send a non delivery receipt (NDR) for every email received at an invalid email address. NDR messages cause Covad servers to receive DNS requests as well as generate unnecessary traffic on a customer's network. NDR messages is also a way for spammers to confirm valid email addresses which could cause mail servers to receive even more spammed emails. --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Spool Dir
Do you happen to have the batch? I've been writing some xcopy lines, but have had problems finding a simple date-specific delete statement. Thanks Douglas Cohn wrote: I personally do not like installing anything on my Imail servers. That said I use a sinple dos batch file to delete everything that is X days old. I run it as a scheduled task daily. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Wednesday, October 13, 2004 1:15 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Spool Dir I was wondering what everyone does with the Imail\spool\virus directory. Do you delete all the files regularly? I've got 7000 files in there since I installed Declude (2 weeks ago). --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Spool Dir
I was wondering what everyone does with the Imail\spool\virus directory. Do you delete all the files regularly? I've got 7000 files in there since I installed Declude (2 weeks ago). --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] trusted senders and scanfiles
A few questions: 1. We have a customer who periodically receives encrypted (password-protected) ZIPs from a trusted company. Is there a way to allow certain senders to bypass the BANEXT EZIP line in the virus.cfg (or in some other way get their email through)? 2. Is there a place somewhere that describes the various options for the SCANFILE line of virus.cfg? I am generating several reports (decMMDD.log and hiMMDD.log) that have to do with Declude HiJack, even though I do not have HiJack. So I'm thinking that my SCANFILE is telling Declude that I DO have it. Here is my SCANFILE. I am running Declude Virus Pro (and no other Declude software): LOGFILE spool\vir.log LOGLEVELLOW CONSOLEOFF # # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. # SCANFILE C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORT Infection: Thanks! --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] trusted senders and scanfiles
The sender of the EZIP file is obligated (by HIPAA legislation - insurance industry - and by Blue Shield) to send out password-protected files. Does anyone have a work-around for this? I'm sure some of you have come across HIPAA or other industry requirements to send out password-protected files. Thanks! Kevin Rogers wrote: A few questions: 1. We have a customer who periodically receives encrypted (password-protected) ZIPs from a trusted company. Is there a way to allow certain senders to bypass the BANEXT EZIP line in the virus.cfg (or in some other way get their email through)? --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] trusted senders and scanfiles
Thanks. I'm having him password protect his Office documents directly and that seems to be working. But does anyone have any information about my second question? 2. Is there a place somewhere that describes the various options for the SCANFILE line of virus.cfg? I am generating several reports (decMMDD.log and hiMMDD.log) that have to do with Declude HiJack, even though I do not have HiJack. So I'm thinking that my SCANFILE is telling Declude that I DO have it (or it could be some other line in the virus.cfg?). Here is my SCANFILE. I am running Declude Virus Pro (and no other Declude software). LOGFILE spool\vir.log LOGLEVELLOW CONSOLEOFF # # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. # SCANFILE C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORT Infection: Bud Durland wrote: Kevin Rogers wrote: The sender of the EZIP file is obligated (by HIPAA legislation - insurance industry - and by Blue Shield) to send out password-protected files. Does anyone have a work-around for this? I'm sure some of you have come across HIPAA or other industry requirements to send out password-protected files. Have the sender rename the file with a unique extension, preferable longer than 3 characters -- .SafeZip or some such.. Then tell Declude Virus to skip that extension. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Another easy one
