RE: [Declude.Virus] AVG Updates
incavi.avm Sept 12, 2006 5:54 pm microavi.avg Sept 12, 2006 5:54 pm miniavi.avg Sept 6, 2006 9:33 am avi7.avg Feb 21, 2006 1:27 am -Luis Arango From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark ReimerSent: Martes, 12 de Septiembre de 2006 04:32 p.m.To: Declude. [EMAIL PROTECTED] comSubject: [Declude.Virus] AVG Updates What are the latest AVG updates that everyone has? Im worried that my AVG stopped updating for some reason. Or is it from Declude moving all their stuff around? Mark Reimer IT Project Manager American CareSource 214-596-2464 ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
RE: [Declude.Virus] new virus?
I checked and saw just a few of them. Luis Arango From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karen MitchellSent: Miércoles, 30 de Agosto de 2006 04:01 p.m.To: declude.virus@declude.comSubject: [Declude.Virus] new virus? I am seeing lots of .com attachments blocked with Declude. Random two word subject from many different ip addresses. Is anyone else seeing them? Karen M. MitchellSenior NewMedia Systems AdministratorAccuWeather, Inc.385 Science Park RoadState College, PA 16803814-235-8698"Get the best weather on the web" - http://www.accuweather.com ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
RE: [Declude.Virus] language specific messages
Or create another .eml, making sure it is only trigger FOR SPECIFIC users using ONLYSENDIFLOCALRECIPIENT You can see more info in EVA manual, in the CHAPTER E-MAIL NOTIFICATIONS. Commands are very powerful, I am sure you will find the right ones -Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Jueves, 23 de Febrero de 2006 02:12 p.m. To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] language specific messages You could always put the English and Spanish messages into the same recip.eml file. I see a lot of that type of thing up here in Canada except it is English and French. Goran Jovanovic Omega Network Solutions -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Thursday, February 23, 2006 2:04 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] language specific messages Can the following be done in Declude EVA? I have customers who are english speakers, and customers who are spanish speakers. When a customer is sent a virus, they receive a messsage telling them about the virus (recip.eml). I want to be able to have a different message sent to each of my domains depending on the language of the customer (recip-en.eml and recip-es.eml). I believe this can be done in Junkmail, but can it be done in EVA? Thanks, Gary Steiner --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses] [Email escaneado contra virus] __ [Email scanned for viruses] [Email escaneado contra virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Virus Feebs variant warning
I just got a message from a gmail account (forged)With a data.zip attached. It has a hta file inside. subject: Secure MailThe body saysID: 46271Password: zgbvndwdxMessage is attached.Sincerely,Protected Mail System,Gmail.comUsing virustotal.com it is only catched by very few companies.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.25.2006 no virus found Avast 4.6.695.0 01.25.2006 no virus found AVG 718 01.25.2006 Worm/Feebs Avira 6.33.0.77 01.25.2006 no virus found BitDefender 7.2 01.26.2006 no virus found CAT-QuickHeal 8.00 01.25.2006 no virus found ClamAV devel-20051123 01.26.2006 no virus found DrWeb 4.33 01.25.2006 Win32.HLLM.Graz eTrust-InoculateIT 23.71.60 01.25.2006 no virus found eTrust-Vet 12.4.2056 01.25.2006 Win32/Feeb!ZIP Ewido 3.5 01.25.2006 no virus found Fortinet 2.54.0.0 01.26.2006 JS/Feebs.fam-mm F-Prot 3.16c 01.25.2006 no virus found Ikarus 0.2.59.0 01.25.2006 no virus found Kaspersky 4.0.2.24 01.25.2006 Worm.Win32.Feebs.gen McAfee 4682 01.25.2006 no virus found NOD32v2 1.1380 01.25.2006 JS/TrojanDownloader.Tivso.gen Norman 5.70.10 01.25.2006 JS/[EMAIL PROTECTED] Panda 9.0.0.4 01.25.2006 no virus found Sophos 4.01.0 01.25.2006 no virus found Symantec 8.0 01.26.2006 W32.Feebs TheHacker 5.9.3.081 01.26.2006 no virus found UNA 1.83 01.25.2006 no virus found VBA32 3.10.5 01.25.2006 no virus found F-prot, Mcaffe, ClamAV are not catching it. meanwhile I am banning it via the body of the email. Catching "Protected Mail System"
RE: [Declude.Virus] Virus Feebs variant warning
I thought about it but the the thing is that if I use Banzipexts it will check and ban all the extensions banned by Banext -hta is banext already-. Then I might becatching lots of emails that my legit users are sending in zip files like a .exe file. Nevertheless I am still considering that optoin Luis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)Sent: Miércoles, 25 de Enero de 2006 08:34 p.m.To: Declude.Virus@declude.comSubject: RE: [Declude.Virus] Virus Feebs variant warning Why not catch it with less resources via banning hta files and BANZIPEXTS and BANEZIPEXTS? John T eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto ArangoSent: Wednesday, January 25, 2006 4:56 PMTo: Declude.Virus@declude.comSubject: [Declude.Virus] Virus Feebs variant warning I just got a message from a gmail account (forged)With a data.zip attached. It has a hta file inside. subject: Secure MailThe body saysID: 46271Password: zgbvndwdxMessage is attached.Sincerely,Protected Mail System,Gmail.comUsing virustotal.com it is only catched by very few companies.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file.This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.25.2006 no virus found Avast 4.6.695.0 01.25.2006 no virus found AVG 718 01.25.2006 Worm/Feebs Avira 6.33.0.77 01.25.2006 no virus found BitDefender 7.2 01.26.2006 no virus found CAT-QuickHeal 8.00 01.25.2006 no virus found ClamAV devel-20051123 01.26.2006 no virus found DrWeb 4.33 01.25.2006 Win32.HLLM.Graz eTrust-InoculateIT 23.71.60 01.25.2006 no virus found eTrust-Vet 12.4.2056 01.25.2006 Win32/Feeb!ZIP Ewido 3.5 01.25.2006 no virus found Fortinet 2.54.0.0 01.26.2006 JS/Feebs.fam-mm F-Prot 3.16c 01.25.2006 no virus found Ikarus 0.2.59.0 01.25.2006 no virus found Kaspersky 4.0.2.24 01.25.2006 Worm.Win32.Feebs.gen McAfee 4682 01.25.2006 no virus found NOD32v2 1.1380 01.25.2006 JS/TrojanDownloader.Tivso.gen Norman 5.70.10 01.25.2006 JS/[EMAIL PROTECTED] Panda 9.0.0.4 01.25.2006 no virus found Sophos 4.01.0 01.25.2006 no virus found Symantec 8.0 01.26.2006 W32.Feebs TheHacker 5.9.3.081 01.26.2006 no virus found UNA 1.83 01.25.2006 no virus found VBA32 3.10.5 01.25.2006 no virus found F-prot, Mcaffe, ClamAV are not catching it. meanwhile I am banning it via the body of the email. Catching "Protected Mail System"
[Declude.Virus] F-Prot 3.16f
For those of you using F-prot Version 3.16f windows (f-prot) is ready for dowloading. This newest version of F-Prot Antivirus for Windows includes a bugfix for an endless loop encountered in a corrupted Windows Metafile (WMF) sample. - Regards Luis Arango __ [Email scanned for viruses] [Email escaneado contra virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] New F-Prot 3.16d
FYI: FRISK Software has now released version 3.16d of F-Prot Antivirus for Windows. http://www.f-prot.com/news/gen_news/051128_release_win316d.html http://subscription.f-prot.com/login/index.html Regards Luis Arango __ [Email scanned for viruses] [Email escaneado contra virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Update your f-prot definition files now!
There is a new virus I received today at 7:33 am (ET)(submitted by one of our customers) and f-prot didn't catch it. With the filename sms_text.zip within it there is a file named 5.exe Zone alarm (my desktop) and f-prot didn't catch it. Bitdefender did with the name Win32.ExplorerHijack F-prot updated definition files a few minutes ago.. Now f-prot catches it and sees it like [EMAIL PROTECTED] If you run f-prot update your definition files.. Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Martes, 01 de Noviembre de 2005 02:07 p.m. To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Blast of zips coming in I forced a Fprot update when I saw them coming it and yes, it started picking them up as Mitglieder variants - at least those not held for spam reasons. (I run AVAFTERJM) John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, November 01, 2005 12:01 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Blast of zips coming in Current F-Prot definitions catch this as a Mitglieder variant, and Trend Micro reports that they are investigating Bagle.AB The zip files contain a non-password protected executable; I've noticed the following names: Loader.exe t_535475.exe Here is an F-Prot report on one catch: C:\Temp\Virus\Bagle.Newd:\f-prot\scanonly *.* Virus scanning report - 1 November 2005 @ 9:49 F-PROT ANTIVIRUS Program version: 3.16b Engine version: 3.16.6 VIRUS SIGNATURE FILES SIGN.DEF created 1 November 2005 SIGN2.DEF created 1 November 2005 MACRO.DEF created 25 October 2005 Search: *.* Action: Report only Files: Dumb scan of all files Switches: /ARCHIVE /PACKED /SERVER /REPORT=d:\f-prot\ScanReport.txt /NOBOOT /NOMEM /AI Memory was not scanned. Hard disk boot sectors were not scanned. C:\Temp\Virus\Bagle.New\D939EE224010AEFE9.SMD-Business_dealin g.zip-Loa der.exe is a security risk named W32/Mitglieder.FY Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 3 Infected: 0 Suspicious: 1 Disinfected: 0 Deleted: 0 Renamed: 0 Time: 0:00 ErrorLevel returned by fpcmd is: [8] errorlevel 8 = At least one suspicious object was found. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses] [Email escaneado contra virus] __ [Email scanned for viruses] [Email escaneado contra virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AVAFTERJM ?
Title: AVAFTERJM ? If using the AVAFTERJM option in Declude Virus, Declude Virus will run after Declude JunkMail. this is the Processing Order for Imail (taken form the manual). the default is that Declude Virus runs before Declude JunkMail Both IMail and Declude have a number of different tests that they run on E-mail. The order used is as follows: 1. IMails Control Access file (to block IPs) 2. IMails Kill List (to block return addresses) 3. IMail v8 anti-spam (most tests) 4. Declude Virus 5. Declude Hijack 6. Declude JunkMail 7. IMail's filters and extra IMail v8 anti-spam tests Luis Arango From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marcel SangersSent: Jueves, 22 de Septiembre de 2005 03:16 a.m.To: Declude.Virus@declude.comSubject: [Declude.Virus] AVAFTERJM ? Hello all, We make use of the latest Declude version (spam+virus) Pro. What does the AVAFTERJM option do? Antivirus scanning after Junkmail I suppose? What is the default? First scanning viruses followed by scanning for spam? Due to the large amounts of spam I would suggest first filtering out spam followed by possible viruses? Is that correct? Regards, Marcel
RE: [Declude.Virus] New Variant of Bagle?
