[Declude.Virus] passworded zip file
Declude 1.81 virus standard A client reguarly receives a passworded .zip file. A similiar file is batch sent to 100's of others - the sender cant/wont change the way they send these files. The file is always received from the same sender using the same ip address We havebeen using virus_domains.txt to bypass our clients email being scanned for virus'suntil very recently, but has found several virus's have recently got thru their own anti virus software Is there any way of declude virus whitelisting either the senders email address or ip address for email being sentto our client? - I have added the IP address to be whitelisted in global.cfg but it still deletes what it believes to be an infected file 10/23/2004 17:59:24 Qe52c1aeb008a6cf6 Found encrypted .ZIP file10/23/2004 17:59:24 Qe52c1aeb008a6cf6 Scanned: Banned file extension. [MIME: 3 5031]10/23/2004 17:59:24 Qe52c1aeb008a6cf6 Couldn't open E-mail file C:\IMail\Declude\BANnotify.eml.10/23/2004 17:59:24 Qe52c1aeb008a6cf6 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]10/23/2004 17:59:24 Qe52c1aeb008a6cf6 Subject: ---Confidential MOE CSV File for pay period 315[23/10/2004 17:56:27] tks Peter
[Declude.Virus] new interim version
I note a new interim version - Does this fix the GDI false Postive issue? Thursday, September 30, 2004 3:27 PM 506785 Declude.exe P --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] JPEG Vulnerability
Scott Started to appear here in NZ now. We have just seen the first one sent by a local person to a recipient using our server It seems to me that if the PC is infected, that every jpg they send by email also contains the vulnerability - correct? Ta Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, 30 September 2004 11:07 a.m. To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] JPEG Vulnerability Are all JPEG's vulnerable or just some with a bad format? Only JPEG files that are created maliciously are a problem. But there have already been some sent out. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] blocking auto reply messages
How is the below implimented? Tks Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Saturday, 1 May 2004 9:14 a.m. To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] blocking auto reply messages Excellent observation and thinking Matt. I had to sit down and write my own filters. I've paired these mailfrom addresses with a combo test of your anti-av filter. MAILFROM0 CONTAINS MAILFROM0 CONTAINSAntigen@ MAILFROM0 CONTAINSAntigen_ MAILFROM0 CONTAINSDLWC-virus-scanner@ MAILFROM0 CONTAINSe500admin@ MAILFROM0 CONTAINSNAVMSE- MAILFROM0 CONTAINSNAVMSE_ MAILFROM0 CONTAINSNAVMSE@ MAILFROM0 CONTAINS Symantec_AntiVirus_for_SMTP_Gateways@ MAILFROM0 CONTAINSVirus_Alert@ MAILFROM0 CONTAINSVirus-Alert@ MAILFROM0 CONTAINSVirus-Alert. MAILFROM0 CONTAINSviruschecker@ MAILFROM0 CONTAINSvirus-scanner@ MAILFROM0 CONTAINSvirusmanager@ MAILFROM0 CONTAINSVirus-Monitor@ MAILFROM0 CONTAINSvirusscan@ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion
The new site looks good. But where can I find the interim releases now? Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, 8 April 2004 2:57 a.m. To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion I did some tests again, and the zips where caught. However the initial test file I used wasn't caught. I haven't been able to reproduce the file again in away it is not caught by declude. But I have the original file that I tested and retested and that Declude let it pass. I am sure that the problem is not declude, but the file. I will send it to your virustrap address so you can take a look and test it your self. There is indeed something odd about that .ZIP file, that doesn't appear to conform to the specs for .ZIP files. But, a standard copy of pkunzip is able to handle the file, so we have a new interim release 1.79i2 at http://www.declude.com/interim that will handle this as expected. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Bagle.J / news.com article on AV software opening zipped files.
I have added BANEXT EZIP BANEZIPEXT ON To my virus.cfg file and tested it. No doubt that the passworded .zip files are not getting thru, but also normal .zip files are not either. I am getting a little confused (but hey that's easy for me) about it all now Is there something else I should or not be doing? Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, 8 March 2004 9:21 p.m. To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Bagle.J / news.com article on AV software opening zipped files. BANEXT EZIP BANEZIPEXT ON John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Bennie Sent: Sunday, March 07, 2004 4:03 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Bagle.J / news.com article on AV software opening zipped files. how would you ban encrypted zips... signed Confused (aka Bennie) - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 6:22 PM Subject: Re: [Declude.Virus] Bagle.J / news.com article on AV software opening zipped files. that is going to be a chalenge for scott to incorporate in declude :) It's unlikely that we will do this. It makes for a great marketing gimmick, but won't work in the long term. All it will take is for a virus to say The password is 1 2 3 4 5 or The password is 12344 plus 1, and those AV programs will quickly leave the spotlight. We are an isp, and for us blocking zips is out of the question. Remember that all AV programs can catch viruses in standard .ZIP files. It's only the encrypted .ZIP files that pose a problem, and it is recommended that people block all encrypted .ZIP files (but allow standard .ZIP files through). That way, extremely few people are inconvenienced, but it would be very hard for a virus to get through. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
