Re: [Declude.Virus] Declude Virus inoperable for 13% of th year?
Hello David, 1- What will happen to those who have a perpetual licence but no SA on 2010-12-31 2- The prices and number of developpers is declude buisness, we cannot force you one way or another but once you make your choice, we, the customers, make our decisions based on factors, including price, quality, so even if you want to blame low prices and lack of staff,, it is still declude management fault, not the customers that is not to say that i'm not satisfied with declude product and support just dont agree with your logic BR Serge - Original Message - From: David Barker To: declude.virus@declude.com Sent: Wednesday, June 03, 2009 3:07 PM Subject: RE: [Declude.Virus] Declude Virus inoperable for 13% of th year? Andy, a. Declude Virus does not have a built in system to report this error as with this specific example. What happened here is not the norm but an exception. It was not our choice to hard code the expiration date but a requirement from AVG. In this instance the specific persons who we had been working with at AVG are no longer with the company and the process of having this renewed took longer than usual. b. I am not sure if you are being facetious, but if it makes you feel better, sure you can schedule a reminder for me, please email me at least 3 month prior of the new expiration date 2010-12-31 c. Yes AVG was not working as it should have been since 2009-04-10 I agree with you - this is totally unacceptable, intolerable, painful and should not be brushed aside lightly. You are correct in your observations, we should increase our prices dramatically so we can hire more developers to ensure unfortunate incidents like this don't happen again. Considering the market and what other vendors charge how much more are you prepared to pay for your service agreement so that we can meet this type of requirement ? David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, June 03, 2009 9:08 AM To: declude.virus@declude.com Subject: [Declude.Virus] Declude Virus inoperable for 13% of th year? Importance: High Sensitivity: Personal Hi, Dave - so now that we have a working Declude Virus again, what can be done to prevent this from recurring. a) Apparently Declude Virus has no error tracking in place at all - otherwise it would have REPORTED to us (or your own Declude to your own mail server) that the AVG API was no longer performing scans? b) Do the customers need to set a follow-up reminder for December 2010, which is when your new renewed AVG license will expire? The old DecludeProc had THIS AVG License String: LicBeg, Ver=1.0, Name=Declude, Exp=2009-04-10 So this implies, that the product was inoperable since April 10th for every customer because Declude didn't obtain a new annual AVG license and had to wait a few days for this transaction to complete? That means the product was unusable for 13% of the year? This can't just be brushed aside quietly. Best Regards, Andy --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Log analyzer
Hi how to make VLA work wih declude built in scanner ? apparantly it only handles viruses caught by second scanner TIA --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Microsoft Antivirus in your future ?
Title: Infected NDRs ? http://www.cnn.com/2005/TECH/01/06/microsoft.antivrus.ap/index.html
Re: [Declude.Virus] Microsoft Antivirus in your future ?
Title: Message the curent product is retroactive, according to the article, and may become subscribtion based Rav product will compete directly with symantec and mcafee if they SELL it as a separate product, they will have no antitrust problems they learned their lesson, they won't bundle it with windows - Original Message - From: Colbeck, Andrew To: Declude.Virus@declude.com Sent: Thursday, January 06, 2005 7:42 PM Subject: RE: [Declude.Virus] Microsoft Antivirus in your future ? My reading this morning on canoe.ca was that their purchase in 2003 of RAV is going to surface as a subscription based retroactive cleaning system for only the topmost current viruses. Microsoft is still going to encourage the purchase of big-name vendors' products for desktops and servers. That should stave off further anti-competitive lawsuits from those big-name vendors. Andrew 8) -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SergeSent: Thursday, January 06, 2005 11:09 AMTo: Declude.Virus@declude.comSubject: [Declude.Virus] Microsoft Antivirus in your future ? http://www.cnn.com/2005/TECH/01/06/microsoft.antivrus.ap/index.html
Re: [Declude.Virus] PB installing 2.0B
you are probably right we use to have the same issue with manual install However, the full install notes specificaly say that no service need to be stoped when upgrading So they need get their act together, or give us back our old manual install - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, December 21, 2004 11:04 AM Subject: RE: [Declude.Virus] PB installing 2.0B Hi Serge: We had a similar issue but I think I know what happens. If Declude is in use then it can not copy the Declude.exe file in the install directory. We used to have the same issue when copying the Declude.exe file and IMail was processing email.. Since Declude.exe was in use you could not copy it over. I stopped the services and waited for the spool to clear then installed 2.b and it worked fine.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Monday, December 20, 2004 6:50 PM To: Declude.Virus@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.Virus] PB installing 2.0B I am trying to upgrade to 2.0B Getting an error of: Error copying file to taret directory With status at removing backup files Need Help, TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.Virus] PB installing 2.0B
Here is the reply I got Talk about automatic installation :) == Please reply above this line == PB installing 2.0B Sorry the install does not support extracting that one file. Please send me a listing of the imail folder. Then rename declude.exe to declude.old and retry the install. There is 'some' issue with trying to copy in the new declude.exe. If that doesn't work, I will make new install for you with more information in it to work this out. - Original Message - From: John Carter [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, December 21, 2004 4:46 PM Subject: RE: Re[2]: [Declude.Virus] PB installing 2.0B Scott: I'm sure you have been watching this thread. Suggestion: if Declude is determined to use only the install program, have person responsible for it add an option to update only -- copying over the old declude.exe and leaving the configuration and eml's intact. (I haven't used the install program, so I'm assuming this option isn't there based on others comments.) Thanks, John --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] DO NOT UPGRADE
Just upgraded to 2.0B, and declude stoped working When running -diag I am getting a strange line: Declude v2.0b key request on MAC 000E7F2E754C. What is this key request ? Why is declude not working ? Why isn't there a warning in the installation procedure ? What is going on at Declude ? Are they trying to follow Ipswitch Mr Krap footsteps ? With Scott, it use to be safe to use Betas, is this changing now ? Did I miss any warning ? Also, declude.exe size is half what it use to be Meanwhile, went back to 1.81 E:\Imaildeclude -diag Declude 2.0b (C) Copyright 2000-2004 Computerized Horizons. Compilation Platform: IMail Diagnostics ON (Declude v2.0b). Declude v2.0b.0 key request on MAC 000E7F2E754C. loading all configs Declude JunkMail: Config file found (E:\Imail\Declude\global.CFG). Declude Virus: Config file found (E:\Imail\Declude\Virus.CFG). Declude Hijack:Config file found (E:\Imail\Declude\Hijack.CFG). Declude Confirm: Not installed (no E:\Imail\Declude\Confirm.CFG file). 103 spam tests defined: LOOSENSPAMHEADERS AHBLRELAYS AHBLPROXIES AHBLSOURCES AH LSUPPORT AHBLEXEMPT BLITZEDALL BONDEDSENDER EXSILIA-SPAM IPWHOIS NJABL NJABLDUL NJABLFORMMAIL NJABLMULTI NJABLPROXIES NJABLSOURCES ORDB CSMA-SBL COMPU RSL SPAM AG SPAMHAUS SBL SPAMCOP CBL XBL DSBL DSN MAILPOLICE-BULK MAILPOLICE-PORN NOABUS NOPOSTMASTER BASE64 BADHEADERS HELOBOGUS MAILFROM PERCENT REVDNS ROUTING SPAMH ADERS CMDSPACE COMMENTS HEUR12 SPFPASS SPFFAIL SPAMDOMAINS IPNOTINMX NOLEGITCON ENT BCC NONENGLISH SUBJECTCHARS SUBJECTSPACES FORGEDHELO-FILTER NEGATIVE-FILTER NEGATIVE-LOCAL-OE GIBBERISH GIBBERISHSUB DYNAMIC SURBL OFFENSIVE FALSE-AOL FALS -YAHOO FALSE-HOTMAIL FALSE-TELEFONICA GOOD-TELEFONICA GOOD_HOTMAIL GOOD_AOL GOO _Yahoo FILTER-BODYURL FILTER-SPAMMER-COMPANY FILTER-PORN SIZE-S SIZE-M SIZE-L S ZE-XL CEFIBBL HELOISIP HELOISIPX SNIFFER FIVETEN-SPAM FIVETEN-BULK FIVETEN-MULT STAGE FIVETEN-SPAMSUPPORT FIVETEN-MISC FIVETEN-FREE SORBS SORBS-HTTP SORBS-SOCK SORBS-MISC SORBS-SPAM SORBS-WEB SORBS-ZOMBIE SORBS-DUL WEIGHT10 DWEIGHT10 DWEI HT15 DWEIGHT20 DWEIGHT25 DWEIGHT30 DWEIGHT40 DWEIGHT50 DWEIGHT60 CATCHALLMAILS IMail reports Official Host Name as: mail.cefib.com. IMail's SendName registry seems OK: e:\Imail\Declude.exe. DNS Server: 208.154.200.1 Declude JunkMail Status: PRO version registered. Declude Virus Status:Pro Version Registered. Declude Hijack Status: Registered. End of diagnostics. - Original Message - From: Colbeck, Andrew [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, December 21, 2004 6:25 PM Subject: RE: [Declude.Virus] PB installing 2.0B Hey, Declude Support, I'm interested in a manual installation, too! ... Now, I don't want to sound like I'm shooting the messenger, but I hope you guys aren't doing this on your production server. Since I'm interested in the manual installation, I'll install it on the development server, note the changes, and then after testing, bring it over to the live server. Which is the same as I've done the last few times. If you're going to implement beta software, it's worth the effort. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Tuesday, December 21, 2004 7:02 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] PB installing 2.0B - Original Message - From: Serge [EMAIL PROTECTED] you are probably right we use to have the same issue with manual install However, the full install notes specificaly say that no service need to be stoped when upgrading So they need get their act together, or give us back our old manual install I agree, the old manual download/install should at least be an option. I don't like downloading 6.66mb file, just to get a 500kb declude.exe file. Especially when that 6mb install file takes over 3.5 minutes to complete its installation process, and then changes my config files in the process without warning (as Kami noted, it changes the .eml files - did the same thing here), and then did not install properly. After running the install, which completed without error, I ended up with a 288kb declude.exe file that did not work - I had to revert back to version 1.81 to get Declude JunkMail Virus to function again. What size declude.exe file have others that successfully installed 2.0B ended up with? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http
Re: [Declude.Virus] testvirus.org #22
have both fprot and mcafee Prescan off #22 getting caught without a problem #17 going thru Andrew is catching #17, can it have anything to do with AVAFTERJM ON ? - Original Message - From: David Sullivan [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Monday, December 20, 2004 9:47 PM Subject: Re[8]: [Declude.Virus] testvirus.org #22 I turned if off and it still got through. Test #17: Eicar virus hidden using the CR Vulnerability (attachment can be opened by all versions of Microsoft Outlook and Outlook Express) RSP I just checked this one, and it got through here, too. I examined the raw RSP source of the E-mail, and there doesn't appear to be a lone CR character in RSP it, so it doesn't appear to actually contain the Outlook CR Vulnerability. Scott, what do you get for test #22. Some have reported it caught while others haven't. My F-Prot config is: SCANFILE P:\Progra~1\fsi\f-prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=3 /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection: -- Best regards, Davidmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] PB installing 2.0B
I am trying to upgrade to 2.0B Getting an error of: Error copying file to taret directory With status at removing backup files Need Help, TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] about Imail1.exe security issue
we had the same issue few month ago i suspected problem from declude because the addresses that appear in the open imail1 window looked like ones that would be generated by declude notifications (or maybe imail gses ?) anyway, rebooting the server resolved the issue back then Unfortunatly, since upgrading to 8.13 (or 8.14, can't tell exactly, because i did both in less than 48 hours) the problem is coming again, and rebooting did not help this time. if you find a solution, let me know - Original Message - From: Crejob.com [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 10:05 AM Subject: [Declude.Virus] about Imail1.exe security issue My Imail server keep pop up a Create Mail Message, it's seems that Imail1.exe is exploit by someone to try send out spam. I try to limit the imail1.exe user permission, but this will result the webmail can not send out email. Any advice on how to solve this problem? Regards Brian --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Scott, what is our future?