Regarding the virus discussed in this post. Here the official answer from f-prot after sending the file to them The file that you sent us through our submission form was analyzed as a security risk named W32/Mitglieder.FI. Detection is available in the latest release of our virus signature files. I encourage all f-prot users to use f-prot submission form as soon as you find any suspicious file. The sooner and more notifications f-prot gets the best support and service we can get from them releasing new signature files. Here the submission form link f-prot has http://www.f-prot.com/virusinfo/submission_form.html regards Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Lunes, 19 de Septiembre de 2005 03:04 p.m. To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] New Variant of Bagle? After F-prot released the new def this morning, those virus have been caught because of Viruscode 8 configuration. Mario Antonio - Original Message - From: Panda Consulting S.A. Luis Alberto Arango [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Monday, September 19, 2005 3:43 PM Subject: RE: [Declude.Virus] New Variant of Bagle? I have latest definition signatures and still f-prot doesn't catch the virus. I banned the files while f-prot comes with a definition file that catches it. I already submitted the file to f-prot for analisys. Zone Alarm antivirus doesn't detect any virus in the file either. The zip contains a file named price_list the size is 35.146 Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Lunes, 19 de Septiembre de 2005 09:01 a.m. To: Declude.Virus@declude.com Subject: [Declude.Virus] New Variant of Bagle? I see that Declude/F-PROT is not catching these virus: price.zip, new_price.zip, newprice.zip, price_09.zip, price2.zip, new__price.zip I guess it could be a new variant of W32/[EMAIL PROTECTED] that was released on August last year. or Am I missing something? Mario Antonio --- [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses] [Email escaneado contra virus] __ [Email scanned for viruses] [Email escaneado contra virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System] --- [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses] [Email escaneado contra virus] __ [Email scanned for viruses] [Email escaneado contra virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Confirm SKIPIFRECIP syntax
Yes with that command will not send the notification if the recipient of the virus is one that you specify. So the line SKIPIFRECIP [EMAIL PROTECTED] Won't send the notification to [EMAIL PROTECTED] if he/she is the recipient of the vulnerability you mention. Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Martes, 23 de Agosto de 2005 10:47 a.m. To: Declude.Virus@declude.com Subject: [Declude.Virus] Confirm SKIPIFRECIP syntax Hi, I just want to confirm that if I put a SKIPIFRECIP [EMAIL PROTECTED] In my recip-vulnerability.eml file that the person mentioned above will not get VULNERABILITY ALERTs but every one else will. Thanks Goran Jovanovic The LAN Shoppe --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses] [Email escaneado contra virus] __ [Email scanned for viruses] [Email escaneado contra virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Proc folder
Thanks for your prompt response. Luis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Lunes, 22 de Agosto de 2005 08:26 a.m. To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Proc folder Luis, The proc folder is used for processing mail with Declude. Sometimes there are orphan files left in the proc directory, you can delete these. The process is as follows: Email In -- SmarterMail -- Declude (proc) -- SmarterMail (Spool)-- Email Out with an x in front of the spool number so that Declude does not process the mail again. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Monday, August 22, 2005 12:33 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] Proc folder What is the proc folder for Smartermail/spool/proc Is where declude temporarely stores the messages for scanning before taking them back to the spool and adding an X to the first character of the filename? Is there a reason why a message is still there after various days.? I have one, but according to smartermail delivery logs it was delivered. I just don't know why is still in the proc folder. I can delete it, but I was just wondering if there is a reason why a message can still be there after a couple of days. Luis Arango __ [Email scanned for viruses] [Email escaneado contra virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses] [Email escaneado contra virus] __ [Email scanned for viruses] [Email escaneado contra virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot update
Title: Message I just updated it a few hours ago. So far so good. I will let you know how it goes later on. bye Luis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Viernes, 10 de Junio de 2005 11:01 a.m. To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] F-Prot update Ah, I didn't check the internals of the *.def files. I simply ran fpcmd manually against the viral files I had stashed and noted how long it took and what the errorlevel was afterwards. I'll re-subscribe to the announcements and see if that helps. I did check my Declude log to see if their announcement had been caught as spam, but no, there were no messages. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 09, 2005 7:06 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] F-Prot update Andrew, I looked at the sign and sign2.def files and they are binary junk to me. What did you use to check the def files? I resubscribed to the announcements and maybe now I will get 1 announcement J Goran Jovanovic The LAN Shoppe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, June 09, 2005 9:54 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] F-Prot update According to their website, this isa stability update; comparing a new install on my test box shows that lots of datestamps have been updated but actually notmany fileschanged. The Help file has not changed, and there is no text file that describes the changes/updates. As an aside, Matt and I each contacted their Support desk regarding slow processing of certain UPX encrypted hostiles, and also an overlapping issue where variants of MyTob being caught as error code 8 suspicious were just as viral as other variants that were caught as error code 3 virus... well, I went back and checked and with the current *.def files, both of those issues have been fixed. Andrew 8) p.s. I'm also in Canada, and didn't receive an email update notice for this update, nor the previous one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J Porter Sent: Thursday, June 09, 2005 11:14 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] F-Prot update I received a notice for 3.16c update from Frisk. I don't recall it being normal for them to recommend updating ASAP. Anyone tried it yet? ~Joe
[Declude.Virus] bitdefender 100% CPU
I just thought worth it to report this to the list. I installed bitdefender free version last week as a second scanner. It has been a nightmare. It consumes too much CPU. Once I activated it as a second scanner, CPU went up to 100%, until my box just stop delivering and receiving messages. It was even hard to open a folder or browse through the system. Looking at the taskmanager every bitdefender process consumes between 20 to 30%. With 2 or 3 active processes CPU goes up to 100%. My box manages 20 to 25K messages daily. Not a big volume. F-prot hardly appears in the process list, and doesn't consume CPU at all. But bitdefender is a big CPU consumer. Once I deactivate it, it takes a minute or so to see how CPU consumption goes back to 15% or 20% maximum. My Conclusion. Bitdefender is not the way to go as a second scanner. I am looking for another one. Regards, Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.Virus] Second Scanner
Just out of curiosity, what declude version are you using? I have a related problem with my second scanner (bitdefender) and I am using declude beta. I am testing things now going back to the last non beta declude version 2.06 Luis -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of David Sullivan Sent: Sábado, 04 de Junio de 2005 01:18 p.m. To: Declude.Virus@declude.com Subject: Re[2]: [Declude.Virus] Second Scanner Hello Scott, Friday, June 3, 2005, 10:48:47 PM, you wrote: SF One last ClamAV comment... SF I've added the command line switch --max-ratio 0 SF I've had some false positives on some .zip files that forced me to add the SF switch. Thanks for the info. I've been running clam now with Terry's runclamscan since last night on 2 machines. At one point on each machine started getting these errors in the Declude Virus file: 06/04/2005 14:06:54 Qed820cb43917 ERROR: Virus scanner 2 didn't finish after 60 seconds; terminating. 06/04/2005 14:06:54 Qed820cb43917 WARNING: Couldn't remove .vir directory o:\spool\Ded820cb43917.vir\: SHARING VIOLATION. 06/04/2005 14:06:54 Qed820cb43917 Likely problem: An on-access scanner is interfering; disable or set not to scan subdirectories off of \IMail\spool. Then, they balloon to ones like this: 06/04/2005 14:07:25 Qed87026a0076c30a ERROR: Could not move virus-infected E-mail! Code: 32 0 o:\spool\Ded87026a0076c30a.SMD L:\virustrap\Ded87026a0076c30a.SMD. Re-trying. 06/04/2005 14:07:26 Qed82035200bac2f1 ERROR: Could not move virus-infected E-mail! Code: 32 0 o:\spool\Ded82035200bac2f1.SMD L:\virustrap\Ded82035200bac2f1.SMD. Re-trying. 06/04/2005 14:07:26 Qed8402890066c2fa ERROR: Could not move virus-infected E-mail! Code: 32 0 o:\spool\Ded8402890066c2fa.SMD L:\virustrap\Ded8402890066c2fa.SMD. Re-trying. It took a reboot of both machines to fix the problem. On one I had 288 process running which fouls everything else up. Clam is SCANNER2 Any ideas? -- Best regards, Davidmailto:[EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BitDefender updates
Thanks for your help Didn't notice that directory. I was looking the files in another directory it used to drop part of the installation I made. Excellent. I will test it as a second scanner. Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Jerry Murdock Sent: Viernes, 27 de Mayo de 2005 09:14 a.m. To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] BitDefender updates Look under: \Program Files\Common Files\Softwin\BitDefender Scan Server -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Friday, May 27, 2005 1:06 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] BitDefender updates Interesting post. Didn't know about this free version. Could you post the configuration setting for declude. I found this in the archives SCANFILE C:\Progra~1\Common~1\Softwin\BitDef~1\bdc.exe /f /a /log=report.txt VIRUSCODE 1 REPORT Infected: It mentions bdc.exe I downloaded bitdefender_free_win_v72.exe, is this file the right edition? The free edition you are talking about? There is no bdc.exe. There is a bdlite.xe. Is this the right file to do command scanners? I haven't been able to test it silently. When I test it, the management console pops up. Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Jueves, 26 de Mayo de 2005 08:42 p.m. To: Declude.Virus@declude.com Subject: [Declude.Virus] BitDefender updates Since it appears that the free version of BitDefender works with Declude, how do you go about doing updates, as it appears there is no auto update for the free version. Also, is any one using the standard version and if so is the command line the same? John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BitDefender updates
Interesting post. Didn't know about this free version. Could you post the configuration setting for declude. I found this in the archives SCANFILE C:\Progra~1\Common~1\Softwin\BitDef~1\bdc.exe /f /a /log=report.txt VIRUSCODE 1 REPORT Infected: It mentions bdc.exe I downloaded bitdefender_free_win_v72.exe, is this file the right edition? The free edition you are talking about? There is no bdc.exe. There is a bdlite.xe. Is this the right file to do command scanners? I haven't been able to test it silently. When I test it, the management console pops up. Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Jueves, 26 de Mayo de 2005 08:42 p.m. To: Declude.Virus@declude.com Subject: [Declude.Virus] BitDefender updates Since it appears that the free version of BitDefender works with Declude, how do you go about doing updates, as it appears there is no auto update for the free version. Also, is any one using the standard version and if so is the command line the same? John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Question concerning SKIPEXT and GDI+ Vulnerability detection
Short answer: MSFT GDIPlus.DLL Vulnerability detection will run with our without SKIPEXT. Long Answer: The GDI vulnerability was added to Declude in version 1.8 -September 2004- and some corrections were added in version 1.81. http://www.declude.com/Articles.asp?ID=122 This statement from Scott -Declude Former owner- will answer your question. The Microsoft GDIPlus.DLL JPEG Vulnerability detection will occur whether or not SKIPEXT is enabled. So no config file changes would be necessary after upgrading the Declude.exe file, once it is ready. -Scott I hope this answers your question, bye Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Viernes, 06 de Mayo de 2005 11:57 a.m. To: Declude.Virus@declude.com Subject: [Declude.Virus] Question concerning SKIPEXT and GDI+ Vulnerability detection To my good buddies at Declude :) (ok, you made me very happy twice yesterday) I understand that SKIPEXT JPG would cause files with JPG extensions to not be scanned with the virus scanners, but would that also disable the JPG/GDI+ Vulnerability detection? Many of us stopped skipping JPG's and other associated files when the GDI+ exploits were first discovered, but they seem to have become duds as far as actively spreading viruses (though I have seen them on sites linked to in spam as a way to install spyware). JPG's however are fairly common in E-mail and it would be a big improvement to be able to skip scanning them, and if we were protected with the vulnerability detection, I would feel comfortable turning off virus scanning of JPG's until a mass-mailing virus is seen. I wouldn't want to leave myself completely unprotected however. Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] w32/Sober.O virus