Nope. Just Declude Virus Pro. So I don't know why that CONSOLE stuff would be happening. It's no biggie - just wanted to make sure I'm doing everything by the book. Kevin John Tolmachoff (Lists) wrote: Are you using Declude Hijack? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Friday, October 01, 2004 8:44 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Another easy one Just so you know. There wasn't a CONSOLE anything in either the two files: global.cfg or virus.cfg. When I got the 1.81 upgrade, deccon.exe was put into my new Upgrade 1.81 directory, so I decided to put it in the /Imail directory, and now everything is hunky-dorey. But nonetheless, there was nothing about it in my default .cfg files. R. Scott Perry wrote: I didn't have anything after the LOGFILE and LOGLEVEL (no mention of CONSOLE at all). So I've added a CONSOLE OFF line after that. I don't have Hijack, so I assume this is the way to get around the error? Do you have a CONSOLE ON line in your global.cfg file? It's possible that that could cause the error message, too. If there is no CONSOLE ON line, it defaults to CONSOLE OFF, so I'm guessing the message will still appear. Note that the message doesn't affect how Declude functions (except that the console won't appear, but that isn't something you were expecting). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] new interim version
Newb question: How do I install an interim version of Declude? Just replace the declude.exe file? Thanks Kevin Kami Razvan wrote: Bennie: Look at Scott's email: Yes. v1.80 has basic (Microsoft method) detection of the GDIPlus.dll JPEG Exploit, but their way has false positives. The v1.80i1 interim at http://www.declude.com/version/interim (and likely tomorrow a 1.81 release) has full (Declude method) detection of the GDIPlus.dll JPEG Exploit, and is expected to have no false positives. All interims are always there. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bennie Sent: Friday, October 01, 2004 6:16 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] new interim version And where do you find these on the website??? I have been looking and cant seem to find them anywhere Bennie --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Another easy one
I'm getting an error in my vXXX.log file: 10/01/2004 13:46:27 Qc22200bc00b6e28c Couldn't find console; starting... (2). 10/01/2004 13:46:27 Qc22200bc00b6e28c Error starting deccon.exe: 2 10/01/2004 13:46:27 Qc22200bc00b6e28c Scanned: Virus Free [MIME: 2 2058] 10/01/2004 13:46:49 Qc23200bf00b6e28e Couldn't find console; starting... (2). 10/01/2004 13:46:49 Qc23200bf00b6e28e Error starting deccon.exe: 2 10/01/2004 13:46:49 Qc23200bf00b6e28e Scanned: Virus Free [MIME: 2 124090] 10/01/2004 13:46:50 Qc213018200cee28b Couldn't find console; starting... (2). 10/01/2004 13:46:50 Qc213018200cee28b Error starting deccon.exe: 2 Over and over again. Is it my path to F-Prot? Shouldn't be, since it's actually scanning and finding viruses. Thanks for you help. Kevin --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Another easy one
I didn't have anything after the LOGFILE and LOGLEVEL (no mention of CONSOLE at all). So I've added a CONSOLE OFF line after that. I don't have Hijack, so I assume this is the way to get around the error? Kevin Rogers wrote: I don't appear to have any string CONSOLE ON in my virus.cfg file This is my scanfile line SCANFILEC:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /REPORT=report.txt I just copied it off the manual. R. Scott Perry wrote: I'm getting an error in my vXXX.log file: 10/01/2004 13:46:27 Qc22200bc00b6e28c Couldn't find console; starting... (2). 10/01/2004 13:46:27 Qc22200bc00b6e28c Error starting deccon.exe: 2 This one is because you have a line CONSOLE ON in the virus.cfg file, which tells Declude to run the \IMail\Deccon.exe file (which displays a console showing recent E-mails that arrived, that is required for Declude Hijack). However, that file doesn't appear. So you can either copy the deccon.exe file to the \IMail directory, or you can remove the CONSOLE ON line. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Another easy one
Just so you know. There wasn't a CONSOLE anything in either the two files: global.cfg or virus.cfg. When I got the 1.81 upgrade, deccon.exe was put into my new Upgrade 1.81 directory, so I decided to put it in the /Imail directory, and now everything is hunky-dorey. But nonetheless, there was nothing about it in my default .cfg files. R. Scott Perry wrote: I didn't have anything after the LOGFILE and LOGLEVEL (no mention of CONSOLE at all). So I've added a CONSOLE OFF line after that. I don't have Hijack, so I assume this is the way to get around the error? Do you have a CONSOLE ON line in your global.cfg file? It's possible that that could cause the error message, too. If there is no CONSOLE ON line, it defaults to CONSOLE OFF, so I'm guessing the message will still appear. Note that the message doesn't affect how Declude functions (except that the console won't appear, but that isn't something you were expecting). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.