Or: Option 4: stay with Imail 8.05 or 8.13 , with declude antivirus and antispam. For now, it is working fine for us we will evaluate mdaemon and other product, but we will not switch now There are people still using Imail 6.0x I'm sure we can use the current code for at least a couple of years - Original Message - From: Jim Matuska [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 26, 2004 5:42 PM Subject: Re: [Declude.Virus] Scott, what is our future? I 100% agree, we have less than a week left on our service agreement, before it expires I will have to make a recommendation to my boss that will likely be one of the following: Option 1: Give in to Imail's new scheme and pay to upgrade to the Imail Collaboration Suite Option 2: Switch to Exchange, an new Spam, and Virus providers (would be very costly) Option 3: Switch to another Email program, find a new Spam, and AntiVirus Solution for the new solution From what I hear many people on the list are going through this process right now. As nice as it was having that office email from CH without and announcement with some sort of details on where declude is heading, I can hear many server admins jumping ship and dumping Imail and Declude within the next 24 to 48 hours. I personally have been very happy with the declude products, and I send the blame 100% to Imail and not Declude, but unfortunately unless some details are provided on where Declude is heading (ASAP) it will be very likely that declude will not be used much longer as much as I hate to say. In a mission critical environment, we cannot be without a supported email product and at this point I don't see how we are going to be able to use declude no matter what choice we make. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: Matt Robertson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 26, 2004 9:52 AM Subject: Re: [Declude.Virus] Scott, what is our future? I want to add my voice to getting some sort of indicator from CH ASAP. I am buying a mail server in the next several days, and typing up my recommendations now. If CH announces (even eventual) support for one server or another thats a big factor in my decision, as I want Declude Virus running on that box if possible. -- --Matt Robertson-- President, Janitor MSB Designs, Inc. mysecretbase.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] passworded zip file
create a special mailbox for your client let him use it only for that file useper-user config in declude virus proto whitelist (turn declude virus off) on that particular mailbox use imail rules to delete all mails to that mailbox that does not have the sender address and ip in the header - Original Message - From: Peter Lowish To: [EMAIL PROTECTED] Sent: Monday, October 25, 2004 11:34 PM Subject: [Declude.Virus] passworded zip file Declude 1.81 virus standard A client reguarly receives a passworded .zip file. A similiar file is batch sent to 100's of others - the sender cant/wont change the way they send these files. The file is always received from the same sender using the same ip address We havebeen using virus_domains.txt to bypass our clients email being scanned for virus'suntil very recently, but has found several virus's have recently got thru their own anti virus software Is there any way of declude virus whitelisting either the senders email address or ip address for email being sentto our client? - I have added the IP address to be whitelisted in global.cfg but it still deletes what it believes to be an infected file 10/23/2004 17:59:24 Qe52c1aeb008a6cf6 Found encrypted .ZIP file10/23/2004 17:59:24 Qe52c1aeb008a6cf6 Scanned: Banned file extension. [MIME: 3 5031]10/23/2004 17:59:24 Qe52c1aeb008a6cf6 Couldn't open E-mail file C:\IMail\Declude\BANnotify.eml.10/23/2004 17:59:24 Qe52c1aeb008a6cf6 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]10/23/2004 17:59:24 Qe52c1aeb008a6cf6 Subject: ---Confidential MOE CSV File for pay period 315[23/10/2004 17:56:27] tks Peter
Re: [Declude.Virus] Scott, what is our future?
ditto looking seriously to moving to exim (unix, www.exim.org, free), or more likely, Mdaemon (windows platform, supports sniffer) knowing if declude is planning to interface with another product will probably help me make the decision - Original Message - From: Matt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 25, 2004 11:53 PM Subject: Re: [Declude.Virus] Scott, what is our future? Scott, I accept that Declude isn't going away, but I've dumped a lot of money into building my service around both Declude and IMail, and as things stand at the moment, I don't have $4,000 to dump on their new product just so that I can get updates for the things that they have managed to break and not fix. If you are working on another MTA, then let's hear it! As things stand at the moment, it looks like I have no other choice but to switch to another platform, and it would be best to know what your plans are before I start making my own. My gut tells me that even if I threw Ipswitch another $4,000, nothing would really change with them except for the damn price, and I really, really hate being taken advantage of. Maybe you are confident about your plans for the future, but not knowing them, how could I be. Thanks, Matt R. Scott Perry wrote: You have been strangely quiet. Are you in shock or formulating a plan -- hopefully the latter? Although I will admit to shock (disbelief would be a more appropriate term) when I first heard about this. I didn't think that Ipswitch would actually do it. But they did. As for formulating a plan, that is in the works. But a lot will depend on whether Ipswitch is smart enough to fix the problem, or whether they truly isolate the majority of their loyal customers. It may be too early to ask, but what does the future hold for Declude/Imail or Declude and _ mail server product (fill in the blank)? It's too early to say. A lot will depend on how Ipswitch responds to their customers -- I can't imagine that they will completely ignore this. A business can't survive by destroying a loyal customer base, when they have the product to offer. But I can definitely say this: Declude isn't going to go away, no matter what Ipswitch may do. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.Virus] Feature request
the issue will be resolved when the granularity is added to banzipext which scott said they should introduce in a future release. we will have something like banzipext SCR banzipext ZIP No ? - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: Dan Geiser [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 9:15 PM Subject: Re[2]: [Declude.Virus] Feature request On Tuesday, July 27, 2004, 4:38:49 PM, Dan wrote: What about BNAZIPn where n is some number of levels or greater. That is BANZIP3 instead of BANZIPZIPZIP, and in case someone wants to allow 3 levels of depth (if it comes to that) BANZIP4... _M DG I would like to request BANZIPINZIPINZIP. DG - Original Message - DG From: Scott Fisher [EMAIL PROTECTED] DG To: [EMAIL PROTECTED] DG Sent: Tuesday, July 27, 2004 10:30 AM DG Subject: [Declude.Virus] Feature request DG Now that zip files containing .zip files are a known virus threat, will DG there be a Declude update to block this virus vulnerability? I think we can DG certainly expect to see more of these in the future. I'd also like to see DG this as a high priority from Declude. DG As a corporate customer a BANZIPINZIP option would certainly be acceptable. DG It would be more questionable for ISP customers. It's probably the easiest DG quick fix. DG Making BANZIPEXTS recursive is another option. BANZIPEXTS doesn't check .ZIP files within .ZIP files. DG As a Declude Virus Pro user running three anti-virus scanners and having DG tons of extensions blocked, I see .zip files containing .zip files to be the DG most viable way to get a virus into my e-mail system. DG Scott Fisher DG Director of IT DG Farm Progress Companies DG --- DG [This E-mail was scanned for viruses by Declude Virus DG (http://www.declude.com)] DG --- DG This E-mail came from the Declude.Virus mailing list. To DG unsubscribe, just send an E-mail to [EMAIL PROTECTED], and DG type unsubscribe Declude.Virus.The archives can be found DG at http://www.mail-archive.com. DG --- DG Sign up for virus-free and spam-free e-mail with Nexus Technology Group DG http://www.nexustechgroup.com/mailscan DG --- DG Sign up for virus-free and spam-free e-mail with Nexus Technology Group DG http://www.nexustechgroup.com/mailscan DG --- DG [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] DG --- DG This E-mail came from the Declude.Virus mailing list. To DG unsubscribe, just send an E-mail to [EMAIL PROTECTED], and DG type unsubscribe Declude.Virus.The archives can be found DG at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] SKIPIFRECIP SKIPIFVIRUSNAMEHAS
see reply offlist - Original Message - From: Dan Geiser To: [EMAIL PROTECTED] Sent: Monday, July 19, 2004 8:01 PM Subject: Re: [Declude.Virus] SKIPIFRECIP SKIPIFVIRUSNAMEHAS Serge, When you use the names "regular viruses/forging viruses emls" what is the exact file name that you are referring to? When you use the name "vulnerability eml" what is the exact file name that you are referring to? Thanks In Advance, Dan Geiser [EMAIL PROTECTED] - Original Message ----- From: serge To: [EMAIL PROTECTED] Sent: Saturday, July 17, 2004 7:00 AM Subject: Re: [Declude.Virus] SKIPIFRECIP SKIPIFVIRUSNAMEHAS that should be possible in the regular viruses/forging viruses emls, you add SKIPIFVIRUSNAMEHAS Vulnerability In the vulnerability eml you add SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability SKIPIFRECIP [EMAIL PROTECTED] You can alsodo that by usng imail rules on the recepient mailbox in both solutions, you need to have differen emls for vulnerabilities and for viruses - Original Message - From: Dan Geiser To: [EMAIL PROTECTED] Sent: Friday, July 16, 2004 7:44 PM Subject: [Declude.Virus] SKIPIFRECIP SKIPIFVIRUSNAMEHAS Hello, All, I know that I can use SKIPIFRECIP to skip Virus Warnings for specific Domain Names and I can use SKIPIFVIRUSNAMEHAS to skip Virus Warnings for specific Virus Names. But is there any way I can supress Virus for a specific Virus Name for just one domain name? Specifically I have one customer who doesn't want to receive the "Vulnerability" warnings any longer. Thanks In Advance, Dan Geiser [EMAIL PROTECTED]
Re: [Declude.Virus] SKIPIFRECIP SKIPIFVIRUSNAMEHAS
that should be possible in the regular viruses/forging viruses emls, you add SKIPIFVIRUSNAMEHAS Vulnerability In the vulnerability eml you add SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability SKIPIFRECIP [EMAIL PROTECTED] You can alsodo that by usng imail rules on the recepient mailbox in both solutions, you need to have differen emls for vulnerabilities and for viruses - Original Message - From: Dan Geiser To: [EMAIL PROTECTED] Sent: Friday, July 16, 2004 7:44 PM Subject: [Declude.Virus] SKIPIFRECIP SKIPIFVIRUSNAMEHAS Hello, All, I know that I can use SKIPIFRECIP to skip Virus Warnings for specific Domain Names and I can use SKIPIFVIRUSNAMEHAS to skip Virus Warnings for specific Virus Names. But is there any way I can supress Virus for a specific Virus Name for just one domain name? Specifically I have one customer who doesn't want to receive the "Vulnerability" warnings any longer. Thanks In Advance, Dan Geiser [EMAIL PROTECTED]
Re: [Declude.Virus] Link for checking virus sending IP addresses
can not find the oiginal link but this will work if you replace the xs by the IP adress this is for class C (%F24) http://apps.declude.com/tools/virstats.ch?ip=xxx.xxx.xxx.0%2F24time=72type=IP - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 06, 2004 9:45 PM Subject: [Declude.Virus] Link for checking virus sending IP addresses What is the link for checking on IP addresses reported sending viruses? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot Version 3.15 w/Declude
C:\Program Files\FSI\F-Prot\FP-Updater\Updater.exe /run /quit Problem wih above is that when there is a new fprot version, the virus def update will fail I use the batch upgrade as a backup for these situations. - Original Message - From: Douglas Cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, July 04, 2004 4:58 PM Subject: RE: [Declude.Virus] F-Prot Version 3.15 w/Declude This is the command we run from task manager and have for some time with no issues. C:\Program Files\FSI\F-Prot\FP-Updater\Updater.exe /run /quit DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hyslip Sent: Friday, July 02, 2004 6:30 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-Prot Version 3.15 w/Declude will it run through task manager if called? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J Porter Sent: Friday, July 02, 2004 4:19 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] F-Prot Version 3.15 w/Declude I don't log out of the email server. I simply lock the console. The Updater will still run and the system still requires a password to get back to the console. Is there a good reason not to do it this way?? ~Joe - Original Message - From: Douglas Cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 01, 2004 3:53 PM Subject: RE: [Declude.Virus] F-Prot Version 3.15 w/Declude I have been doing that exact thing for months now. The question is what does the new version do differently that may affect the way updates work, not so much how you go out and get them. Using the scheduler requires that you have the box logged in all the time which is clearly not an option for a mail server. --- [This E-mail scanned for viruses at HNB.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Stranger...