Thanks Matt, I implemented the Viruscode 8. Yesterday I was still having over 3000 emails in the overflow folder. I had to do some tasks to manage things, even though my client was fixing their machines at their end. I Created a kill list in Imail with the most common from addresses the virus/emails where using.-Hostmaster at hotmail.com for example-. I updated rules.ima in my clients domains deleting emails with particular subjects or having particular attachments (Sober.O subjects and attachments) Just in case, I used the banname feature Declude- to make sure the Sober attachments were deleted. I also took my chances incrementing Declude processes in small numbers and got to 50. server behaved very well and overflow folder started to decrease in terms of the amount of emails. Today was a very smooth day. Now I am just thinking about something that is knocking in my head: I manage 25K emails per day, 200 + domains and 3500 users. It is not a big installation compared with what I have read on Imail and Declude lists. But what worries me is that my server/imail/declude box was overflowed with 3000 emails, so I dont get the picture of how we can handle 100K emails per day with 500 domains and 12K users. My server is a Xeon 2.4 Ghz with 1 gig in RAM W2K-. should I need a better and more powerful server? PD: By the way, what about changing to Smartmail, does Smartmail handle my load without problems? Regards -Luis Arango From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Miércoles, 04 de Mayo de 2005 12:05 a.m. To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] w32/Sober.O virus Luis, If you are seeing 100% CPU utilization and timeouts in your Declude Virus log, you would be best served by reducing the number of simultaneous processes instead of increasing them. If you increase them, you run the risk of causing more timeouts. Your F-Prot config looks to be normal, but you need to add the following line in order to stop some recent viruses that F-Prot is returning a code 8 when detected: VIRUSCODE1 8 Considering that you attributed 80% to just one client, and it appears that they had a big infection, that would explain why you are seeing this sort of traffic but others like myself are not. Seems like you have a good handle on things now. Good luck, Matt Panda Consulting S.A. Luis Alberto Arango wrote: Matt and Dave: First of all thank you very much for answering my post. I am using fpcmd.exeHere is my config lines, in case I am missing some important switch.SCANFILE1 D:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5/NOBOOT /DUMB /REPORT=report.txtVIRUSCODE1 3VIRUSCODE1 6REPORT1 Infection:Any way, I already contacted one of my clients who's IP is sending lots andlots of emails with virus to our mail server. I believe they are sendingprobably 80% of the virus I am getting.He confirmed that they were infected and that they are running a clean uptask. They have over 600 computers so it takes quite some time to make surethey are all clean.I am also narrowing other IPs to contact the owners.Besides, Declude is running 25 simultaneously -default-. If tomorrow I getoverflow messages I will increase the number of processes in the declude.cfgfile to see if that improves the delivery. I just have to make sure I don'tcrash the server. I may also increase the number of Imail threads to 40 or50By the way I found interesting and useful support text regarding delayeddelivery herehttp://www.declude.com/help_answer.asp?ID=122-Imail's SMTP Sending Architecture-Again thanks for your help -Luis Arango -Original Message-From: [EMAIL PROTECTED] [mailto:Declude.Virus-[EMAIL PROTECTED]] On Behalf Of MattSent: Martes, 03 de Mayo de 2005 09:07 p.m.To: Declude.Virus@declude.comSubject: Re: [Declude.Virus] w32/Sober.O virusIf you aren't running fpcmd.exe as Dave suggested, that would definitelybe the first place to start. You need to purchase F-Prot instead ofusing the free DOS scanner to get fpcmd.exe.This is not normal behavior for Sober, but I have seen some viruses getreally bursty. For instance, one client that has a massive newsletterwould get hammered by viruses because of harvesting of their addressesfrom the newsletter. Some viruses also can hammer you with huge volumefrom a single computer. You might want to look at the IP's that aresending the viruses and see if these can be narrowed down to just a fewcomputers for the bulk of the messages.Aside from that, Declude JunkMail is generally leaner than DecludeVirus, and you might get a boost by having Declude JunkMail run first,where many of the viruses would be blocked and then wouldn't need to bevirus scanned. You would need to be deleting the spams for them to notget scanned by Declude Virus however, maybe Hold also prevents it, butI'm pretty sure that the other actions will still result in them beingvirus scanned under
[Declude.Virus] w32/Sober.O virus
FYI: Today we were flooded with a massive incoming emails containing Sober.O (f-prot) virus. We receive aprox 15% of viruses out of all the emails we process. Today the figure raised to almost 40%. It fulfilled the overflow folder and there were delays of about 2 to 5 hours to deliver non-virus emails We received the first email with virus at 12 (noon) may 2. Our f-prot signature files were not updated -we update every 4 hours- and we let 27 emails with viruses passed through. There was nothing we could do about it. The virus was discovered the same day by Symantec, F-prot and others. Our F-prot received signature files at 1:30 pm and from that time on we have catched about 9000 emails out 30,000 The folder is full with 3000 emails and is not able to be handled as fast as we would want with declude/f-prot. Q: Is there something we can do to avoid such delays delivering emails other than use Imail Kill list, catching the computers delivering the viruses and moving to a strongest server. Bye -Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] w32/Sober.O virus
Matt and Dave: First of all thank you very much for answering my post. I am using fpcmd.exe Here is my config lines, in case I am missing some important switch. SCANFILE1 D:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE1 3 VIRUSCODE1 6 REPORT1Infection: Any way, I already contacted one of my clients who's IP is sending lots and lots of emails with virus to our mail server. I believe they are sending probably 80% of the virus I am getting. He confirmed that they were infected and that they are running a clean up task. They have over 600 computers so it takes quite some time to make sure they are all clean. I am also narrowing other IPs to contact the owners. Besides, Declude is running 25 simultaneously -default-. If tomorrow I get overflow messages I will increase the number of processes in the declude.cfg file to see if that improves the delivery. I just have to make sure I don't crash the server. I may also increase the number of Imail threads to 40 or 50 By the way I found interesting and useful support text regarding delayed delivery here http://www.declude.com/help_answer.asp?ID=122 -Imail's SMTP Sending Architecture- Again thanks for your help -Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Martes, 03 de Mayo de 2005 09:07 p.m. To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] w32/Sober.O virus If you aren't running fpcmd.exe as Dave suggested, that would definitely be the first place to start. You need to purchase F-Prot instead of using the free DOS scanner to get fpcmd.exe. This is not normal behavior for Sober, but I have seen some viruses get really bursty. For instance, one client that has a massive newsletter would get hammered by viruses because of harvesting of their addresses from the newsletter. Some viruses also can hammer you with huge volume from a single computer. You might want to look at the IP's that are sending the viruses and see if these can be narrowed down to just a few computers for the bulk of the messages. Aside from that, Declude JunkMail is generally leaner than Declude Virus, and you might get a boost by having Declude JunkMail run first, where many of the viruses would be blocked and then wouldn't need to be virus scanned. You would need to be deleting the spams for them to not get scanned by Declude Virus however, maybe Hold also prevents it, but I'm pretty sure that the other actions will still result in them being virus scanned under this alternative configuration. This is also much more beneficial when you run multiple virus scanners since more CPU can be saved this way. F-Prot is generally very efficient. Matt Panda Consulting S.A. Luis Alberto Arango wrote: FYI: Today we were flooded with a massive incoming emails containing Sober.O (f-prot) virus. We receive aprox 15% of viruses out of all the emails we process. Today the figure raised to almost 40%. It fulfilled the overflow folder and there were delays of about 2 to 5 hours to deliver non-virus emails We received the first email with virus at 12 (noon) may 2. Our f-prot signature files were not updated -we update every 4 hours- and we let 27 emails with viruses passed through. There was nothing we could do about it. The virus was discovered the same day by Symantec, F-prot and others. Our F-prot received signature files at 1:30 pm and from that time on we have catched about 9000 emails out 30,000 The folder is full with 3000 emails and is not able to be handled as fast as we would want with declude/f-prot. Q: Is there something we can do to avoid such delays delivering emails other than use Imail Kill list, catching the computers delivering the viruses and moving to a strongest server. Bye -Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra
RE: [Declude.Virus] Virtual domains
Just make sure all domains you want to protect (virtual, physical or alias) are in your declude domain list.. declude will scan those domains according to the properties given to each domain in that declude domain list. Luis -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Viernes, 14 de Enero de 2005 05:56 p.m. To: Chris Hunt Subject: Re: [Declude.Virus] Virtual domains Does declude AV protect virtual domains? Of course. FTR, _all_ IMail domains are virtual in the product jargon. There are IP-ful and IP-less virtuals. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot 3.16 available.
Try this link. Is there download server. http://subscription.f-prot.com/cgi-bin/cust_master Luis -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Info Wind Sent: Friday, November 19, 2004 12:06 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] F-Prot 3.16 available. Hello, it seems that f-prot has a problem at the moment with high traffic: This is a messages from F-Prot Support: We have been experiencing extensive traffic on our servers and therefore downloading from them has been very slow. Our network administrator is working on this issue and it should be fixed shortly. Please try the update again, it should be successful. Nice weekend, Uwe - Original Message - From: Hirthe, Alexander [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 19, 2004 5:52 PM Subject: [Declude.Virus] F-Prot 3.16 available. Hello, fyi: -- FRISK Software has released version 3.16 of F Prot Antivirus for Windows as well as versions 4.4.8 of F-Prot Antivirus for all UNIX based platforms. More information on these releases can be found on our website: http://www.f-prot.com/news/gen_news/041118_release_win316.html http://www.f-prot.com/news/gen_news/041119_release_unix_all.html We recommend that users of F-Prot Antivirus for Windows, for Linux x86, for BSD x86, for Solaris x86, for Solaris SPARC, for AIX on IBM pSeries and for Linux on IBM zSeries update their programs to these newest versions as soon as possible. -- No, I won't install it friday evening :) Alex --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot 3.16 question.
Their release notes say Among improvements introduced in version 3.16 of F-Prot Antivirus for Windows is a new method of ensuring that F-Prot Antivirus is up-to-date as soon as it has been installed with virus signature file updates now being triggered during the installation procedure of the single-user and trial products. In addition, handling of so called archive bombs has been greatly improved. These are archives expand tremendously that cause scanners or other programs to crash or hang because of intensive resource consumption during the scanning of hundreds of levels of archives within archives. The F-Prot Antivirus scanner now flags archive files it finds suspicious and alerts the user that the file could be an archive bomb. I wonder what exit code f-prot uses for an archive bombs?.. and how we should treat it.? Comments? Luis __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] imail
A robot just answered you.. funny. Not even try to change the headers or understand your question.. Luis -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of steve :-) Sent: Thursday, October 28, 2004 9:46 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] imail Below is the responce i got from ipswitch sales. Steve Good Morning Steve - Here are the plans set forth by Ipswitch regarding the New Collaboration Suite. If you should have any questions, please let me know. Best Regards, Renee Breckenridge Service Sales Representative Email - [EMAIL PROTECTED] www.ipswitch.com We have released our New Ipswitch Collaboration Suite. http://www.ipswitch.com/Products/collaboration/index.html Ipswitch Collaboration Suite Provides: E-mail collaboration Standards-based email Discussion lists and e-mail groups Real-time collaboration Secure instant messaging Workgroup collaboration with MS Outlook Shared calendaring Global address books Protection of the collaboration system Anti-spam protection Anti-virus subscriptions Backed by Ipswitch service and support One year of support updates included IMail's functionality has been incorporated into the Ipswitch Collaboration Suite and is no longer offered on an individual basis for new purchases or for renewals. Imail is now only offered as a part of the Ipswitch Collaboration Suite. Ipswitch is offering customers of Imail, a limited-time opportunity to purchase Ipswitch Collaboration Suite at a deeply discounted price. To cross grade to the New ICS, please choose the Premium or Standard edition and what User Level you require. The User Levels are 25, 100, 250 and Unlimited. ICS Standard Edition consists of: IMail Server, Instant Messaging, AV Standard, Shared calendaring and Global address books and a one-year Service Agreement. ICS Premium Edition consists of: IMail Server, Instant Messaging, AV Premium, Shared calendaring and Global address books and a one-year Service Agreement. ICS ISP/EDU Edition consists of: IMail Server, AV Premium, Killer WebMail and a one-year Service Agreement The Premium Edition with Symantec Anti-Virus Protection: Symantec's Scan Server technology utilizes their Live Update Technology which does not require an interruption of the services. It also is designed to quickly scan for viruses and is ideal for high traffic environments. The Standard Edition with Bit Defender Anti-Virus Protection: Bit Defender is more for low traffic environments and requires that you interrupt the services when applying a Server update. To apply Live Virus definition updates you would need to implement Bit Defender's command line utility named AVUpdate.exe Ipswitch Collaboration Suite, Premium Edition with Symantec Anti-Virus Protection ***Special Pricing for Current Imail Customers 25 Users $ 695 100 Users $ 1,495 250 Users $ 2,995 Unlimited $ 5,995 Ipswitch Collaboration Suite, Standard Edition with Bit Defender Anti- Virus Protection ***Special Pricing for Current Imail Customers 25 Users $ 595 100 Users $ 1,295 250 Users $ 2,495 Unlimited $ 4,995 Ipswitch Collaboration Suite, ISP Edition with Symantec Anti-Virus Protection (Does not include shared calendars or instant messaging) ***Special Pricing for Current Imail Customers Unlimited $ 3,995 Purchasing Ipswitch Collaboration Suite at these special prices will allow you to continue service on your IMail Server, and will deliver additional capabilities such as shared calendars, secure instant messaging, anti- spam, and anti-virus protection. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 27, 2004 11:53 PM To: [EMAIL PROTECTED] Subject: #Ipswitch_Collaboration_Suite# Ipswitch Sales Inquiry fromSteve Sender : [EMAIL PROTECTED] Tracking Number : Pool: Contracts Sent to : [EMAIL PROTECTED] Date: 10/27/04 11:54 PM --- Forwarded by: Traci Casparius (no comments entered) --- #Ipswitch_Collaboration_Suite# Ipswitch Sales Inquiry from Steve Keeling First Name: Steve Last Name:Keeling Company Name: Keeling Inc. Phone Number: Product: Ipswitch_Collaboration_Suite Cust Type:existing *** Email Message Follows *** I realy hope that your new combo colaboration is not the way of the future for Imail server. We have been a customer since 1998. We are a small ISP and the added cost would be a show stopper for us! And the features you are adding are things we have very little need of. I also do not see any support contracts for customers that don't want to move up to this new bundle?? I would be very intersted in hearing your plans, as we
[Declude.Virus] Making or buying a MAIL SERVER proposal
Proposal to Computerized Horizons - DECLUDE 1. Develop a mail server software with the features most users are looking for. Antispam, Antivirus, webmail, nice administration and full administration, fast, collaboration, heavy load. 2. Since proposal No. 1 might take a while, why not to approach an already developed server software vendor to speed up the developing phase and start working on it. I mean buy their software, source code .. their business. You can have at least 6 months or a year to have it ready for your loyal customers. I am sure that if Scott's hand and philosophy is behind it, we will have a fantastic product for a reasonable price and in return Computerized Horizons will have a big business in their hands. I see this -Ipswitch announcement - more like an opportunity rather than a difficulty. For the money you need to invest in development, I am pretty sure there are plenty of small or medium investment banks or private investors willing to take the change and invest in that venture. Only product missing will be Instant Messaging... but that is a different story.. Fist things first.. the mail server platform we all dream about. 3. Proposal No. 2 but buying the Imail software/source code and rights to sell it from Ipswitch. May sound impossible but why not? I am not sure if it is worth it or not.. but definitely it is among my ideas. I will be honored to be your first beta tester. Note: Personal Opinion- What really counts in software are the developers behind it not their marketing people. Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Scott, what is our future?
... and for E-mail besides standard support/sales, there's Roger Greene (president/CEO of Ipswitch; [EMAIL PROTECTED]), William Pollack (COO, [EMAIL PROTECTED]), Patrick Loring (Business Development Manager, [EMAIL PROTECTED]), Jill Jones (Messaging Product Manager, [EMAIL PROTECTED]). I just wrote an email to Roger Greene and copy all the other guys.. I don't expect an answer ..but I feel relieved, I at least told them my thoughts. -Luis __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Update Problems
I haven't seen that problem in my server. Occasionally I see it in my personal pc that runs f-prot, but when I double check I just realize that I actually don't have an internet connection. Perhaps it is a problem with your network card that is sporadically down, or your internet is not being very stable lately. -Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, September 07, 2004 9:15 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-Prot Update Problems I am running F-Prot 3.15a (this was also happening with 3.15). When I installed I also installed the Scheduler and Updater. Now the Scheduler is running as a service and has been told to update the definitions every 4 hours. This works a lot of the time but sporadically the Updater ends up with an error message on the screen that I was not able to reach the Internet and it is waiting for a click. At this point no more Updates are run until you click (not good). I tried running the updater.exe /internet /quit command from a batch file but I found that it also seemed to get the same problem occasionally. Now I am not sure if it was the updater batch file of if the scheduler was creating the problem. When I was running the batch file (via Windows Task Scheduler) I had tried to disable the scheduler but it always seemed to want to run even if I told it not to run on startup. For you folks out there using the 3.15(a) version are you seeing the same problems or not? Any help on this would be appreciated. Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] my doom zip
Scott: I added =5 to /ARCHIVE... and now f-prot is catching it. It happens the with version 3.15 and 3.15a I just saw your suggestion about this in the mail archives in July 28.. I just missed. Thank you very much for your help and prompt response. -Luis -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, September 02, 2004 6:59 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] my doom zip I have declude pro (v.179) with f-prot 3.15a (latest defs) Do you have /ARCHIVE=5 in the SCANFILE line in the \IMail\Declude\virus.cfg file? A bug in the latest version of F-Prot prevents just /ARCHIVE from working. -Scott __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] new version f-prot 3.15a
Hi.. just to let you know that F-Prot released a new version 3.15a. -Luis __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] virus.cfg file /new beta version of declude
The one at http://www.declude.com/version/release/virus.cfg works fine with the latest beta (and all prior versions of Declude Virus). Isn't this virus.cfg missing the following options that work with the latest beta? BANZIPEXTS BANEZIPEXTS And BANNAME -Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] strange zip file
We just received a strange zip file with the files as follows price/price.exe price.html price.html installs the .exe Our scanners didn't pick up anything strange.. but there is no way I would open it. I sent it to virustrap, Scott could you take a look. Regards Luis Arangoo __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Useful antivirus feed from Symantec
Thanks a lot.. useful Luis -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Alvaro Dioni Sent: Monday, August 09, 2004 12:22 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Useful antivirus feed from Symantec I've been using this Trendmicro feed since 2001: (I think they were the first to have it) http://www.trendmicro.com/syndication/vinfo/default.asp They also had a code to install their free online virus scanner on your pages and a World map to track virus activity: http://www.trendmicro.com/syndication/wtc/ Al Dioni - Original Message - De: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] En nombre de Panda Consulting S.A. Luis Alberto Arango Enviado el: Viernes, 06 de Agosto de 2004 09:13 p.m. Para: [EMAIL PROTECTED] Asunto: RE: [Declude.Virus] Useful antivirus feed from Symantec Excellent.. thanks... -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, August 06, 2004 10:10 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Useful antivirus feed from Symantec McAfee/NAI... http://securityalerts.mcafee.com/mcalerts/?cid=9921 Darin. - Original Message - From: Panda Consulting S.A. Luis Alberto Arango [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 06, 2004 9:00 PM Subject: RE: [Declude.Virus] Useful antivirus feed from Symantec Sophos http://www.sophos.com/virusinfo/infofeed/ declude has it on their home page I couldn't find anything similar at mcafee's site. regards -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, August 06, 2004 6:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Useful antivirus feed from Symantec And Sophos, etc., etc. Darin. - Original Message - From: Glen Harvy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 06, 2004 7:26 PM Subject: RE: [Declude.Virus] Useful antivirus feed from Symantec Hi, Isn't something similar available from McAfee? _ Glen Harvy Aquarius Communications for all your Internet Needs. Phone 9977 3788 Fax 9977 3844 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Saturday, 7 August 2004 06:45 To: [EMAIL PROTECTED] Subject: [Declude.Virus] Useful antivirus feed from Symantec For those of you wanting to have a private or public information of latest and top viruses, removal tools and security advisories from Symantec you can use this page http://securityresponse.symantec.com/avcenter/cgi-bin/syndicate.cgi it gives you proper instructions to add a few lines of code in a web page in order to start using it. I believe it is a cool feed. Regards -Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting - www.pandacons.com- ] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com- ] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus
[Declude.Virus] suggestion for the Virus Manual
Scott: Just a suggestion for Declude Virus Manual and sample virus config file Could you add a section that explains how the following work BANZIPEXTS BANEZIPEXTS As far as I have seen the only way to learn how it works is by reading the release notes and the list. New users and old ones will benefit from it Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] strange zip file
Thanks I just did.. Luis -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, August 09, 2004 1:15 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] strange zip file We just received a strange zip file with the files as follows price/price.exe price.html This is a new virus; apparently, no AV companies are detecting it yet. You can use BANNAME price.exe and similar lines to block it (or BANEXT EXE and BANZIPEXTS ON with Declude Virus Pro). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] suggestion for the Virus Manual
I also suggest to dedicate some lines to the BANNAME option as well. Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Monday, August 09, 2004 1:41 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] suggestion for the Virus Manual Scott: Just a suggestion for Declude Virus Manual and sample virus config file Could you add a section that explains how the following work BANZIPEXTS BANEZIPEXTS As far as I have seen the only way to learn how it works is by reading the release notes and the list. New users and old ones will benefit from it Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] strange zip file
FYI: Getting over 200 in the past 30 minutes Different file names new__price.zip new_price.zip price_new.zip price__new.zip price.zip newprice.zip 08_price.zip price_08.zip price2.zip Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Monday, August 09, 2004 1:45 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] strange zip file Thanks I just did.. Luis -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, August 09, 2004 1:15 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] strange zip file We just received a strange zip file with the files as follows price/price.exe price.html This is a new virus; apparently, no AV companies are detecting it yet. You can use BANNAME price.exe and similar lines to block it (or BANEXT EXE and BANZIPEXTS ON with Declude Virus Pro). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] PRESCAN
Thank you Bill. I am reviewing my config option and comparing them against the releases notes, manual and make sure everything is up to date. Looking at the PRESCAN option, it was OFF.. and I am unsure why I left it OFF back when I first configured it. Thanks for your post. I will turn it ON and see how it goes. Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Sunday, August 08, 2004 4:20 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] PRESCAN - Original Message - From: Panda Consulting S.A. Luis Alberto Arango [EMAIL PROTECTED] What is the suggested configuration for this option? PRESCAN ON or OFF ? Comments...? thanks I have prescan on and, if you are running Virus Pro, I don't know why you wouldn't want to enable it. This from the Virus manual: == Declude Virus Pro has the option for pre-scanning E-mail, which can significantly improve performance. Since the majority of E-mails are really plaintext with a cute HTML version of the E-mail attached (that is usually identical to the plain text version), a lot of scanning may be done that isn't necessary. Plain HTML files (without any scripts or other potentially dangerous code) are safe. The pre-scanning in Declude Virus Pro will check HTML segments to see if there is any potentially dangerous code (JavaScript, Active-X, plugins, etc.). If so, it will send them to the virus scanner as they usually would be. Otherwise, it will let them pass through unscanned, which will improve performance. To turn on pre-scanning, you can change the PRESCAN OFF line in the \IMail\Declude\virus.cfg file to PRESCAN ON. == Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] PRESCAN
Hi: What is the suggested configuration for this option? PRESCAN ON or OFF ? Comments...? thanks Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Useful antivirus feed from Symantec
Sophos http://www.sophos.com/virusinfo/infofeed/ declude has it on their home page I couldn't find anything similar at mcafee's site. regards -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, August 06, 2004 6:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Useful antivirus feed from Symantec And Sophos, etc., etc. Darin. - Original Message - From: Glen Harvy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 06, 2004 7:26 PM Subject: RE: [Declude.Virus] Useful antivirus feed from Symantec Hi, Isn't something similar available from McAfee? _ Glen Harvy Aquarius Communications for all your Internet Needs. Phone 9977 3788 Fax 9977 3844 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Saturday, 7 August 2004 06:45 To: [EMAIL PROTECTED] Subject: [Declude.Virus] Useful antivirus feed from Symantec For those of you wanting to have a private or public information of latest and top viruses, removal tools and security advisories from Symantec you can use this page http://securityresponse.symantec.com/avcenter/cgi-bin/syndicate.cgi it gives you proper instructions to add a few lines of code in a web page in order to start using it. I believe it is a cool feed. Regards -Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Useful antivirus feed from Symantec
Excellent.. thanks... -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, August 06, 2004 10:10 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Useful antivirus feed from Symantec McAfee/NAI... http://securityalerts.mcafee.com/mcalerts/?cid=9921 Darin. - Original Message - From: Panda Consulting S.A. Luis Alberto Arango [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 06, 2004 9:00 PM Subject: RE: [Declude.Virus] Useful antivirus feed from Symantec Sophos http://www.sophos.com/virusinfo/infofeed/ declude has it on their home page I couldn't find anything similar at mcafee's site. regards -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, August 06, 2004 6:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Useful antivirus feed from Symantec And Sophos, etc., etc. Darin. - Original Message - From: Glen Harvy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 06, 2004 7:26 PM Subject: RE: [Declude.Virus] Useful antivirus feed from Symantec Hi, Isn't something similar available from McAfee? _ Glen Harvy Aquarius Communications for all your Internet Needs. Phone 9977 3788 Fax 9977 3844 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Saturday, 7 August 2004 06:45 To: [EMAIL PROTECTED] Subject: [Declude.Virus] Useful antivirus feed from Symantec For those of you wanting to have a private or public information of latest and top viruses, removal tools and security advisories from Symantec you can use this page http://securityresponse.symantec.com/avcenter/cgi-bin/syndicate.cgi it gives you proper instructions to add a few lines of code in a web page in order to start using it. I believe it is a cool feed. Regards -Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com- ] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] OT: F prot as a desktop scanner