Title: Strange...
hi all
urgent help needed
I have imail1 client window ("create mail message")
pop up on my server with all kind of real and strange addresses in the TO: and
CC: Fields.
The windows remains open on the server
desktop.
Is this a virus ? how can i identify the
service/virus/application causing this ?
TIA
Re: [Declude.Virus] Stranger...
LDAPservice is not running.
Any other idea?
- Original Message -
From:
Matt
To: [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 8:07 PM
Subject: Re: [Declude.Virus]
Stranger...
Never seen anything like it, but having an IMail window come up
as a result of a virus would be rather odd I would think. I would lean
in the direction of this being a software state that a reboot might fix, or
possibly your server is being exploited. There was an LDAP vulnerability
in IMail that was fixed in a patch to 8.05. If you don't use LDAP, I
would recommend turning it off. Apparently this can give the hacker full
access to IMail and possibly your whole server. It was being exploited
as well so it must be patched or disabled...or else.No other clues
though and keep in mind that I am stabbing in the
dark.MattSerge wrote:
hi all
urgent help needed
I have imail1 client window ("create mail
message") pop up on my server with all kind of real and strange addresses in
the TO: and CC: Fields.
The windows remains open on the server
desktop.
Is this a virus ? how can i identify the
service/virus/application causing this ?
TIA--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
Re: [Declude.Virus] Stranger...
LDAPservice is not running.
Any other idea?
- Original Message -
From:
Matt
To: [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 8:07 PM
Subject: Re: [Declude.Virus]
Stranger...
Never seen anything like it, but having an IMail window come up
as a result of a virus would be rather odd I would think. I would lean
in the direction of this being a software state that a reboot might fix, or
possibly your server is being exploited. There was an LDAP vulnerability
in IMail that was fixed in a patch to 8.05. If you don't use LDAP, I
would recommend turning it off. Apparently this can give the hacker full
access to IMail and possibly your whole server. It was being exploited
as well so it must be patched or disabled...or else.No other clues
though and keep in mind that I am stabbing in the
dark.MattSerge wrote:
hi all
urgent help needed
I have imail1 client window ("create mail
message") pop up on my server with all kind of real and strange addresses in
the TO: and CC: Fields.
The windows remains open on the server
desktop.
Is this a virus ? how can i identify the
service/virus/application causing this ?
TIA--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
Re: [Declude.Virus] Stranger...
LDAPservice is not running.
Any other idea?
- Original Message -
From:
Matt
To: [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 8:07 PM
Subject: Re: [Declude.Virus]
Stranger...
Never seen anything like it, but having an IMail window come up
as a result of a virus would be rather odd I would think. I would lean
in the direction of this being a software state that a reboot might fix, or
possibly your server is being exploited. There was an LDAP vulnerability
in IMail that was fixed in a patch to 8.05. If you don't use LDAP, I
would recommend turning it off. Apparently this can give the hacker full
access to IMail and possibly your whole server. It was being exploited
as well so it must be patched or disabled...or else.No other clues
though and keep in mind that I am stabbing in the
dark.MattSerge wrote:
hi all
urgent help needed
I have imail1 client window ("create mail
message") pop up on my server with all kind of real and strange addresses in
the TO: and CC: Fields.
The windows remains open on the server
desktop.
Is this a virus ? how can i identify the
service/virus/application causing this ?
TIA--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
Re: [Declude.Virus] Stranger...
Title: Strange...
i know imail1 is a command line mailer
but how do i find what i causing the imail 1 window
to be open and filed with all these adresses ?
see attached gif
- Original Message -
From:
Darin Cox
To: [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 10:21
PM
Subject: Re: [Declude.Virus]
Stranger...
Does this shed any light?
http://support.ipswitch.com/kb/IM-19980119-DD10.htm
Darin.
- Original Message -
From: Serge
To: [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 3:55 PM
Subject: [Declude.Virus] Stranger...
hi all
urgent help needed
I have imail1 client window ("create mail
message") pop up on my server with all kind of real and strange addresses in
the TO: and CC: Fields.
The windows remains open on the server
desktop.
Is this a virus ? how can i identify the
service/virus/application causing this ?
TIA
attachment: server2.gif
Re: [Declude.Virus] Stranger...
Title: Strange...
is imail1used by IMAIL?
i mean, can we delete or rename imail1
?
- Original Message -
From:
Darin Cox
To: [EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 12:24
AM
Subject: Re: [Declude.Virus]
Stranger...
Don't know...never seen the
problem...
I sent that link because it showed that there is
a switch that will cause it to pop up... -i. Might check to see if that
could have anything to do with it. You might also check your registry
for anything different from the standard settings.
Darin.
- Original Message -
From: serge
To: [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 7:46 PM
Subject: Re: [Declude.Virus] Stranger...
i know imail1 is a command line
mailer
but how do i find what i causing the imail 1
window to be open and filed with all these adresses ?
see attached gif
- Original Message -
From:
Darin Cox
To: [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 10:21
PM
Subject: Re: [Declude.Virus]
Stranger...
Does this shed any light?
http://support.ipswitch.com/kb/IM-19980119-DD10.htm
Darin.
- Original Message -
From: Serge
To: [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 3:55 PM
Subject: [Declude.Virus] Stranger...
hi all
urgent help needed
I have imail1 client window ("create mail
message") pop up on my server with all kind of real and strange addresses in
the TO: and CC: Fields.
The windows remains open on the server
desktop.
Is this a virus ? how can i identify the
service/virus/application causing this ?
TIA
[Declude.Virus] Server Hijacked
hi We got our server hijacked today. We use relay for adresses and one of our clients servers, who is using MDaemon was used as a relay to realy through our server. I blocked all coming smtp connection to adresses other than our mail server's. (outgoing smtp was blocked for a long time, but that was the first time someone relay through our customers. I am now more likely to buy Hijack, that will budgeted soon. Meanwhile need more ideas on what i can do to increase security. One idea is to block all mail through our server where the From or the Replyto is from a local domain, or a local valid address. Is this a good idea ? and can this be done with Imail/declude ? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Problem reinstalling 1.75 on a new server
You seem to have 2 different issues, one with declude, another with fprot 1- put the complete pass for virdir (in your case d:\imail\spool\virus ) 2- make sure d:\imail\spool\virus directory exists 3- what is the error message you are getting when you run fprot from command line ? 4- what is in your virus.cfg file (do not post your activation code) ? 5- go to d:\imail, type declude declude.txt and post the declude.txt file 6- Try to reinstall f-prot in c:\fprot, instead of C:\Progra~1\FSI\F-Prot and see what happens - Original Message - From: Yoder, Chris [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, May 12, 2004 5:09 PM Subject: [Declude.Virus] Problem reinstalling 1.75 on a new server I have IMail set up on a new server with the main Imail (software + users) directory on D and the spool directory on E. We are using F-Prot as our anti-virus scanner. When I run declude.exe from the command line in the D:\imail directory in the setup step, I get the message back: D:\imaildeclude Declude 1.75 (C) Copyright 2000-2003 Computerized Horizons. All Rights Reserved . argc2 D:\imaildeclude In virus.cfg, I have the following lines to activate declude: SCANFILE C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORT Infection: VIRDIR spool\virus Note that I didn't move VIRDIR to E: (should I have? there is a directory on D called spool.) In D:\imail\spool I have a file titled vir0511.log, but not one for today. If I execute: C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt at the command line, I do not get an error. I have verified that virus.cfg file is in the D:\imail\declude directory. -- Chris Yoder Smog, Just say NO! Director, Information Services, DAR Drive electric today. [EMAIL PROTECTED] http://www.its.caltech.edu/~rcy/ Treat the Earth well. It was not given to you by your parents. It was loaned to you by your children. - Kenyan proverb (Listed at The American Museum of Natural History in NY City) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New Virus Alert mailing list for urgent virus information
we need a similar emergency list for spam tests going down, requiring changes in global.cfg - Original Message - From: Dale McDiarmid [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 10:37 PM Subject: Re: [Declude.Virus] New Virus Alert mailing list for urgent virus information Excellent idea. Thank you very much. D. At 01:29 PM 3/26/2004, you wrote: FYI, at the request of our customers, we have just set a new mailing list called Virus Alert. The list is designed to let our customers know as soon as we find out about new, fast-spreading viruses. The goal is to help you be as protected as possible before virus definitions are updated. Unlike virus alert lists from AV companies, the only posts to this list will be ones that are urgent in nature (some people will be having this list forward to cell phones and pagers). We expect that this list will have perhaps several posts per month (as opposed to the several posts per day on most AV alert lists). We expect that when a new, fast-spreading virus appears, there will be several posts to this list. The first will be to inform that we believe a new, fast-spreading virus has been released. This will be posted as soon as we believe this to be the case. Then, if we discover information that can be used to block the virus before virus definitions are updated, we will post that. Finally, if an interim release of Declude Virus is required to catch the virus for some reason, we will post when that is ready. E-mails from this list will have [Virus Alert] in the subject. Note that this is a moderated list. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New Virus Alert mailing list for urgent virus information
For those of us who are not full time postmasters, we may spend days, sometime more than a couple of weeks without reading these lists. and when we come back, we usualy do not have the time to catch up so an emergency junkmail list would be welcomed, not necessarly to route to sms/pager, but at least to regular email adress - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 27, 2004 12:50 AM Subject: RE: [Declude.Virus] New Virus Alert mailing list for urgent virus information we need a similar emergency list for spam tests going down, requiring changes in Global.cfg Not really, as those (in the past) have not occurred so rapidly that a problem occurred. There is almost always a few days notice and is discussed on the JunkMail list. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Is this dangerous ?