Working fine on my pc. I had Norton, but switched to f-prot to experience exactly what is going on in our mail server. So far so good, however don't forget to turn on the RealTime Protector in the desktop (not in the server). Compared to Norton, f-prot is not as friendly. But for me it is OK.. it does the job.. Also, one of my customers (40 desktops) uses it, and so far I haven't heard of any complaint at all. -Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Sunday, August 01, 2004 2:11 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] OT: F prot as a desktop scanner I have used it on client machines for the past 6 months and also find it equal to Norton Corp except for one thing. It handles mail clients differently in that it does not scan email as they come in but instead seems to scan it only when you attempt to read it. Norton Corp seemed to catch the viruses as soon as the mail was popped and worked with exchange client very well also. Obviously the mail scanner should prevent viruses from passing through anyway. There is an obvious advantage to using a different product on the desktop versus the mail server in that if one product misses a virus the other should pick it up but I personally believe that the price difference between F-prot and Norton is not warranted. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Sunday, August 01, 2004 10:30 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] OT: F prot as a desktop scanner We've used it for a couple of years. Works as well as Symantec or McAfee as far as we can tell. Just make sure you set up updates and notifications properly and it works like a charm. Darin. - Original Message - From: marc catuogno [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 01, 2004 9:23 AM Subject: [Declude.Virus] OT: F prot as a desktop scanner I've been happy with F-prot on the mail server and since I know many people are using it on their servers as well, I was wondering if anyone has it deployed on their user's machines. If so I'd like to know, how well it does on regular windows XP machines. You can't beat the price Thanks - Marc --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Sending Email to All users
The way I will do it may take a few steps but it will work. Download domlist.exe from Declude Free Web Tools page http://www.declude.com/Articles.asp?ID=100 run it like this domlist.exe -list domainlist.txt open domainlist.txt in excel filter lines and use replace function to clean up the file in order to get the users you want. Once you have the users the way you need it you can copy them in a list Hope it helps -Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Kris McElroy Sent: Thursday, July 22, 2004 11:08 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Sending Email to All users I am wanting to send an email to all my users on a certain domain. I am running Imail 8.05 with Declude Junkmail Pro and Virus Pro. With previous versions I use to use the makelist utility to extract the users out and create a list, but that doesn't work now. If I use the mailall.exe won't that create an issue using Declude virus? Thanks, Kris McElroy [EMAIL PROTECTED] Chief Technology Officer Duracom, INC. www.duracom.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] MAXATONCE Switch
The switch you should remove is /NOFLOPPY if you are using fpcmd.exe. Otherwise an error in the virus log will show up like this 1 [1 of 2 not deleted] files were deleted here is my new configuration with fprot 32 bits. And it works fine. SCANFILE [PATH]fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt [PATH]=where ever you fpcmd.exe is in your server. In one post in the list a while ago, Scott suggested to remove the /NOBOOT switch along with /NOFLOPPY. But in the declude manual the /NOBOOT option is there, so I keep it in my scanfile line. As I say it works very well now, and faster than ever. We also have the new MSFT patches installed. -Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, April 16, 2004 11:50 PM To: [EMAIL PROTECTED] Subject: X-SPAM-Phrase Re: [Declude.Virus] MAXATONCE Switch Doug, I'm not sure about the NOMEM option, but I verified several months ago that while NOBOOT isn't listed, fpcmd.exe will scan the boot sectors unless you use that switch. You should definitely use both of these switches. Matt Douglas Cohn wrote: First of all I am a putz cause I completely ignored the first line since mypath was more like the second G.But if you type fpcmd /? It does not show the NOMEM or NOBOOT options.Weird.I will switch it now.DAMN Now I know why my mail was so slow. What a moron Iyam..ThanksDC -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Mike HyslipSent: Friday, April 16, 2004 11:45 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.Virus] MAXATONCE SwitchAs listed at http://www.declude.com/virus/manual.htmF-Prot -SCANFILE C:\Progra~1\Comman~1\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE/NOBOOT /DUMB /REPORT=report.txt (or SCANFILEC:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY/NOBOOT /DUMB /REPORT=report.txt)VIRUSCODE 3VIRUSCODE 6REPORT Infection:Definitely works a lot better than the 16-bit version :)-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Douglas CohnSent: Friday, April 16, 2004 11:36 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.Virus] MAXATONCE SwitchScottWhy does your sample F-prot command line use the 16 bit scanner instead ofthe 32 bit one?Do you have a recommended command line for FPcmd and do you recommend thatwe always use it instead of F-prot.exe. I have not patched my Imail serverwith the current Microsft patches because I am concerned as well. I haveseen some odd behavior on other systems with those updates.I see /noboot /nofloppy and others are not available under fpcmd.TIADoug -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott PerrySent: Friday, April 16, 2004 10:48 AMTo: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] MAXATONCE Switch Your recommendation is MAXATONCE O allows unlimited processes to run at the same time. Correct. Setting the switch to 8 or 10 will make SMTP hangs or become slower? It is unlikely to make much of a difference, because [1] SMTP hangs shouldnot be related to the resources used by the virus scanner, and [2] it isunlikely that you will have 8-10 virus scanners processes running at thesame time.The MAXATONCE option was originally designed for people who have licensingarrangements where they can only have a certain number of copies of thevirus scanner running simultaneously. Is you recommendation to set it to unlimited? Yes. SMTP is now very slow after applying MSFT patches (apr 14). Sometimes smtp service just hangs. For some reason, some servers have a horrible time handling too many 16-bitprocesses, and end up causing serious delays in TCP/IP connections like youdescribe.Are you using a 16-bit virus scanner (such as F-Prot.exe) with DecludeVirus? If so, I would recommend switching to a 32-bit scanner (such asF-Prot's fpcmd.exe), which will likely help alleviate the problem. -Scott---Declude JunkMail: The advanced anti-spam solution for IMail mailserverssince 2000.Declude Virus: Ultra reliable virus detection and the leader in mailservervulnerability detection.Find out what you've been missing: Ask for a free 30-day evaluation.---[This E-mail was scanned for viruses by Declude Virus(http://www.declude.com)]---This E-mail came from the Declude.Virus mailing list. To unsubscribe, justsend an E-mail to [EMAIL PROTECTED], andtype unsubscribe Declude.Virus. The archives can be foundat http://www.mail-archive.com.---[This E-mail scanned for viruses by Declude Virus]---[This E-mail scanned for viruses by Declude Virus]---[This E-mail was scanned for viruses by Declude Virus(http://www.declude.com)]---This E-mail came from the Declude.Virus mailing list. To unsubscribe, justsend an E-mail to [EMAIL PROTECTED], andtype unsubscribe Declude.Virus. The archives can be foundat http://www.mail-archive.com.---[This E-mail was scanned for viruses by
[Declude.Virus] MAXATONCE Switch
Scott: Your recommendation is MAXATONCE O allows unlimited processes to run at the same time. Setting the switch to 8 or 10 will make SMTP hangs or become slower? Is you recommendation to set it to unlimited? SMTP is now very slow after applying MSFT patches (apr 14). Sometimes smtp service just hangs. The way I am measuring it is by doing telnet to the smtp server. Sometimes it takes more than 15 seconds to respond and sometimes it hangs. While doing telnet to POP3, Imail responds instantly. I am running declude 1.79 What do you think? __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] MAXATONCE Switch
I will set it to MAXATONCE 0 And you were right I had F-Prot.exe instead of fpcdm.exe. I hope that is the problem. I just changed configurations.. let's see how it goes.. I will let you know. Many thanks. -Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 16, 2004 9:48 AM To: [EMAIL PROTECTED] Subject: X-SPAM-Phrase Re: [Declude.Virus] MAXATONCE Switch Your recommendation is MAXATONCE O allows unlimited processes to run at the same time. Correct. Setting the switch to 8 or 10 will make SMTP hangs or become slower? It is unlikely to make much of a difference, because [1] SMTP hangs should not be related to the resources used by the virus scanner, and [2] it is unlikely that you will have 8-10 virus scanners processes running at the same time. The MAXATONCE option was originally designed for people who have licensing arrangements where they can only have a certain number of copies of the virus scanner running simultaneously. Is you recommendation to set it to unlimited? Yes. SMTP is now very slow after applying MSFT patches (apr 14). Sometimes smtp service just hangs. For some reason, some servers have a horrible time handling too many 16-bit processes, and end up causing serious delays in TCP/IP connections like you describe. Are you using a 16-bit virus scanner (such as F-Prot.exe) with Declude Virus? If so, I would recommend switching to a 32-bit scanner (such as F-Prot's fpcmd.exe), which will likely help alleviate the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] MAXATONCE Switch
Scott, thank you very much. Problem solved. The f-prot.exe file was causing the problem as a 16-bit application. After new critical fixes and patches from Microsoft, that process made the server very slow. We have been using f-prot.exe prior that without problems. I replaced with fpcdm.exe (32 bit) making sure to take out the /nofloppy switch from the scan line in the virus.cfg file. Now server is back to normal. :-) Scott thank you very much for your fast answer to my questions and great support. -Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Friday, April 16, 2004 10:24 AM To: [EMAIL PROTECTED] Subject: X-SPAM-Phrase Re: [Declude.Virus] MAXATONCE Switch I will set it to MAXATONCE 0 And you were right I had F-Prot.exe instead of fpcdm.exe. I hope that is the problem. I just changed configurations.. let's see how it goes.. I will let you know. Many thanks. -Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 16, 2004 9:48 AM To: [EMAIL PROTECTED] Subject: X-SPAM-Phrase Re: [Declude.Virus] MAXATONCE Switch Your recommendation is MAXATONCE O allows unlimited processes to run at the same time. Correct. Setting the switch to 8 or 10 will make SMTP hangs or become slower? It is unlikely to make much of a difference, because [1] SMTP hangs should not be related to the resources used by the virus scanner, and [2] it is unlikely that you will have 8-10 virus scanners processes running at the same time. The MAXATONCE option was originally designed for people who have licensing arrangements where they can only have a certain number of copies of the virus scanner running simultaneously. Is you recommendation to set it to unlimited? Yes. SMTP is now very slow after applying MSFT patches (apr 14). Sometimes smtp service just hangs. For some reason, some servers have a horrible time handling too many 16-bit processes, and end up causing serious delays in TCP/IP connections like you describe. Are you using a 16-bit virus scanner (such as F-Prot.exe) with Declude Virus? If so, I would recommend switching to a 32-bit scanner (such as F-Prot's fpcmd.exe), which will likely help alleviate the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: X-SPAM-Phrase Re: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion
I am using version 1.79 Beta. I believe that the expanded feature you mentioned is not incorporated in this 1.79 beta version then. I will run my tests again to make sure and let you know. -Luis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, April 06, 2004 8:14 PM To: [EMAIL PROTECTED] Subject: X-SPAM-Phrase Re: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion How does BANEZIPEXTS work if 2 or more files are included in the encrypted ZIP and at least one of them is not in the BANEXT list. With the original interim release that added the BANEZIPEXTS option, it would only look at the first file. That was due to the speed needed to add the feature (Declude Virus already had access to the information needed to check the first file, but not subsequent files). With the latest beta, though, this was expanded so that if you use BANEZIPEXTS ON and any file in the encrypted .ZIP file has a banned file extension, the E-mail should be blocked. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion
I did some tests again, and the zips where caught. However the initial test file I used wasn't caught. I haven't been able to reproduce the file again in away it is not caught by declude. But I have the original file that I tested and retested and that Declude let it pass. I am sure that the problem is not declude, but the file. I will send it to your virustrap address so you can take a look and test it your self. Bye -Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, April 07, 2004 6:35 AM To: [EMAIL PROTECTED] Subject: X-SPAM-Phrase RE: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion I am using version 1.79 Beta. I believe that the expanded feature you mentioned is not incorporated in this 1.79 beta version then. I will run my tests again to make sure and let you know. That is not correct. We only have one source code tree. That means that when a new feature is added, any subsequent release will contain that feature. So if v1.78i30 has a new feature in it, v1.79 will have it as well. Could you send me one of the .ZIP files you are testing with, so that I can test it here? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion
Scott: My first suggestion thinking of those new Declude users that are not yet in the list and will become new declude customers as well as old ones, I suggest to add an explanation in the demo config file and the Manual about how BANEZIPEXTS and BANZIPEXTS works. Explaining that the setting should be ON and the effect it causes. The release notes are clear about the banning feature but not that clear about using the ON switch. I believe that now the only way to find that out is through the file archives. I would be very useful then to add it to the config file and the Manual. Now my question: I tested the BANEXIPEXTS ON encrypting 1 file. A .COM extension file that I ban via Banext. Declude stopped right away. Then I tested the same option encrypting 2 files: A .com extension and .log one. I don't ban .log. My objective was to see if the zip was going to be banned by Declude since it had a .COM extension. Declude didn't stop it. I tried it with 3 files. .COM and 2 txt files (txt is not banned in my configuration), and Declude didn't stop it. As far as I understand then, the BANEXIPEXTS considers that only one file is in the encrypted zip and that is the one it checks, or perhaps if there is more than one file and one of them is not in the Banext then it doesn't stop it. Let me know your thoughts. I am afraid that new viruses come in a way that 2 files come within an encrypted zip, one being a .COM, PIF, or any dangerous extension and the other one a simple txt file, so at the end Declude let it pass. How does BANEZIPEXTS work if 2 or more files are included in the encrypted ZIP and at least one of them is not in the BANEXT list. -Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-prot 3.14e
If you run W2K professional usually f-prot asks you to reboot after the upgrade. Running W2K Server it shouldn't ask you for any reboot at all... at least that has been my experience. So.. you don't have to worry about rebooting. Regards Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Tuesday, March 16, 2004 8:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e Being new to Declude/F-prot I was testing an install. Running W2K I updated F-Prot from 3.14C to 3.14E and restarted everything without rebooting. Seems to be working fine on my desktop. Is this safe on my mail server as well? I am not very comfortable rebooting that often. Thanks DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, March 16, 2004 5:32 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e I didn't have 3.14d loaded in production long enough to form an opinion, but 3.14e seems to be working perfectly. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, March 16, 2004 12:12 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-prot 3.14e Appears to be out today. -- John Shacklett [EMAIL PROTECTED] [EMAIL PROTECTED] www.continentaloffice.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Fprot 3.14d
So far version 3.14d had no problems. Now I find my self looking at a new version... 3.14e. jejeje.. I just installed and no problems at all. I will let the list know if I find any trouble with version 3.14e. Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Tuesday, March 16, 2004 1:46 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Fprot 3.14d I installed in the server. So far so good.. I will report again in 24 hours. Regards Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, March 15, 2004 6:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Fprot 3.14d I just upgraded to fprot 3.14d; I had to add a new VIRUSCODE 8 and the REPORT string is now - or something is broke... ; however when I made these changes the errors in the logs went away The VIRUSCODE 8 is used by F-Prot when it doesn't detect a virus, but detects something suspicious. This will often catch Word or Excel files that have macros in them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
NJABL:RE: [Declude.Virus] F-Prot updates
My server stopped updating since last Wednesday. I have updated manually. I don't know what is going on. It downloads signatures files, but it doesn't update them at all. You can notice it because signature files dates don't change. When you click 'update' again, it downloads the file again but the signature files are not updated. I believe it has something to do with directory or files permissions. I am trying to locate the cause of the problem. If you have had the same experience in the past and know the solution, please let me know. Regards -Luis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Gray - Network Administrator Sent: Tuesday, March 02, 2004 10:33 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-Prot updates http://www.f-prot.com/news/gen_news/040302_download_delay.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of System Administrator Sent: Tuesday, March 02, 2004 9:17 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] F-Prot updates on 3/2/04 8:36 AM, Bruce Loughlin wrote: Is any one else having problems with the automatic updates from F-Prot? Mine are blowing up with an abnormal termination error this am. I didn't have that problem but the automatic updates this morning on two mail servers were EXTREMELY slow to download and install. I thought the last step froze but I waited (and waited and waited) and when I came back it was finally finished. Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Spoofed Addresses
Use the SKIPIFVIRUSNAMEHAS command in your sender.eml, that way a notification will not be sent to sender if an specific virus is caught For example.. here is what we have in sender.eml at the beginning of the file SKIPIFVIRUSNAMEHAS Vulnerability SKIPIFVIRUSNAMEHAS Magistr SKIPIFVIRUSNAMEHAS Hybris SKIPIFVIRUSNAMEHAS Klez SKIPIFVIRUSNAMEHAS Bugbear SKIPIFVIRUSNAMEHAS Bridex SKIPIFVIRUSNAMEHAS Sobig SKIPIFSENDER @boss.com Make sure there is only one space between the command and the name of the virus or vulnerability. I am also sending you a table with the available commands. They are very useful, you may want to take a look at them. The following table is from the manual Each command needs to be on a line by itself. You need to make sure that these options (and any To:, From:, or Subject: lines) appear before the first blank line in the E-mail template file. Command Restriction Usage ONLYSENDIFLOCALSENDER Will only send the notification if the sender of the virus is a local user. ONLYSENDIFLOCALSENDER ONLYSENDIFREMOTESENDER Will only send the notification if the sender of the virus is a remote user. ONLYSENDIFREMOTESENDER ONLYSENDIFSENDER Will only send the notification if the sender of the virus is one you specify. ONLYSENDIFSENDER [EMAIL PROTECTED] ONLYSENDIFSENDER @example.com ONLYSENDIFLOCALRECIPIENT Will only send the notification if the recipient of the virus is a local user. ONLYSENDIFLOCALRECIPIENT ONLYSENDIFREMOTERECEIPIENT Will only send the notification if the recipient of the virus is a remote user. ONLYSENDIFREMOTERECIPIENT SKIPIFSENDER Will not send the notification if the sender of the virus is one that you specify. SKIPIFSENDER [EMAIL PROTECTED] SKIPIFSENDER @example.com SKIPIFRECIP Will not send the notification if the recipient of the virus is one that you specify. SKIPIFRECIP [EMAIL PROTECTED] SKIPIFRECIP @example.com SKIPIFVIRUSNAMEHAS Will not send the notification if the virus name has the text that you specify. SKIPIFVIRUSNAMEHAS Klez SKIPIFVIRUSNAMEDOESNOTHAVE Will not send the notification if the virus name does not have the text that you specify. SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability I hope it helps.. regards Luis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 4:45 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Spoofed Addresses I am sure this has been discussed many times in the past, but I have been out of the loop, so forgive me for asking again. How do you notify your customers who send viruses without notifying the ones with spoofed return addresses? When we had the SoBig virus going around, we had to literally shut off our notifications because people were blacklisting us because we were sending them Virus messages even though they didn't send the virus. Thanks in advance. Chad --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-]
RE: [Declude.Virus] F-Prot and Mimail
After reading this post.. I realized that I am unprotected as well having just one scanner : f-prot. I wrote to F-Prot saying that I was very amazed knowing that mcafee, Symantec, avg and f-secure already updated their signature files to detect Mimail. And that f-prot hasn't updated theirs yet. Let's see what they have to say. Meanwhile I would like your advise for a second scanner 1.AVG? I don't know what version to buy. Profesional Single edition for US33 or AVG Server Edition... 2.F-Secure? US$53 according to their site. 3. Mcafee? What version of Mcafee should I buy? What has been the experience with Mcafee at all? What about Norton. I remember that someone said that there was a workaround to use Norton and Declude... any ideas? Regards Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Monday, August 04, 2003 10:50 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-Prot and Mimail Hi Paul.. I am going h now... This is our email receipt.. Back when we got it: Qty. Item Unit Price TAX % Total == 1 x AVG Server Edition (up to 2 licenses) - English (Product ID: 502793)USD 38.000.00 0.00% 38.00 == TOTAL AMOUNT USD 38.00 I just checked the site... It now is showing $70 for 2 licenses. We do not need the mail server edition since that software actually connects with the email server. I think with their new release this is the software needed. http://esd.element5.com/product.html?productid=515118sessionid=67131771ran dom=b538143df795fa662c92f8b97589a052 For all their server pricings: http://esd.element5.com/product.html?productid=515470language=Englishstyle from=502792 All we need for Declude to work is a AV software that can be called. We are using the server edition and not the mail edition. Hope this helps.. Another one that we researched and may add at one point as a 3rd scanner is: F-Secure. I exchanged some email with them and their AV runs as a service as well. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of paul Sent: Monday, August 04, 2003 10:49 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] F-Prot and Mimail Kami, F-Prot: $50 AVG: $35 [http://www.Grisoft.com] Where on the site is $35? I must be blind and missing it. The prices I see for AVG are $33 for workstation, not supporting Win2000 Server, and mail server edition STARTING at $120 for 6 boxes.. help? Due to F-prot's inability to get it's act together for this silly virus is making us look for a 2nd scanner. Granted, the body filters in place are handling the problem nicely, but it's still a pain. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot and Mimail
I forgot to add Sophos and Dr. Solomon to the list...of options for a second scanner. Any suggestions or experience? Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Monday, August 04, 2003 12:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-Prot and Mimail After reading this post.. I realized that I am unprotected as well having just one scanner : f-prot. I wrote to F-Prot saying that I was very amazed knowing that mcafee, Symantec, avg and f-secure already updated their signature files to detect Mimail. And that f-prot hasn't updated theirs yet. Let's see what they have to say. Meanwhile I would like your advise for a second scanner 1.AVG? I don't know what version to buy. Profesional Single edition for US33 or AVG Server Edition... 2.F-Secure? US$53 according to their site. 3. Mcafee? What version of Mcafee should I buy? What has been the experience with Mcafee at all? What about Norton. I remember that someone said that there was a workaround to use Norton and Declude... any ideas? Regards Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Monday, August 04, 2003 10:50 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-Prot and Mimail Hi Paul.. I am going h now... This is our email receipt.. Back when we got it: Qty. Item Unit Price TAX % Total == 1 x AVG Server Edition (up to 2 licenses) - English (Product ID: 502793)USD 38.000.00 0.00% 38.00 == TOTAL AMOUNT USD 38.00 I just checked the site... It now is showing $70 for 2 licenses. We do not need the mail server edition since that software actually connects with the email server. I think with their new release this is the software needed. http://esd.element5.com/product.html?productid=515118sessionid=67131771ran dom=b538143df795fa662c92f8b97589a052 For all their server pricings: http://esd.element5.com/product.html?productid=515470language=Englishstyle from=502792 All we need for Declude to work is a AV software that can be called. We are using the server edition and not the mail edition. Hope this helps.. Another one that we researched and may add at one point as a 3rd scanner is: F-Secure. I exchanged some email with them and their AV runs as a service as well. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of paul Sent: Monday, August 04, 2003 10:49 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] F-Prot and Mimail Kami, F-Prot: $50 AVG: $35 [http://www.Grisoft.com] Where on the site is $35? I must be blind and missing it. The prices I see for AVG are $33 for workstation, not supporting Win2000 Server, and mail server edition STARTING at $120 for 6 boxes.. help? Due to F-prot's inability to get it's act together for this silly virus is making us look for a 2nd scanner. Granted, the body filters in place are handling the problem nicely, but it's still a pain. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from
RE: [Declude.Virus] MiMaill - ban ext
I believe you can look for it in the virus folder.. Ask your customer who sent the message and look for it in the logs file, then use the message number to look for it in the virus folder \imail\spool\virus\ Or you can see in the viruslog looking for the name of the zipfile expected by your customer. Then check the name of the file file stopped by the ban rule and then look for it in the virus folder. Once found in the \IMail\spool\virus\ directory copy the file in the \IMail\spool\ directory, and it will be delivered on the next queue run (about 30 minutes -- to send it more quickly, run IMail Administrator to view the queue, and click the Send All button several times). Regards. Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dustin Freeman Sent: Monday, August 04, 2003 1:05 PM To: '[EMAIL PROTECTED]' Subject: [Declude.Virus] MiMaill - ban ext Ok I banned the .zip ext in Dclude virus since I'm using F-prot and that's it! (shoot my foot) But I have a customer that was waiting on a .zip file...are they auto deleted or can I find this message that he was waiting on? Thank you Dustin --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] error installing multiple scanners
After installing 3 scanners in the config file shown as this... just to see what is the origin of the error. SCANFILE D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC VIRUSCODE 2 VIRUSCODE 6 SCANFILE D:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORT Infection: SCANFILE D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC VIRUSCODE 2 VIRUSCODE 6 I found this in the DEBUG logs 08/04/2003 18:10:40.765 Qe7ef001600f810fc Scanning files (3 scanners) 08/04/2003 18:10:40.765 Qe7ef001600f810fc Starting scanner #1: D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC d:\IMail\spool\DE7EF0~1.VIR\ 08/04/2003 18:10:40.765 Qe7ef001600f810fc Scanner to start immediately, no need to wait for others to end. 08/04/2003 18:10:40.781 Qe7ef001600f810fc Virus Scanner Started: D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC d:\IMail\spool\DE7EF0~1.VIR\ 08/04/2003 18:10:49.843 Qe7ef001600f810fc Virus scanner 1 reports exit code of 0 08/04/2003 18:10:49.843 Qe7ef001600f810fc Starting scanner #2: d:\IMail\spool\DE7EF0~1.VIR\ 08/04/2003 18:10:49.843 Qe7ef001600f810fc Scanner to start immediately, no need to wait for others to end. 08/04/2003 18:10:49 Qe7ef001600f810fc Your virus scanner DOES NOT EXIST (at d:\IMail\spool\DE7EF0~1.VIR\); NOT SCANNING ATTACHMENTS! [2] 08/04/2003 18:10:49.843 Qe7ef001600f810fc Starting scanner #3: d:\IMail\spool\DE7EF0~1.VIR\ 08/04/2003 18:10:49.843 Qe7ef001600f810fc Scanner to start immediately, no need to wait for others to end. 08/04/2003 18:10:49 Qe7ef001600f810fc Your virus scanner DOES NOT EXIST Scanners 2 and 3 are recognized as d:\IMail\spool\DE7EF0~1.VIR\ I have no idea why happens any clues? Regards Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Spangenberg Sent: Monday, August 04, 2003 4:03 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] 2nd scanner - 32bit? Of all the scanners that are listed for use with declude, which are 32bit apps? Isn't it important for efficiency to have both scanners be 32bit? I am now running F-prot's fpcmd.exe and want to have a second one. I have Dr. Solomon scan.exe available, but that's 16 bit...right? Dan Spangenberg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-]
RE: [Declude.Virus] AVG - Grisoft Errors after installation
Got it.. corrected and works great... Sorry to bother you... Please ignore other email I just sent about this same topic... Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, August 04, 2003 6:15 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] AVG - Grisoft Errors after installation However when running, I found these messages in the logs: Check the bold lines 08/04/2003 17:53:34.796 Qe3ee000801266a26 Starting scanner #1: D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC d:\IMail\spool\DE3EE0~1.VIR\ 08/04/2003 17:53:41.937 Qe3ee000801266a26 Starting scanner #2: d:\IMail\spool\DE3EE0~1.VIR\ The problem here is that Declude Virus knows that you have 2 scanners, but doesn't have a filename to use for the second one. SCANFILE D:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORTInfection: SCANFILE D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC VIRUSCODE 2 VIRUSCODE 6 The problem here is that Declude Virus doesn't know which is which (for example, is the VIRUSCODE 3 line supposed to go with the first scanner or the second one?). If you change it to: SCANFILE1 D:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE1 3 VIRUSCODE1 6 REPORT1Infection: SCANFILE2 D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC VIRUSCODE2 2 VIRUSCODE2 6 Then, it should work. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Mimail.A@mm Virus Fprot Definitions??
No idea.. waiting for them since last Friday. I finally installed AVG -www.grisoft.com- as a primary scanner and fprot as second scanner. AVG is suppose to catch MIMAIL Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Matuska Sent: Monday, August 04, 2003 6:24 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] [EMAIL PROTECTED] Virus Fprot Definitions?? Does anyone have any idea when F-Prot will have definitions for the [EMAIL PROTECTED] virus? I am starting to see a couple of these slip through and even though they are setting off declude junkmail they are only being marked as spam by our Junkmail policies and still could be opened by end users, especially since it seems to be forging an address from our own domain. Does anyone have any idea when F-Prot will get definitions for this one? Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Unknown user, host.
there are a lot of possibilities. what SMTP server are your users using? your IMAIL server? what do the logs tell you? is it possible that your IP or mail server address is included in a SPAM list -lister as a spammer-? Luis Arango - Original Message - From: Bralynn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 20, 2003 9:44 AM Subject: [Declude.Virus] Unknown user, host. Has anyone had the problem of sending to e-mails/domains that have a subdomain? It seems we are having quite a few customers not able to send to certain domains. The common thing about all these domains is that they are subdomained. Example, dhc.state.us, rosalinda.paonia.com, quite a few more. Anyone know of a reason our mail server would not be able to reach subdomained e-mail addresses? Thanks. Bralynn [Scanned by AwesomeNet Anti-Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New weblog analyzer available
I would be glad to be a beta tester and provide my 2 cents to the asp script. [EMAIL PROTECTED] Luis Arango - Original Message - From: Duane Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 30, 2003 7:51 PM Subject: [Declude.Virus] New weblog analyzer available I have compiled the first public beta of MIAMI, which is a Declude Virus log analyzer. (see previous posts) At this point Declude JunkMail is not included, but when it is, I feel it will be the coolest thing yet. I was planning on programming the web side of things in PHP, but since everything else is a Microsoft Application and ASP is built into IIS, ASP seems like the more logical choice. I am interested in hearing from anyone that would like to beta test this program, THAT CAN ALSO help with the ASP script setup. Here is a link to the first pictures. It's only of the database, but to me since this data is in the database, the possibilities are endless. (graphs, chars, pie's, multiple query statements) http://www.coxnetwork.com/miami/images/db1.jpg http://www.coxnetwork.com/miami/images/db2.jpg Duane --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] F-Prot version 3.12d released
Hi F-Prot users. I just got a notification from F-Prot. Version 3.12d is available. here is the main body text of their notification --- Version 3.12d of F-Prot Antivirus for Windows, Linux and BSD has been released and is ready for download. Some changes have been made, the most significant one is enhanced detection capabilities for future unknown threats. To update your version of F-Prot Antivirus to version 3.12d simply go to: http://subscription.f-prot.com/download.html --- regards Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot version 3.12d released
I just installed so far so good.. Luis Arango - Original Message - From: Panda Consulting S.A - Luis Alberto Arango [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 20, 2003 1:18 PM Subject: [Declude.Virus] F-Prot version 3.12d released Hi F-Prot users. I just got a notification from F-Prot. Version 3.12d is available. here is the main body text of their notification --- Version 3.12d of F-Prot Antivirus for Windows, Linux and BSD has been released and is ready for download. Some changes have been made, the most significant one is enhanced detection capabilities for future unknown threats. To update your version of F-Prot Antivirus to version 3.12d simply go to: http://subscription.f-prot.com/download.html --- regards Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Template options
Scott, do you have a web page with a list of all available options -with examples if possible- to set at the begining of the E-Mail template files. It would be very useful for reference. like ONLYSENDIFREMOTESENDER SKIPIFVIRUSNAMEHAS SKIPIFVIRUSNAMEDOESNOTHAV SKIPIFSENDER FORGINGVIRUS SKIPIFRECIP are there more? many thanks.. Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Template options
WOW!.. incredible response time... Many, Many thanks Scott.. It is very useful. One question and 3 suggestions Q: For the SKIPIFRECIP option, I should use one option per domain.Right ? Example: SKIPIFRECIP @domaina.com SKIPIFRECIP [EMAIL PROTECTED] SKIPIFRECIP @domaind.com Suggestion: In the SKIPIFRECIP usage you should consider adding the per domain case according to the release notes: Now, the usage is as follows (in the online manual): SKIPIFRECIP [EMAIL PROTECTED] I suggest something like: SKIPIFRECIP [EMAIL PROTECTED] or SKIPIFRECIP @example.com --- same goes for SKIPIFSENDER option Also in the introductory test of the options list (online manual), it says: With Declude Virus, you can also restrict who the notification is sent to, using certain commands in the E-mail template files. Each command needs to be on a line by itself. The available commands are: I suggest (see suggestion between ******): With Declude Virus, you can also restrict who the notification is sent to, using certain commands in the E-mail template files. Each command needs to be on a line by itself. ***Make sure to add the options to the beginning (before the first blank line) of any of the \IMail\Declude\*.eml files.*** The available commands are: Perhaps you can place a link to a .eml example, so users understand how to use the commands I hope it helps.. best regards to the best Email AntiVirus/AntiSpamming Team in the World Luis Arango - Original Message - From: Rick Leske [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 20, 2003 4:48 PM Subject: RE: [Declude.Virus] Template options Awesome!.. Great Scott!! ~Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Monday, January 20, 2003 3:23 PM - FamHost To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Template options I hope you understand when I say.. its hard for me to concieve of renewing a support agreement when your product isn't even fully documented.. The manual ( http://www.declude.com/virus/manual.htm ) has been updated to include all the commands that can be used in the E-mail notification files. We are not aware of any options that are available but not covered in the manual; if anyone knows of any, please let me know. -Scott ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Deleteviruses