This is the type that ask you do click and download Dangerous ? How can it be blocked ? Received: from juengel.com [200.189.84.134] by mail.cefib.com (SMTPD32-8.05) id AA401500290; Tue, 23 Mar 2004 05:25:20 + Message-ID: [EMAIL PROTECTED] From: Security Fix [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Control Your PC Date: Tue, 23 Mar 2004 01:28:28 -0500 Mime-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_245_F5DD_6071F5DD.6071F5DD X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-IMAIL-SPAM-VALFROM: (22020752) X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command . [2-39-13800] X-RBL-Warning: IPNOTINMX: [2-42-15000] X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. [2-43-15800] X-RBL-Warning: Failed Foreign Filter X-Declude-Sender: [EMAIL PROTECTED] [200.189.84.134] X-Declude-Spoolname: Dca40015002909a77.SMD Organization: CEFIB Internet (Incoming) X-CEFIB-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-CEFIB-Note: Declude version: 1.78i27 X-CEFIB-Note: Spam-Tests-Failed: CMDSPACE, IPNOTINMX, NOLEGITCONTENT, FOREIGN, CATCHALLMAILS X-CEFIB-Note: Spam-Tests-Failed: CMDSPACE [3], IPNOTINMX [0], NOLEGITCONTENT [0], FOREIGN [0], CATCHALLMAILS [0] X-CEFIB-Note: weight: 3 X-CEFIB-Note: This E-mail was sent from cnet-cable-189-84-134.canbrasnet.com.br ([200.189.84.134]). X-CEFIB-Note: Country Chain: BRAZIL-destination X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 376432172 This is a multi-part message in MIME format. --=_NextPart_245_F5DD_6071F5DD.6071F5DD Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit To the internet store at: http://219.147.192.165/ee?kAgZ gfvogyqfohiothkiablljnyeooqoxpddwascakjotrcnaoxbqjobymfodvdckifhizlkmvzf dupsssidgjdsqrxluzxehgmiszupycddwsvqkftsowngokrkmrptxdbrcwicamgwgbnthilxhygx lxhxqysqethirslrgtqmwfhfnvfwvltgkdfbbxrhtaqksbeawu szwyordlpoexyjdbncsuvvkipnmqjidejbcxvhkkvrhvamxnprimmuuciistsxxbyzzvilhdcpbd dysupajcxfgfoyygvykvzjriwynzpoevmwpczygwemdum chbmedxvluwytnnzizxadwyluezzylddsgpzjnwwjsveiidqjaqpzrcvvcvwnabigqjsffooyjug txyfapwziywdcrbsrccavlucqitounw lxwlmsmwtizvcdnvhrxccrftcyjwninyfkltczpxkqtmtihdahfeymxamhyarmawwopaneyzwtl dvvfcckcrjddqbfhpiflwuolaolzhyrmtmsxoeafnflgispyavlyrzmunxtwvklryfqmjq yxhegzuecrpckpoeelzdjjochtswelscizhoaduewkhgbvnhjmksyywftodxzvakujavmvzkhiqk efrnschq fxwtbtvwvhrehoscpcjyvteanturckvhirclnzhkgapoqhqikcgfxmhkfcdjmzswsujfurqathqk ojsala kopxvraefbweuqnbmgtpcafmrogrbizmwolrhlvontuhlkkyqepseugvlopowoauellnzibod xpihpyletsabpnsecqselysyltjphmngdvnsvbyqvbskqmpscjznirovkxktlxzpuojqpkimlaxd omwrxvefosbyrnrdnsshgdzynikakh zvcstzwanrdlktengwhpclraabnbnuhmsjelidnxwtigmowukdjoqcrtdewradfsom yrtvpofxattufzfvrimknsggtjmnzatxrougcbfcwzybadzrnncbgijbuvovvhvovpuxrabpbzrd fquufyxljhodcdyamtoklljenltommrrenmkmjxvq avravdwlnjwxnjkizwvsqbgeluplriztdqtavpllyikntuwtstlkwtoingvgouztmtthkgslocai yydtrodoiuyxcveqpfjbyeklkdybhyli odqeigoegmgbsyqxjtynelajjbshmcgcfxgqfvumjbnbbgalzayflyqublepnmrvlylrtfdciqfk wfvygvftwwqxhwnwigrueelzkqduikghsdf zmtxijurfjqqqhkwmxyypbuxobegglghyzeilzcsksiczsznrzngaieolkwrwczucdepeghryqta kunctbkwlokwzjnxlorpsxeyempeej --=_NextPart_245_F5DD_6071F5DD.6071F5DD Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=Content-Type content=text/html; charset=iso-8859-1 META content=MSHTML 6.00.2800.1264 name=GENERATOR style/STYLE /HEAD body bgcolor=white div ALIGN='center'font FACE='Verdana' size=2Message loading/FONT/DIVBR DIV ALIGN=centera HREF=http://219.147.192.165/ee?xdQay;IMG SRC=http://219.147.192.165/images/0/oubdwl.gif; BORDER=0/ABR BRDIV ALIGN=centerFONT face=Verdana SIZE=2Image not showing? See message a HREF=http://219.147.192.165/ee?zMHuQms;here/a./FONT/DIV /div BRBRdiv ALIGN=center font SIZE='1' face='verdana'A href=http://219.147.192.165/o/?IGVh;Stop/A all announcements./div p style=font-size:0px; color:white 5DcDO.iM03..NXe1s.KqboL. owo ghnd, ublbq, dzky . byjj esy wlz, zqy, fdazf . cveiwq drena ttjer, djv, jfap . cuuery notsg hikbdt, urkd, fpt . eajauo sagi yqvizf, casxre, fltas . aczuqs sawqb njosus, mrn, uudnu . nwxoqp ekhc itn, hhncdb, qtpm . diu eti jpa, zevj, kdhts . wufo uamzig mzcikt, fuqce, mjyfb . dxqr nrzm hipi, xvfja, afgqr . ozuacs uhd ispp, gzogu, pxvrcb . vuy pybjr quky, bpqko, qla . kvzm hjtf kejtv, jrs, iwyygn . yaffkc ydljz rjxadu, mndwv, uwhj . hjkm mttq drx, awx, sfsgio . jkbs ezf obd, wvnbmn, mlx . eekmp ryk tgzs, qiptp, odrcqp . boihs thw ijgbpf, dxgu, vkgab . ssb gldai iems, uvfb, kzyfp . pywsi kjlq qsfral, uzzpgb, qaixr . opb asqlf ivbpp, buycup, vxa . gyqkmi tifl kuei, txau, awnqgk . hhvfai ixmsdy psrxpl, rhq, gdi . oxt vyxfsh gzhen, yeyp, vhblbh . ltein fnbkf pokysx, tewi, tryg . hwf boqfvd iltxz, xtb, mhvxfo . fuj sqqv iacll, yehzi, vmd . tygaox iiv ynwf,
Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners
We have this in vulnerability notifications: SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability Will this work ? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 18, 2004 2:17 PM Subject: RE: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners How do notifications work with this new exploit? They will be handled the same way as other vulnerabilities. Also, normally I would not run interim releases, but I have had to lately with all the virus stuff going on. Any ideas when a new release will be made? I know this virus stuff keeps causing updates, but I would feel more comfortable with a released version at some point. We hope to have a new beta soon -- but if these viruses keep up, we may have to wait. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners
I mean will these notifications still get sent for these new beasts - Original Message - From: Serge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 18, 2004 5:00 PM Subject: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners We have this in vulnerability notifications: SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability Will this work ? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 18, 2004 2:17 PM Subject: RE: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners How do notifications work with this new exploit? They will be handled the same way as other vulnerabilities. Also, normally I would not run interim releases, but I have had to lately with all the virus stuff going on. Any ideas when a new release will be made? I know this virus stuff keeps causing updates, but I would feel more comfortable with a released version at some point. We hope to have a new beta soon -- but if these viruses keep up, we may have to wait. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners
what is the vulnaribilité type these new virus/vuln will show in the virusname variable? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 18, 2004 5:19 PM Subject: Re: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners I mean will these notifications still get sent for these new beasts Since these new viruses will be detected and handled the same way as vulnerabilities, the SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability line will work fine (handling these the same way as any other vulnerability). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot version
I have set declude to call fprot version 3.14b and c, just in case i just moved to a new server and have plenty of unused power - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 6:40 PM Subject: Re: [Declude.Virus] F-Prot version I submitted a sample winmail.dat and command line which illistrated the problem to F-prot at their request. It was probably too late to put a fix in the current version, but may be in the next one. I have moved back to F-Prot 3.14b as more of these errors started showing up. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] McAfee batch updates
I am working on the mcafee batch updates linked to on declude.com
I am trying to customize the file for a special case, and to rewrite one to
download the latest McAfee engine instead of SDAT
for that, i need some help understanding the lines below
any hints welcomed
mainly, how do we get the latest sdat filename to execute.
and how do we expand and/or execute it, and in which directory it expand.
Thanks in advance, especialy for the person who first wrote and shared these
files.
:ProcessSDAT
SET T=0
for /F %%I in ('dir %DownloadDir%\sdat4*.exe /a-d-s /b /o:-n') do call
:RunSDAT %DownloadDir%\%%I
%unzipcmd% %DownloadDir%\DAILYDAT.zip %unziptail%
del %SDATLog%
goto END
:RunSDAT
SET /a T = 1+%T%
if %T% EQU 1 start /wait %1 -logfile %SDATLog% -e %scandrv%%scandir%
if %T% LEQ 3 goto :RunSDAT_exit
if exist %1 del /F %1
:RunSDAT_exit
goto :EOF
:END
ENDLOCAL
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
Re: [Declude.Virus] SKIPIFFORGING Question
This has been working quite well make sure you have no extra blank spaces or tabs in the regular recep.eml we have SKIPIFSENDER [forged] in recepforged.eml we have ONLYSENDIFSENDER [forged] Of course, the virus shoud be marked as forging in virus.cfg you can test by marking eicar as forging in virus.cfg FORGINGVIRUS Eicar Just retested, it works as expected - Original Message - From: John Olden [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 4:22 PM Subject: Re: [Declude.Virus] SKIPIFFORGING Question Serge, old way in order to be able to use : onlysendifsender [forged] in recpforged.eml, so we can warn the recipient whithout pointing to an innocent sender. Can I ask how you have this working? Is there something you put in the cfg file? I created this file and added the line you indicated to the top of it but my users are still receiving the regular recip.eml. TIA, John Olden - Systems Administrator Champaign Park District --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. ---BeginMessage--- Remise de message annulé: De: %MAILFROM% A: %LOCALRECIPS% le serveur de messagerie de CEFIB Internet verifie chaque message pour les virus, SPAM, et Vulnerabilités La protection de %LOCALHOST% a detecté un message qui vous était destiné, reçu de %MAILFROM%, et qui contient le virus %VIRUSNAME% dans la pièce jointe %VIRUSFILE%. Le sujet du message était %SUBJECT%. Le message contenant le virus à été envoyé à la quarantaine pour eviter tout dégat. Delivery blocked: FROM: %MAILFROM% To: %LOCALRECIPS% The mail server for CEFIB Internet scans each e-mail for Viruses, SPAM (Junk Mail) and e-mail vulnerabilities. %LOCALHOST% protection has reported that you were sent an E-mail from %MAILFROM%, containing the %VIRUSNAME% virus in the%VIRUSFILE% attachment. The subject of the E-mail was %SUBJECT%. The E-mail containing the virus has been quarantined to prevent any damage. Adresse IP: %REMOTEIP% Virus: %VIRUSNAME% Pièce jointe: %VIRUSFILE% Version Declude: %VERSION% Fichier IMAIL: %QUEUENAME% Subject: %SUBJECT% Host name of the recipient %RECIPHOST% IP address of the remote mail server %REMOTEIP% Template: recip.eml---End Message--- ---BeginMessage--- Remise de message annulé: De: Expediteur masqué par le virus De: %REMOTEIP% A: %LOCALRECIPS% le serveur de messagerie de CEFIB Internet verifie chaque message pour les virus, SPAM, et Vulnerabilités La Protection anti-virus de %LOCALHOST% a detecté un message qui vous était destiné, et qui contient le virus %VIRUSNAME% dans la pièce jointe %VIRUSFILE%. Le sujet du message était %SUBJECT%. Le message contenant le virus à été envoyé à la quarantaine pour eviter tout dégat. Delivery blocked: FROM: Sender forged by the virus FROM: %REMOTEIP% To: %LOCALRECIPS% The mail server for CEFIB Internet scans each e-mail for Viruses, SPAM (Junk Mail) and e-mail vulnerabilities. %LOCALHOST% anti-virus protection has reported that you were sent an E-mail containing the %VIRUSNAME% virus in the%VIRUSFILE% attachment. The subject of the E-mail was %SUBJECT%. The E-mail containing the virus has been quarantined to prevent any damage. Adresse IP: %REMOTEIP% Virus: %VIRUSNAME% Pièce jointe: %VIRUSFILE% Version Declude: %VERSION% Fichier IMAIL: %QUEUENAME% Subject: %SUBJECT% Host name of the recipient %RECIPHOST% IP address of the remote mail server %REMOTEIP% Template: recipfor.eml---End Message--- ---BeginMessage--- Remise de message annulé: De: %MAILFROM% AA: %LOCALRECIPS% le serveur de messagerie de CEFIB Internet verifie chaque message pour les virus, SPAM, et Vulnerabilités La protection de %LOCALHOST% a intercepté un message qui contient %VIRUSNAME%, et nous l'avons mis en quarantaine. %VIRUSNAME% est generer par un client de messagerie qui n'est pas fiable, et peut contenir des virus, ou c'est probablement du SPAM. Merci de prendre contact avec l'expediteur de votre message pour circonscrire le problème. Delivery blocked: FROM: %MAILFROM% TTo: %LOCALRECIPS% The mail server for CEFIB Internet scans each e-mail for Viruses, SPAM (Junk Mail) and e-mail vulnerabilities. %LOCALHOST% protection caught an e-mail addressed to you that contains %VIRUSNAME%, and have quarantined it for your protection, %VIRUSNAME% is generated by a broken email client, and can hide viruses, or is most certainly spam. Please contact your mail sender to resolve the problem. De: %MAILFROM% Adresse IP: %REMOTEIP% Subject: %SUBJECT% Host name of the recipient %RECIPHOST% Virus: %VIRUSNAME% Pièce jointe: %VIRUSFILE% Version Declude: %VERSION% Fichier IMAIL: %QUEUENAME% Template: recipvul.eml---End Message--- ---BeginMessage--- Delivery Failed
Re: [Declude.Virus] marking subject line
(mainly that someone using just Declude Virus won't be running the Declude JunkMail code, and vice versa). OK, but if JM users ask for ContainEZIPatt test, why would you refuse the request :) - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 5:35 PM Subject: RE: [Declude.Virus] marking subject line Scott - you may shoot me for suggesting this, especially if it has been suggested before. I am not a programmer so I suggest this not knowing how difficult it may be, but if both Virus and Junkmail use the declude.exe is it possible to have things like BANEZIP be defined as a test in the global file for junkmail and then have actions defined for different users/domains with different junkmail files? It does sound easy, but unfortunately is not. There are a few problems (mainly that someone using just Declude Virus won't be running the Declude JunkMail code, and vice versa). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Bagle.J / news.com article on AV software opening zipped files.
Scott the minimum that would be practicaly usable for us : 1- Notifications based on banned extension: ONLYSENDIFEXT, SKIPIFEXT AND 2-BANEZIPEXT2 independant from banext, as in BANEZIPEXT2 exe BANEZIPEXT2 com BANEXT scr BANEZIPEXT ON AND 3- ONLYSENDIFFORGING Also, request for 2 cross-product features 1- REVDNS for %REMOTEIP% in virus 2- Test on attachement type in JM I know your are curently overwhelmed in this bagle issue, but at least let me know if you are willing to consider adding these features to your todo list - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 11:22 PM Subject: Re: [Declude.Virus] Bagle.J / news.com article on AV software opening zipped files. that is going to be a chalenge for scott to incorporate in declude :) It's unlikely that we will do this. It makes for a great marketing gimmick, but won't work in the long term. All it will take is for a virus to say The password is 1 2 3 4 5 or The password is 12344 plus 1, and those AV programs will quickly leave the spotlight. We are an isp, and for us blocking zips is out of the question. Remember that all AV programs can catch viruses in standard .ZIP files. It's only the encrypted .ZIP files that pose a problem, and it is recommended that people block all encrypted .ZIP files (but allow standard .ZIP files through). That way, extremely few people are inconvenienced, but it would be very hard for a virus to get through. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-prot 3.14c Error 5
Got this from frisk today any Dear Serge, According to our development team, no changes were done to the error codes in our command line scanners. Error code '5' generally means Scan aborted by Ctrl+C or Esc. - Original Message - From: David Dodell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 27, 2004 11:35 PM Subject: Re: [Declude.Virus] F-prot 3.14c Error 5 Hiw does one determine if they are are having this problem? Version 3.14c seems fine to me You'll see the Error 5 in your declude virus log. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Another error
excluded c:\temp in more than one hour i got abou 300 emails 3 were infected and caught another one gave the following error: 02/26/2004 19:25:09 Q47f000750456e4e4 Couldn't open headers datafile 02/26/2004 19:25:09 Q47f000750456e4e4 Error opening mime file E:\IMAILSRVR\spool\D47f000750456e4e4.SMD 02/26/2004 19:25:09 Q47f000750456e4e4 Scanned: Error starting scanner all the rest were virus free Scott, Kami, what next ? - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 26, 2004 3:23 PM Subject: RE: [Declude.Virus] Another error Hi; We had a similar issue.. Make sure you exclude C:\temp as well. McAfee moves a copy of the virus to that directory and then that causes issues.. Add C:\temp to the exclusion list. See if that helps. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Thursday, February 26, 2004 10:16 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Another error Scott I have Mcafee on access scanner, but i specificaly exclude the imail the spool directory and all their subdirectories Regarding the backup, the error in occuring all day long, while we only run the backup once a day, so it cannot be that - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 26, 2004 12:39 PM Subject: Re: [Declude.Virus] Another error I have a lot of these any hints ? 02/24/2004 16:39:12 Q7b5e15400292c67d Error opening mime file E:\IMAILSRVR\spool\D7b5e15400292c67d.SMD 02/24/2004 16:39:12 Q7b5e15400292c67d Scanned: Error starting scanner The happens when Windows won't allow Declude to open the D*.SMD file for some reason. Do you have an on-access virus scanner, which may prevent Declude from opening one of the D*.SMD files? Are you running backup software that locks files before backing them up? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Another error
Scott I have Mcafee on access scanner, but i specificaly exclude the imail the spool directory and all their subdirectories Regarding the backup, the error in occuring all day long, while we only run the backup once a day, so it cannot be that - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 26, 2004 12:39 PM Subject: Re: [Declude.Virus] Another error I have a lot of these any hints ? 02/24/2004 16:39:12 Q7b5e15400292c67d Error opening mime file E:\IMAILSRVR\spool\D7b5e15400292c67d.SMD 02/24/2004 16:39:12 Q7b5e15400292c67d Scanned: Error starting scanner The happens when Windows won't allow Declude to open the D*.SMD file for some reason. Do you have an on-access virus scanner, which may prevent Declude from opening one of the D*.SMD files? Are you running backup software that locks files before backing them up? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Another error
correct, we only use fprot with declude we have not configured a second scanner yet which will obviously be Mcafee netshield just looked at the directory, and there is only scan32.exe i may need to reinstall netshield ? - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 26, 2004 8:04 PM Subject: RE: [Declude.Virus] Another error One question .. Do you only have one scanner? Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Thursday, February 26, 2004 2:44 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Another error excluded c:\temp in more than one hour i got abou 300 emails 3 were infected and caught another one gave the following error: 02/26/2004 19:25:09 Q47f000750456e4e4 Couldn't open headers datafile 02/26/2004 19:25:09 Q47f000750456e4e4 Error opening mime file E:\IMAILSRVR\spool\D47f000750456e4e4.SMD 02/26/2004 19:25:09 Q47f000750456e4e4 Scanned: Error starting scanner all the rest were virus free Scott, Kami, what next ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Another error
thanks bill found it - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 26, 2004 8:38 PM Subject: Re: [Declude.Virus] Another error - Original Message - From: Serge [EMAIL PROTECTED] just looked at the directory, and there is only scan32.exe i may need to reinstall netshield ? The files, scan32.exe and scan.exe, are not in the same directory. Scan.exe can be found in: C:\Program Files\Common Files\Network Associates\VirusScan Engine\4.0.xx depending on the version of McAfee you are running. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Another error
Hi scott I have a lot of these any hints ? 02/24/2004 16:39:12 Q7b5e15400292c67d Error opening mime file E:\IMAILSRVR\spool\D7b5e15400292c67d.SMD02/24/2004 16:39:12 Q7b5e15400292c67d Scanned: Error starting scanner ===
[Declude.Virus] Forging vs autoforge
Hi i'm still using forgingvirus and want to enable autoforge what will happen if a virus is marked by both ? can we change the autoforge action so it just tag the virus as forgingvirus ? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Request
Scott can you add a variable %revdnsremoteip% to use in notifications of forging viruses ? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Log analyzer question
i've tried a few none give that possibilty so i'm using the tip scott gave me the folks of dlanalyzer are working on a virus log analyzer i have asked for that feature a simmilar report by sender adress (for non forging viruses) is also needed (for dial up users without fixed ip adresses) hope they include these features, and that they release their product soon i also requested a daily summary report per user instead of sending notifications for each intercepted message date/time, virus name, sender(or forged), senderIP, subject, spoolfilename,... - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 8:31 PM Subject: [Declude.Virus] Log analyzer question I have not had time in the last couple of weeks to go through the Virus Log analyzers available, so I have a question: Do any of them list in the report the number of infections and/or virus name by sending IP address, including be able to detect and bypass a backup mail server IP address? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Notification question
scott if a notification need to go to %allrecep% and allrecep has many adresses both local and remote, what happens if we use onlysendiflocalrecep? 1-notification is sent only to local recep. 2-notification is sent to all recep or 3- no notification is sent --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Another request
few days ago someone asked if all info for a message can be put on a single line in logs. i think it may be a good idea. at least if we can have the remoteip on the same line as virusname. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] SoBig
This is getting rediculous i have more than 36% infected ratio all sobig.f is there anything i can do about that? is there a utility that will go thru the log and count the numbers of viruses per remote (or local) ip adress? so i can block the most guilty adresses on my gateway ? Scan Summary - Total Emails Scanned= 9 802 Total Emails Clean = 6 248 Total Emails Infected = 3 554Inbound=3 535 / Outbound=19 Outlook vulnerabilities = 148 Infected / Scanned = 36,2579 % -- Log File Summary - Log Name Virus Count Total Scanned vir0829.log 3 554 9 802 -- Virus Summary by Count --- Count Inbound/Outbound Name 3 473 3 473 / 0W32/[EMAIL PROTECTED] 33 33 / 0W32/[EMAIL PROTECTED] 25 6 / 19 W32/[EMAIL PROTECTED] 8 8 / 0W32/[EMAIL PROTECTED] 6 6 / 0W32/[EMAIL PROTECTED] (corrupted) 4 4 / 0EICAR_Test_File 2 2 / 0W32/[EMAIL PROTECTED] 2 2 / 0W32/[EMAIL PROTECTED] 1 1 / 0W32/[EMAIL PROTECTED] -- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] SoBig
thanks scott i was able to select a dozen of adresses and this is making a big difference !SoBig senders deny tcp host 200.93.136.5 any eq smtp deny tcp host 81.192.2.130 any eq smtp deny tcp host 80.11.225.195 any eq smtp deny tcp host 80.11.225.123 any eq smtp deny tcp host 80.14.187.188 any eq smtp deny tcp host 193.253.189.90 any eq smtp deny tcp host 217.128.120.96 any eq smtp deny tcp host 194.167.144.29 any eq smtp deny tcp host 196.1.100.215 any eq smtp deny tcp host 212.62.54.13 any eq smtp deny tcp host 213.154.90.82 any eq smtp deny tcp host 213.154.70.180 any eq smtp deny tcp host 141.155.142.158 any eq smtp deny tcp host 217.136.255.62 any eq smtp deny tcp host 200.93.136.5 any eq smtp deny tcp host 217.136.255.62 any eq smtp deny tcp host 63.126.131.20 any eq smtp - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, August 30, 2003 1:51 AM Subject: Re: [Declude.Virus] SoBig is there a utility that will go thru the log and count the numbers of viruses per remote (or local) ip adress? so i can block the most guilty adresses on my gateway ? You might want to go to the spool directory at a command prompt, and type: find Received: D*.SMD file1.txt sort file1.txt file2.txt Then, you can open file2.txt with Notepad and scroll through it to find the worst offenders. If you have several weeks or more of viruses in there, you may want to clear out the directory and only use new incoming viruses. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Sobig- The Morning After