we just check every 15 days or so.. and delete old virus messages... we like to keep the messages there, in case some are caught as viruses while they aren't .. we don't want to delete those and rather we prefer to put them back in the spool for proper mailbox forwarding. If you are running out of space. I suggest to buy a secondary Hard Drive or another one... HD space is very unexpensive.. just my own opinion. regards Luis Arango - Original Message - From: Rick Leske [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 31, 2002 9:23 AM Subject: RE: [Declude.Virus] Deleteviruses Scott, Why would the recommend setting be to leave it OFF? I personally would rather our system just bit bucket the viri but if there is a sound reason to leave it OFF then great. Thanks, ~Rick Am I correct in saying that if the DELETEVIRUSES option is set to ON Declude does not save a copy of the infected email to the virus directory specified by the virus.cfg file. That is correct -- that is exactly what the DELETEVIRUSES ON setting does. -Scott ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [Email scanned for viruses by Panda Consulting -www.pandacons.com-] --- [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [Email scanned for viruses by Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-PROT
not at all. fprot has worked good on our server. Make sure Real Time protector is off. that really gave as a headache during first days of testing. perhaps set the update system to check for updates every two hours at least, to make sure you have always the latest updates. there are guys out there that check every hour.. it is up to you. Luis - Original Message - From: paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 31, 2002 10:14 AM Subject: [Declude.Virus] F-PROT Ok, I've tossed Innoculan in favor of F-prot, about set to start Declude again, For users of F-prot, or Scott, what's the precautions to take going this route? Obviously disabling real time protector on install, but anyone else have any comments? Paul --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [Email scanned for viruses by Panda Consulting -www.pandacons.com-] --- [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [Email scanned for viruses by Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] declude log
Is the client sending out the E-mails himself, or is he using IMail to send them? the emails sent by my client are being sent by himself without using IMAIL. he uses his own ISP SMTP. Which version of Declude are you using (\IMail\Declude -diag, exactly like that, from a command prompt will show you)? it is version 1.60 One of the .SMD files shows that the E-mail was scanned twice (two Scanned for viruses lines at the bottom), while the other three were once scanned once. Yes I noticed that too... I have no idea why is that, since the client doesn't use IMAIL for SMTP. The other thing that I noted was that it was several minutes between the time that IMail accepted the bounce messages and Declude Virus was encountered this problem. Is there a very heavy load on the server when this occurs? that is rare.. there is not heavy load in the server. we receive between 10K and 20K emails daily, unless that is heavy load, and our smtp process between 1K and 3K daily. I have to double check figures..perhaps at that time everybody was sending emails through the server. I tried reproducing the problem here with the .SMD files, and wasn't able to. -Scott thanks for your help and effort to find out what is going on. Today I looked at declude log again and had several errors. All the SMD's I was able to look at, came again from the same postmaster as a response to my client email saying that the sender wasn't found or host didn't exist. Just like the samples I sent you. that is really strange. It seems like the message coming from the remote postmaster has something that drives declude or F-Prot crazy. I have no idea what to do about it. I will keep looking -Luis Arango --- [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [Email scanned for viruses by Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] declude log
Sorry for the delay searching the logs. Here they are I found some really strange things. I believe you can really understand what is going on. Attached is a small zip file. it contains SMD files and a report.txt I just extracted the info of 5 different cases. 4 of them with their SMD files. the strange thing is that all files are related to the same email type. they are emails coming from a postmaster of the smtp used by a client of mine to send massive mail. the postmaster response says that the host wasn't found or user unknown in some cases and returned the email sent by my client. when declude scans those emails, the problem shows up. that is really weird. what do you think? regards... and sorry in advance for bothering you with this case. The only reliefe I have is that the emails presenting the errors are just return notifications, but nevertheless it is very strange and shouldn't happen right? regards Luis Arango - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 13, 2002 12:31 PM Subject: Re: [Declude.Virus] declude log I am running just one instance of IMAIL software. I am not aware of any software or service calling declude.exe twice. In october 11 the Error 183 happened about 46 times. And declude scanned 23 thousand inbound mails that day so that is very weird. for example today (saturday-october 12)... by 2:00 pm.. .no Error 183 has occurred and two thousand inbound messages have been virus scanned if declude is called twice... I should be receiving error 183 for every single message declude scans... whith that said.. any suggestion? Could you check the log file for one of the instances where this happens, and check for all log file entries with the same identifier for that day? For example, if there is a log file entry: 10/11/2002 11:54:51 Q022d018301e47115 Error: Couldn't lock file d:\IMail\spool\Q022d018301e47115.SMD (183) then you could search the log file for 022d018301e47115, like this: find 022d018301e47115 \IMail\spool\vir1011.log /i or find 022d018301e47115 \IMail\spool\vir1011.log /i list.txt to save the output to a file list.txt. Recent versions of IMail (the one with the long file names in the spool) are supposed to use unique file names, and not repeat them -- searching the Declude Virus log file as described above should help determine if IMail is reusing the same file name. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [Email scanned for viruses by Panda Consulting -www.pandacons.com-] report1016.zip Description: application/compressed
Re: [Declude.Virus] Charging or not?
We manage several virtual domains. I charge $1/month per antivirus per mailbox or alias (keep in mind that they can have several alias pointing to another mailbox outside Imail). and $1/month per mailbox. Total of $2 (dollars). for clients with more than 200 mailboxes, we charge depending on the client, specific needs and other business we carry to them. Usually we also manage their SQL DB and sites. For them we sometimes lower the price to 75 for mailbox and 75 for Antivirus.. But I usually try to keep the $1/monthy/mailbox for the antivirus. We don't have antispamming so far.. that is going to be our next purchase. regards Luis Arango - Original Message - From: Doug McKee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 15, 2002 7:18 AM Subject: [Declude.Virus] Charging or not? Is anyone charging for the virus scanning or junkmail filtering? If so, how much and what sales pitch did you use successfully? If not, why not? The junkmail filtering will save a company a minimum of 10-20$ per month per user. Doug McKee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [Email scanned for viruses by Panda Consulting -www.pandacons.com-] --- [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [Email scanned for viruses by Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: Answered: RE: [Declude.Virus] OT: What does SMTP, SMTPD, and IMAP4 in syslog?
thanks for doing that job and sharing it with us.. I didn't know that post... I bookmarked the link. It is always useful to have close when you need it. regards Luis Arango - Original Message - From: eddie pang [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 15, 2002 12:51 AM Subject: Answered: RE: [Declude.Virus] OT: What does SMTP, SMTPD, and IMAP4 in syslog? http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg59021.html Dangs took me 2hours and 45 minutes... Would be great if declude provided a link to these hidden treasures :) Sincerely, Eddie :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of eddie pang Sent: Monday, October 14, 2002 5:07 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] OT: What does SMTP, SMTPD, and IMAP4 in syslog? Hi all, Sorry for the email.. For the life of me i cant locate the archive stating the how to interprete the syslog. I know I was mention a few days ago, but for the life of me, my choice of words, aint picking it up... Its been a long day :( Thanks in advance... eddie :) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [Email scanned for viruses by Panda Consulting -www.pandacons.com-] --- [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [Email scanned for viruses by Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] declude log
Hi Scott: I found a declude.log file in c:\ I opened it and found a lot of strange logs... look at this 10/08/2002 18:56:07 Q708602ed01947d88 Couldn't move/copy data file [32]. Priority back to 32. 10/08/2002 18:56:21 Q708602ed01947d88 WARNING: Could not unlock file due to error #2. 10/08/2002 18:56:22 Q7087000201b8821c Couldn't move/copy data file [32]. Priority back to 32. 10/08/2002 18:56:22 Q7087000201b8821c Couldn't move/copy data file [32]. Priority back to 32. 10/08/2002 18:56:22 Q7087000201b8821c WARNING: Could not unlock file due to error #2. 10/08/2002 18:56:22 Q7087000201b8821c Couldn't move/copy data file [32]. Priority back to 32. 10/08/2002 18:56:22 Q7087000201b8821c WARNING: Could not unlock file due to error #2. 10/08/2002 18:56:22 Q7087000201b8821c Couldn't move/copy data file [32]. Priority back to 32. 10/08/2002 18:56:22 Q7087000201b8821c WARNING: Could not unlock file due to error #2. 10/08/2002 18:56:22 Q7087000201b8821c Couldn't move/copy data file [32]. Priority back to 32. 10/08/2002 18:56:22 Q7087000201b8821c WARNING: Could not unlock file due to error #2. it strange, there are days of intense activity and some days that don't register any activity at all. here are just the latest logs 10/11/2002 08:47:47 Qd639018701eabfb6 WARNING: Could not unlock file due to error #2. 10/11/2002 11:54:33 Q022c2aa001406c90 Couldn't move/copy data file [32]. Priority back to 32. 10/11/2002 11:54:33 Q022c2aa001406c90 Couldn't move/copy data file [32]. Priority back to 32. 10/11/2002 11:54:51 Q022d018301e47115 Could not lock d:\IMail\spool\Q022d018301e47115.SMD; timed out (j=2). 10/11/2002 11:54:51 Q022d018301e47115 Error: Couldn't lock file d:\IMail\spool\Q022d018301e47115.SMD (183) 10/11/2002 11:54:51 Q022c2aa001406c90 WARNING: Could not unlock file due to error #2. 10/11/2002 11:55:45 Q023b2aa10140a851 Couldn't move/copy data file [32]. Priority back to 32. 10/11/2002 11:55:45 Q023b2aa10140a851 Couldn't move/copy data file [32]. Priority back to 32. 10/11/2002 11:55:45 Q023b006c0204a851 Couldn't move/copy data file [32]. Priority back to 32. 10/11/2002 11:55:45 Q023b2aa10140a851 WARNING: Could not unlock file due to error #2. 10/11/2002 11:55:53 Q023b006c0204a851 WARNING: Could not unlock file due to error #2. 10/11/2002 11:55:53 Q023b2aa10140a851 WARNING: Could not unlock file due to error #2. 10/11/2002 11:55:57 Q02452be70130cddb Couldn't move/copy data file [32]. Priority back to 32. 10/11/2002 11:55:58 Q024600a701f6d240 Couldn't move/copy data file [32]. Priority back to 32. 10/11/2002 11:55:58 Q0246023b01acd359 Couldn't move/copy data file [32]. Priority back to 32. 10/11/2002 11:55:58 Q0246032f022cd4d0 Couldn't move/copy data file [32]. Priority back to 32. 10/11/2002 11:56:05 Q0246023b01acd359 WARNING: Could not unlock file due to error #2. 10/11/2002 11:56:05 Q02452be70130cddb WARNING: Could not unlock file due to error #2. 10/11/2002 11:56:05 Q0246032f022cd4d0 WARNING: Could not unlock file due to error #2. 10/11/2002 11:56:05 Q024600a701f6d240 WARNING: Could not unlock file due to error #2. 10/11/2002 11:56:37 Q0248016c01b0dcee Could not lock d:\IMail\spool\Q0248016c01b0dcee.SMD; timed out (j=2). 10/11/2002 11:56:37 Q0248016c01b0dcee Error: Couldn't lock file d:\IMail\spool\Q0248016c01b0dcee.SMD (183) 10/11/2002 11:57:14 Q024906c8015cddd8 Could not lock d:\IMail\spool\Q024906c8015cddd8.SMD; timed out (j=2). 10/11/2002 11:57:14 Q024906c8015cddd8 Error: Couldn't lock file d:\IMail\spool\Q024906c8015cddd8.SMD (183) 10/11/2002 11:57:14 Q024906c8015cddd8 Could not lock d:\IMail\spool\Q024906c8015cddd8.SMD; timed out (j=2). 10/11/2002 11:57:14 Q024906c8015cddd8 Error: Couldn't lock file d:\IMail\spool\Q024906c8015cddd8.SMD (183) 10/11/2002 11:57:14 Q024a0430017ae3c4 Could not lock d:\IMail\spool\Q024a0430017ae3c4.SMD; timed out (j=2). 10/11/2002 11:57:14 Q024a0430017ae3c4 Error: Couldn't lock file d:\IMail\spool\Q024a0430017ae3c4.SMD (183) 10/11/2002 11:57:14 Q024a0430017ae3c4 Could not lock d:\IMail\spool\Q024a0430017ae3c4.SMD; timed out (j=2). 10/11/2002 11:57:14 Q024a0430017ae3c4 Error: Couldn't lock file d:\IMail\spool\Q024a0430017ae3c4.SMD (183) what do you think? what is this? is declude working fine? has problems? any other information from me declude is running in d:\imail\ thanks Luis Arango --- [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [Email scanned for viruses by Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.