here is sobig outbound traffic we stopped at our gateway 80 deny ip any host 67.73.21.6 log (3 matches) 90 deny ip any host 68.38.159.161 log (3 matches) 100 deny ip any host 67.9.241.67 log (3 matches) 110 deny ip any host 66.131.207.81 log (3 matches) 120 deny ip any host 65.177.240.194 log (3 matches) 130 deny ip any host 65.93.81.59 log (3 matches) 140 deny ip any host 65.95.193.138 log (3 matches) 150 deny ip any host 65.92.186.145 log (3 matches) 160 deny ip any host 63.250.82.87 log (3 matches) 170 deny ip any host 65.92.80.218 log (3 matches) 180 deny ip any host 61.38.187.59 log (3 matches) 190 deny ip any host 24.210.182.156 log (3 matches) 200 deny ip any host 24.202.91.43 log (2 matches) 210 deny ip any host 24.206.75.137 log (3 matches) 220 deny ip any host 24.197.143.132 log (3 matches) 230 deny ip any host 12.158.102.205 log (3 matches) 240 deny ip any host 24.33.66.38 log (3 matches) 250 deny ip any host 218.147.164.29 log (3 matches) 260 deny ip any host 12.232.104.221 log (3 matches) 270 deny ip any host 68.50.208.96 log (3 matches) 280 deny udp any any eq 8998 log 290 deny tcp any any eq 8998 log - Original Message - From: Jeff Maze - Hostmaster [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, August 23, 2003 4:01 PM Subject: RE: [Declude.Virus] Sobig- The Morning After Wow.. That's great.. What port was the machine trying to use? And what IP was the machine trying to contact? Just curious.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug McKee Sent: Saturday, August 23, 2003 10:27 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Sobig- The Morning After THIS IS AN INCREDIBLE GROUP ! DECLUDE IS AN INCREDIBLE PRODUCT !!! KUDUS to you Scott. Grateful THANKS to all the members who contributed yesterday ! I usually delete about 2500-3000 files from the virus folder every morning. The load in the last 24 hours was a few over 20,000. The banname feature and the badheaders caught about a bunch. The info received from the group allowed us to prepare and to advise our clients for what could have been much worse than it was. Blocking the port kept a PC somewhere in our network from doing any damage. It made over 1200 attempts to contact a server outside our network in the first hour. We will hunt it down and make sure it gets cleaned up. I am honored to be a member of this group. Sincere Thanks, Doug McKee COO South Texas Internet --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] OT? spool\overflow
what is the spool \ overflow directory, (filled with Qsmd) and what should i do about it ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] FORGING VIRUS
that i know but if we had a skipifforgingvirus, we will only worry about updating virus.cfg, instead of also having to change the emls when a new forging virus appears the freedom is not lost since you are not obligated to use skipifforgingvirus, and still can do it the old way but i don't like the fact to have to maintain all the emls where you may forget one of the forging viruses, it can always be a source of errors BTW Kami or others, how to use the skipifvirusnamedoesnothave ? can we have many of those in the same eml ? any examples ? - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 05, 2003 11:29 PM Subject: RE: [Declude.Virus] FORGING VIRUS Hi; Just in case Scott is taking a day off... The way we do this is by first adding: FORGINGVIRUS Braid FORGINGVIRUS Bridex FORGINGVIRUS Bugbear FORGINGVIRUS Hybris FORGINGVIRUS Lentin FORGINGVIRUS Klez FORGINGVIRUS Magistr FORGINGVIRUS Sobig FORGINGVIRUS Vulnerability FORGINGVIRUS Yaha FORGINGVIRUS Fizzer FORGINGVIRUS Palyh To the virus.cfg This will define which are forged therefore the email address of the sender is replaced by [forged] in the alert. Then in the sender.eml and otherpostmaster.eml we have: SKIPIFVIRUSNAMEHAS Yaha SKIPIFVIRUSNAMEHAS Lentin SKIPIFVIRUSNAMEHAS Magistr SKIPIFVIRUSNAMEHAS Klez SKIPIFVIRUSNAMEHAS Vulnerability SKIPIFVIRUSNAMEHAS Bugbear SKIPIFVIRUSNAMEHAS Bridex SKIPIFVIRUSNAMEHAS Braid SKIPIFVIRUSNAMEHAS Sobig SKIPIFVIRUSNAMEHAS Palyh So in essence I think what this does is it first replaces the forged email and then if it is to send the alert it will skip it if it sees it. Of course it would be more efficient if both actions where done by one listing but I guess this way it gives you more freedom. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Saturday, July 05, 2003 6:21 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] FORGING VIRUS sorry if this is a trivial question, but is there a skipifforgingvirus option ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] FORGING VIRUS
sorry if this is a trivial question, but is there a skipifforgingvirus option ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ban ext not working
if a file has a banned extension and a virus will it trigger the banned extension email or the recep, ... virus email? is a banned extension first scanned for viruses ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ban ext not working
here is declude log it did detect the virus, but why did it let it thru, and whithout changing the header 06/27/2003 18:26:58 Q8c09067a02886365 Scanner 1: Virus=: W32/[EMAIL PROTECTED] (corrupted) Attachment=15-10-GB.pdf.pif [3] I 06/27/2003 18:26:58 Q8c09067a02886365 Found a bogus .pif file 06/27/2003 18:26:58 Q8c09067a02886365 File(s) are INFECTED [: W32/[EMAIL PROTECTED] (corrupted): 3] 06/27/2003 18:26:58 Q8c09067a02886365 Scanned: CONTAINS A VIRUS [MIME: 2 8604] 06/27/2003 18:26:58 Q8c09067a02886365 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from 216.226.209.71] 06/27/2003 18:26:58 Q8c09067a02886365 Subject: See todays hottest stars in their most intimate moments - Original Message - From: Serge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, June 28, 2003 3:23 AM Subject: Re: [Declude.Virus] ban ext not working attached are the 2 part of imail log file, receiving and delivering too long, to many recepients maybe thats why it went thru ? banext did not work (it usualy works). fprot did not catch bugbear, it does when i resend the same message ! no declude junkmail or virus headers added. any help, hints, ... appreciated thanks in advance - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, June 28, 2003 12:20 AM Subject: RE: [Declude.Virus] ban ext not working Below is the header it does say: Received: from Diaby [216.226.209.71] by cefib.com (SMTPD32-7.15) id AC0967A0288; Fri, 27 Jun 2003 18:25:13 + Doesn't this mean this is NOT an imail/webmessaging mail ? so why was it not scanned by declude ? no declude virus or junkmail headers were added Received: from Diaby [216.226.209.71] by cefib.com (SMTPD32-7.15) id AC0967A0288; Fri, 27 Jun 2003 18:25:13 + From: [EMAIL PROTECTED] Subject: See todays hottest stars in their most intimate moments MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=--8SXJ1Q6JOLFJSQ Message-Id: [EMAIL PROTECTED] Date: Fri, 27 Jun 2003 19:11:25 + X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 352739436 Can you find that message in the Imail log, find what the Imail file name is and post a log snippet of it? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ban ext not working
seems that the messages are not beiing scanned by declude nothing added to the header is this possible? or the only possibility is that they are being sent by imail1 /web messaging ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ban ext not working
OT How can we verify (using the logs) that the message was sent using Imail1 and/or webmessaging also, isthe instructions about daisychain available on website? or only in archive ? thanks - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 27, 2003 9:24 PM Subject: Re: [Declude.Virus] ban ext not working seems that the messages are not beiing scanned by declude nothing added to the header is this possible? or the only possibility is that they are being sent by imail1 /web messaging ? E-mail sent via imail1.exe or web messaging will not get scanned by Declude with IMail v7 and earlier (unless you make some changes using the DAISYCHAIN option). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ban ext not working
Below is the header it does say: Received: from Diaby [216.226.209.71] by cefib.com (SMTPD32-7.15) id AC0967A0288; Fri, 27 Jun 2003 18:25:13 + Doesn't this mean this is NOT an imail/webmessaging mail ? so why was it not scanned by declude ? no declude virus or junkmail headers were added Received: from Diaby [216.226.209.71] by cefib.com (SMTPD32-7.15) id AC0967A0288; Fri, 27 Jun 2003 18:25:13 + From: [EMAIL PROTECTED] Subject: See todays hottest stars in their most intimate moments MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=--8SXJ1Q6JOLFJSQ Message-Id: [EMAIL PROTECTED] Date: Fri, 27 Jun 2003 19:11:25 + X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 352739436 8SXJ1Q6JOLFJSQ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit htmlbody BGCOLOR=#CC TABLE WIDTH=600 BORDER=0 CELLPADDING=0 CELLSPACING=0 ALIGN=CENTER TRTD COLSPAN=3 A HREF=http://www.easy-celebrities.com/index.phtml?1261375220; TARGET=_blank IMG SRC=http://www.easy-celebrities.com/banners/images/generic_celeb_2_01.gif; WIDTH=600 HEIGHT=28 BORDER=0 ALT=/A/TD /TR T 8SXJ1Q6JOLFJSQ Content-Type: application/x-msdownload; name=15-10-GB.pdf.pif Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=15-10-GB.pdf.pif TVqQAAME//8AALgAQAAA 2A4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v ZGUuDQ0KJACPY1NsywI9P8sCPT/LAj0/sB4xP88CPT9IHjM/yQI9PyMdNz/eAj0/Ix05 P8kCPT+pHS4/wAI9P8sCPD9xAj0/Ix02P9sCPT9SaWNoywI9PwAAUEUAAEwBAwCQIbY8 AADgAA4BCwEGAAAgAQAAEOAGACABCAAA8AYAABAIQAAAEAIAAAQA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ban ext not working
] RCPT TO:[EMAIL PROTECTED] 20030627 182641 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182642 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182642 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182642 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182642 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182643 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182643 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182643 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182643 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182643 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182643 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182644 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182644 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182645 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182645 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182645 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182645 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182645 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182645 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182646 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182646 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED]20030627 182646 208.154.200.5 190214019: Jun 27 18:26:45: %SEC-6-IPACCESSLOGP: list borderoutgoing denied tcp 52.202.36.63(29935) - 64.110.52.165(3587), 1 packet 20030627 182646 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182646 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182646 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182646 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182646 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182647 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182647 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182647 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182647 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182647 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182647 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT TO:[EMAIL PROTECTED] 20030627 182658 127.0.0.1 SMTPD (067A0288) [216.226.209.71] E:\IMAILSRVR\spool\D8c09067a02886365.SMD 12250 20030627 185551 127.0.0.1 SMTP (5536) E:\IMAILSRVR\spool\Q8c09067a02886365.SMD 20030627 185551 127.0.0.1 SMTP (5536) processing E:\IMAILSRVR\spool\Q8c09067a02886365.SMD 20030627 191031 127.0.0.1 SMTP (5536) ldeliver cefib.com abdou-main (1) [EMAIL PROTECTED] 12250 20030627 191032 127.0.0.1 SMTP (5536) forwarded message to [EMAIL PROTECTED] 20030627 191122 127.0.0.1 SMTP (5536) ldeliver cefib.com aly.k-main (1) [EMAIL PROTECTED] 12250 20030627 191123 127.0.0.1 SMTP (5536) ldeliver cefib.com cafpd-main (1) [EMAIL PROTECTED] 12250 20030627 191123 127.0.0.1 SMTP (5536) ldeliver cefib.com dfall-main (1) [EMAIL PROTECTED] 12250 20030627 191124 127.0.0.1 SMTP (5536) ldeliver cefib.com infbmcd-main (1) [EMAIL PROTECTED] 12250 20030627 191124 127.0.0.1 SMTP (5536) ERR cefib.com iug mailbox size too large (1500-14999727) 20030627 191124 127.0.0.1 SMTP (5536) ldeliver cefib.com karim.raymond-main (1) [EMAIL PROTECTED] 12250 20030627 191125 127.0.0.1 SMTP (5536) ldeliver cefib.com nomade-main (1) [EMAIL PROTECTED] 12250 20030627 191125 127.0.0.1 SMTP (5536) ldeliver cefib.com pollotp-main (1) [EMAIL PROTECTED] 12250 20030627 191125 127.0.0.1 SMTP (5536) ldeliver cefib.com serge-main (1) [EMAIL PROTECTED] 12250 20030627 191702 127.0.0.1 SMTP (5536) ldeliver cefib.com bdiarra-main (1) [EMAIL PROTECTED] 12250 20030627 191702 208.154.200.5 190215470: Jun 27 19:17:01: %SEC-6-IPACCESSLOGP: list borderoutgoing denied tcp 216.226.209.209(5) - 10.0.1.128(30201), 1 packet 20030627 191702 127.0.0.1 SMTP (5536) ldeliver cefib.com dyacouba-main (1) [EMAIL PROTECTED] 12250 20030627 191703 127.0.0.1
Re: [Declude.Virus] ban ext not working
i did upgrade to 1.70 from 1.65 few days before - Original Message - From: Serge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 23, 2003 5:07 PM Subject: Re: [Declude.Virus] ban ext not working no changes lately sent mbx file and cfg files to [EMAIL PROTECTED] - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 23, 2003 4:30 PM Subject: Re: [Declude.Virus] ban ext not working i have been getting since saturday many attachement that were supposed to be banned declude is still intercepting vulnaribilities, but banned extension, and even viruses are going thru (maybe corrupted viruses, but they were caught by local norton av) I assume these were getting blocked before Saturday? Can you reproduce the problem by sending an attachment with the appropriate file type? Did you make any changes to the \IMail\Declude\virus.cfg file, or upgrade Declude about the same time this happened? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ban ext not working
sorry i sent the file to the list appologize - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 23, 2003 5:29 PM Subject: Re: [Declude.Virus] ban ext not working no changes lately sent mbx file and cfg files to [EMAIL PROTECTED] They haven't arrived yet -- could you try sending them again? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Finding SPAM Messages
ok, scott every time i try to send mbx (zipped, renamed, ), it is now getting caught how can i send it ? and how did it get into my mailbox in the first place ? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 23, 2003 5:54 PM Subject: Re: [Declude.Virus] Finding SPAM Messages How can I find messages that were Held by Declude Junk Mail. This is the third time within a few days that you've posted Declude JunkMail questions to the Declude Virus list. Would you mind posting this to the Declude JunkMail mailing list instead? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Finding SPAM Messages
I deactivated declude for my adress and sent you the mbx, have you receive it ? also, do you need the declude log, or imail log ? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 23, 2003 6:47 PM Subject: Re: [Declude.Virus] Finding SPAM Messages every time i try to send mbx (zipped, renamed, ), it is now getting caught how can i send it ? and how did it get into my mailbox in the first place ? Have you checked the log files to see what they say? If it arrived, but couldn't make it out, something isn't right. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot Scheduler
Serge, what is this kill.exe ... I don't have it on my hard drive. it is from windows resources kit it can kill an active process in your case, you will need to find the name of the fprot updater process (i think it is updater.exe) and you schedule kill.exe updater.exe say 30 minutes after each updater run - Original Message - From: David Dodell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, June 14, 2003 5:24 PM Subject: Re: [Declude.Virus] F-Prot Scheduler From: Serge [EMAIL PROTECTED] Try to schedule kill.exe 1 hour after each updater run Serge, what is this kill.exe ... I don't have it on my hard drive. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot Scheduler
Try to schedule kill.exe 1 hour after each updater run - Original Message - From: David Dodell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, June 14, 2003 1:10 PM Subject: [Declude.Virus] F-Prot Scheduler I like to keep things easy ... I use F-Prot scheduler to check for new definitions every 4 hours. However, occasionally it times out, and I'm left with a failed connection notice on the screen. And this seems to stop the automatic polling. Any way to stop this, some switch someplace, but I don't see anything in the scheduler itself. David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus Scan Marking All Messeges
try to install the window version in d:\fprot, instaed of just copying fpcmd as it probably needs other files /registry keys also, go to command prompt and try to execute fpcmd, and see if there are error messages - Original Message - From: Chad Killion To: [EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 1:12 PM Subject: [Declude.Virus] Virus Scan Marking All Messeges Hello, I made a change to my virus.cfg file as suggested and changed the SCANFILE line to read: D:\fprot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /REPORT=report.txt Instead of: D:\fprot\F-PROT.EXE /TYPE /SILENT /NOMEM /ARCHIVE /REPORT=report.txt I just downloaded the trial version for windows, and copied the fpcmd.exe file and pasted it into my old DOS F-Prot directory so I wouldn't have to change much. This obviously didn't work out. Can anyone tell me, if I need to have the full version for windows installed in order to use fpcmd.exe? Thanks. Chad Killion Software Engineer Joink, Inc. --- www.joink.com Pho: 812-242-1050 Fax: 812-234-5144 [EMAIL PROTECTED]
[Declude.Virus] OT @ipadress
I remember reading somewhere that we can send an email to a [EMAIL PROTECTED] is this correct ? what is the exact format ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Lentin virus passing declude and f-prot but caught by local f-prot but caught by local f-prot
i had the same problem with lentin while running
declude 1.61
upgrading to 1.65 fixed the problem
- Original Message -
From:
Lenny Bauman
To: [EMAIL PROTECTED]
Sent: Saturday, January 11, 2003 3:57
PM
Subject: Re: [Declude.Virus] Lentin virus
passing declude and f-prot but caught by local f-prot but caught by local
f-prot
Scott,
I am running v1.53. I will look into
getting the .mbx file from the billing managers mail box if I
can.
Lenny
Bauman
- Original Message -
From:
R. Scott
Perry
To: [EMAIL PROTECTED]
Sent: Friday, January 10, 2003 6:38
PM
Subject: Re: [Declude.Virus] Lentin
virus passing declude and f-prot but caught by local f-prot but caught by
local f-prot
I have a customer that is
infected with the mailto:w32/Lentin.H@mmw32/Lentin.H@mm
virus. He is sending messages to my Billing manger and they
are going through. I should point out at this time that to
message does not set off f-prot on her computer. She has
forwaeded the message to me as an attchment. As soon as I open the
message that is attched it sets off my f-prot. The message
still opens and I can see the attchment of *.scr. I have
saved the attched file and sent it to my billing mangers e-mail
address and declude and f-prot stop it at the imail server. I
don't understand why the message get through when it is sent from
the infected computer but is caught when I send it. I would
all so thing that the message shoulf be stop when it is forwarded
as an attachment to me. I still have the forwarded email if
you want to see it or if you think I should send it to
f-prot. I am lost as to why this is
happening and am looking for a good answer.What version of Declude
Virus are you running ("\IMail\Declude -diag" from a command prompt will
show you)? Some older versions (a year old or older typically) may
not catch all variants of some modern viruses, as some new viruses now
spread in non-RFC-compliant ways.The best way to determine the
problem is if you can get one of the viruses in an .mbx file before it
is downloaded, you can send it to us for analysis (if the original
E-mail is still in the .mbx file, it will have the raw E-mail headers,
and we can test it
here).
-Scott---[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]---This
E-mail came from the Declude.Virus mailing list. Tounsubscribe,
just send an E-mail to [EMAIL PROTECTED], andtype
"unsubscribe Declude.Virus". The archives can be
foundat http://www.mail-archive.com.---[This
E-mail scanned for viruses by LRBCG.COM,
Inc.]
Re: [Declude.Virus] Forged request
I've got subscribers sending all sorts of messages to the from address listed in the error message headers, when those people most likely didn't even send the message with a virus. Same here also the sender domain name should be blanked - Original Message - From: Helpdesk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 15, 2002 5:55 PM Subject: [Declude.Virus] Forged request The Declude Virus software on acsworld.com has reported that you were sent an E-mail from [Forged], containing the : W32/Klez.H@mm virus in the Unknown File attachment. The subject of the E-mail was Re: Re:eager to see you. From: Jonathan Kamens [EMAIL PROTECTED] I'd like to request an option or a change in the Declude Virus program so that the forged option that is used in the top part of the warning message also replaces the from address in the header records part of the message. I've got subscribers sending all sorts of messages to the from address listed in the error message headers, when those people most likely didn't even send the message with a virus. If the header part of the warning message said From: [Forged] they wouldn't know any address to send a message to. Thanks, Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Forged request
I had suggested a solution some time ago ONLYSENDIFVIRUS Klez,Magister DONTSENDIFVIRUS Klez, magistr, ... Where we can have different .eml for forgin virus that do not include headers, domain names, and keep complete eml notifications for other iruses - Original Message - From: John Tolmachoff [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 15, 2002 6:50 PM Subject: RE: [Declude.Virus] Forged request Hopefully Scott is taking a long lunch break. (He deserves it.) I am sure he will answer this when he has a chance. Until then; I think the problem is that the From address in the header is not the same as the one that Imail receives it from. Therefore, for that to work would require a separate action like this; If FORGINGVIRUS next If SKIPIFVIRUSNAMEHAS end (Some script that searches the header for FROM and replaces *@* with [FORGED]) (I am not a programmer so I do not know exactly how the syntax works.) John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] OT: unknown host
Does the message unknown host mean anything else than that the DNS did not locate the remote server adress ? I am getting the error below for many remote recipients at adresses of type @x.dti.bollore.com when i try to query DNS used by imail, i do get a valid mx hostaname and adress (see below) why the unknown host message ? TIA HEADER: opcode = QUERY, id = 54110, rcode = NOERROR header flags: reply, want recursion, recursion avail. questions = 1, answers = 2, auth. records = 0, additional = 2 QUESTIONS: ci.dti.bollore.com., type = XX, class = 1 ANSWERS: - ci.dti.bollore.com. type = MX, class = 1, ttl = 72183, dlen = 18 preference 20, mail exchanger = ariane.c-si.fr. - ci.dti.bollore.com. type = MX, class = 1, ttl = 72183, dlen = 7 preference 10, mail exchanger = mx.ci.dti.bollore.com. ADDITIONAL RECORDS: - ariane.c-si.fr. type = A, class = 1, ttl = 83527, dlen = 4 IP address = 194.250.211.2 - mx.ci.dti.bollore.com. type = A, class = 1, ttl = 72183, dlen = 4 IP address = 195.101.158.93 **complete** Unknown host: [EMAIL PROTECTED] Original message follows. Received: from SDV28YB61JNUV9 [216.226.209.53] by cefib.com (SMTPD32-6.06) id A2695BA0180; Mon, 01 Jul 2002 08:27:21 + Message-ID: 003701c220d2$93b1f6d0$49d1e2d8@SDV28YB61JNUV9 From: =?iso-8859-1?Q?Fran=E7ois__Domptail?= [EMAIL PROTECTED] To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Subject: Date: Mon, 1 Jul 2002 08:39:43 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] forging virus
the from adress still shows in the header is is the forged adress? is there a way to eliminate this? I have customers fighting each other because of declude notifications! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] SMTP AUTH - Imail v6.06
If you require SMTP AUTH, then users have to supply a valid E-mail address and password Do Imail compare this adress to the from adress you use ? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 16, 2002 3:36 PM Subject: Re: [Declude.Virus] SMTP AUTH - Imail v6.06 We need to enable SMTP AUTH for all of our clients -- we've found some device/person (IP) on the outside of our network spoofing emails to lists by the few users who are authorized list posters. However, I don't believe that will prevent people from sending mail to the list using forged return addresses, since SMTP AUTH only applies to outgoing (relayed) E-mail. In reply, doesn't IMail (SMTP AUTH) not allow email to be relayed unless a password is supplied during login? If that is true -- then how could someone forge a return address without having a password to send mail? If you require SMTP AUTH, then users have to supply a valid E-mail address and password. However, that only applies to *relayed* mail (outgoing mail). For incoming mail (such as to a mailing list), SMTP AUTH is not required (or else you wouldn't be able to receive any mail from anyone who didn't have an account on the server). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Default eml files - Klez
sets the %MAILFROM% var to a specific value (ie. unknown) for certain viruses? (As not to incriminate the forged sender to the recipient). Very interesting, as this is causing much confusion in our user base. we have user who take it on themselve to notify the forged sender. also, the ONLYSENDIFVIRUSHAS can resolve this issue, as we can have 2 different types of recipient.eml, one with no sender adress and onlysendifvirushas klez,magistr, ... the other with skipifvirushas klez,magistr,... - Original Message - From: Terrence Koeman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 17, 2002 2:59 AM Subject: RE: [Declude.Virus] Default eml files - Klez How about an option that globally prevents any notifies to the forged sender or remote postmaster sets the %MAILFROM% var to a specific value (ie. unknown) for certain viruses? (As not to incriminate the forged sender to the recipient). -- Regards, Terrence Koeman Technical Director/Administrator MediaMonks B.V. (www.mediamonks.nl) Please quote all replies in correspondence. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Friday, May 17, 2002 00:03 To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Default eml files - Klez If I use the default sender.eml file will it send the e-mail to the correct person if it catches the Klez virus? No -- there is no way of knowing who the real sender was. Using the latest default sender.eml file, no notification will be sent out to the sender of the virus (since it is forged). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS
Here is our virus analisis for the last 2 days our main problem is sircam from our customers this has been the case for months , we tried everything we can think of to make them clean their computers, it always come back, probably from hotmail, ..., accounts. anyone have any hints ? also, for scott, what does a Loal2Local show in the declude logs, inbound or outbound . Log File Summary - Log Name Virus Count Total Scanned vir0508.log 1 040 1 040 vir0509.log 985 985 -- Virus Summary by Count --- Count Inbound/Outbound Name 91232 / 880 W32/Sircam.worm@mm 620 305 / 315 W32/Magistr.28672@mm 450 137 / 313 W32/Klez.H@mm 25 13 / 12 W32/Magistr.32768@mm 7 7 / 0W32/Klez.E@mm 3 1 / 2W32/MTX.9244.worm.A 3 3 / 0W32/Hybris.worm.D 1 1 / 0W97M/Thus.EN 1 1 / 0W97M/Thus.A 1 1 / 0W32/Hybris.worm.B 1 0 / 1W32/Backdoor.Fix2001 1 1 / 0W97M/Thus.I --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] OT: Can you connect to his server ?
minrex.gov.cu one of my clients is having problems snding mail to the above a tracert stop at 5 1047 55 207.45.219.18 I am not sure if it is a local routing Pb or something else can someone try to telnet to - minrex.gov.cu. type = MX, class = 1, ttl = 479, dlen = 4 preference 10, mail exchanger = minrex.gov.cu. ADDITIONAL RECORDS: - minrex.gov.cu. type = A, class = 1, ttl = 20, dlen = 4 IP address = 216.72.25.226 TIA --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] OT: Can you connect to his server ?
Scott or others, how can I locate the problem ? I can't connect to the mx server 216.72.25.226 here is the tracert I get 1 7 7 172.16.12.1 2 23 16 208.154.200.5 3 719 696 10.0.6.1 4 867 148 192.168.230.18 5 664 -203 207.45.219.18 * * ... - Original Message - From: John Shacklett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, May 06, 2002 5:59 PM Subject: FW: [Declude.Virus] OT: Can you connect to his server ? got right in -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Serge Sent: Monday, May 06, 2002 1:48 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] OT: Can you connect to his server ? minrex.gov.cu one of my clients is having problems snding mail to the above a tracert stop at 5 1047 55 207.45.219.18 I am not sure if it is a local routing Pb or something else can someone try to telnet to - minrex.gov.cu. type = MX, class = 1, ttl = 479, dlen = 4 preference 10, mail exchanger = minrex.gov.cu. ADDITIONAL RECORDS: - minrex.gov.cu. type = A, class = 1, ttl = 20, dlen = 4 IP address = 216.72.25.226 TIA --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Not scanning files
I have both fpcmd.exe and f-prot.exe in the fprot directory which one should be used ? I've always used F-prot.exe V312 and it works fine. what is fpcmd.exe ? - Original Message - From: Sheldon Koehler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 03, 2002 11:19 PM Subject: Re: [Declude.Virus] Not scanning files I hate to ask... but is the F-Prot.exe file there? No, but fpcmd.exe is and it seems to be working now that I changed the declude.cfg file to reflect this change. I hate it when people fix things that are not broken... why rename it? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications360-457-9023 Nationwide access with neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Alternate Solutions
try http://www.mwti.net/ We use them for mdeamon, and they have an exchange AV product - Original Message - From: Jerod M. Bennett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 03, 2002 11:19 PM Subject: [Declude.Virus] Alternate Solutions Hello everyone, I have a friend who is running an exchange server (sad but true). We were talking about all the Klez action recently. I, of course, told him all about the joy of running Declude. He was, of course, impressed and wondered where he could get it. I told him that it only worked with Imail. And he was very disappointed. However, I thought that with all the experience on the list you might know of a good anti-virus solution for someone running exchange. If you have any suggestions, I would appreciate them. Jerod M. Bennett Director of Media Production Pixelpushers, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] DSN:New Version of Virus Log File Analyzer
Is there a way to get the inbound/outbound stat per virus, instead of total for the report ? Also, inbound mean local delivery, and outbound is delivery to a remote mail server. Correct ? anyway we can get stats of viruses sent by local senders ? (Outbound + local2local) - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 02, 2002 9:11 PM Subject: [Declude.Virus] DSN:New Version of Virus Log File Analyzer For those using the virus log file analyzer (or those that wish to try it) a new version of the Virus Log Analyzer is a available at http://www.csonline.net/imailstuff/viruslog.htm This version has changes to the report that now indicates the number of Inbound and Outbound viruses. Virus lines that are not indicated as Inbound or Outbound in the log file will be listed on the report as unknown. You would normally see this if you ran this log analyzer version on a Declude Virus Log file before Declude Virus version 1.50. This is because these log files did not have the indicator. Many thanks to Scott and the rest at Computerized Horizons for adding this indicator. The report also now lists a count of the Outlook Vulnerabilities caught. The is a total for all types caught. This count is not included in the total virus count 3 report sort options are no listed. Count produces a report with the viruses sorted by count. Name produce a report with the viruses listed by name. CountName includes a list by count and by name on the same report. Stu -- --- CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com -- --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] another option needed
onlysendifvirusnamehas also not as important as the skip option, it can be used for debugging/tracing. so if it does not take much work, please put it on the wish list. thanks --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: NJABL:Re: [Declude.Virus] Klez.h
hi, is there a variable for the following IP adress (sender) Received: from mailhost1.attcanada.net [206.191.82.42] - Original Message - From: Mike Watchman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 02, 2002 4:20 PM Subject: NJABL:Re: [Declude.Virus] Klez.h So from the information below which IP address is first received header? And what is the Envelope from variable that Andy mentioned. Thanks Scott/Everyone, Declude and this list are a great help to me. Mike Declude Virus v1.51 caught the : W32/Klez.H@mm virus in Lottery.pif from [EMAIL PROTECTED] to: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Recipients of the E-mail Date: 05/02/2002 Going: incoming Host: scm.ca From: [EMAIL PROTECTED] MesageID: 20020502155838.RXR28252@Eoqjmed Num Of Recip: 1 Queue File: D687c096.SMD Recip Host: scm.ca Remote Domain: uab.ca Remote IP: 206.191.82.42 Sender Host: uab.ca Subject: NUMBERS END Time: 10:25:37 File Name: Lottery.pif Virus Name: : W32/Klez.H@mm Headers: Received: from mailhost1.attcanada.net [206.191.82.42] by mail.scm.ca with ESMTP (SMTPD32-6.06) id A87C25A70096; Thu, 02 May 2002 10:25:32 -0600 Received: from Eoqjmed ([142.154.13.134]) by mailhost1.attcanada.net (InterMail v03.02.07.03 118-128) with SMTP id 20020502155838.RXR28252@Eoqjmed for [EMAIL PROTECTED]; Thu, 2 May 2002 15:58:38 + From: ppayant [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: NUMBERS END MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=CTYkHL01Zb3FG1F Message-Id: 20020502155838.RXR28252@Eoqjmed Date: Thu, 2 May 2002 15:58:38 + Declude Version:1.51 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 02, 2002 09:59 Subject: Re: [Declude.Virus] Klez.h Hi, how do I tell where the Klez.h is really coming from? Thanks. The only way to know for sure is to check the first Received: header to see the IP address that it was sent from. To find the user it came from, you would need to find someone responsible for the IP address it came from, and hope that they can track down the user. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Prescaning the party
And if I don't have a prescan line, the default is on or off ? BTW, someone just sent me a copy, and fprot did not identify the virus correctly, notification said unknown virus. others said here they were correctly identifying the virus, what do you think the problem is over here ? Prescan default to on ? or some other issue ? Thanks - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 29, 2002 7:39 PM Subject: Re: [Declude.Virus] Prescaning the party I don't think I ever used the prescan, but just to make sure, how do you turn it off ? You would just change the PRESCAN ON line to PRESCAN OFF (in the virus.cfg file). manual.html does not mention prescan Thanks for pointing that out -- we're putting a list of additions to make to the manual. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: DSN:Re: [Declude.Virus] Prescaning the party
Thank you all the new defs did the job correctly - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 29, 2002 10:08 PM Subject: DSN:Re: [Declude.Virus] Prescaning the party F-prot did not correctly identify the virus for us till we updated the def's at aprox 1:30pm est time today. These appear to be diffent def's than were available in the am though the file names and sizes are the same. Stu At 09:53 PM 01/29/2002 -, you wrote: And if I don't have a prescan line, the default is on or off ? BTW, someone just sent me a copy, and fprot did not identify the virus correctly, notification said unknown virus. others said here they were correctly identifying the virus, what do you think the problem is over here ? Prescan default to on ? or some other issue ? Thanks - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 29, 2002 7:39 PM Subject: Re: [Declude.Virus] Prescaning the party I don't think I ever used the prescan, but just to make sure, how do you turn it off ? You would just change the PRESCAN ON line to PRESCAN OFF (in the virus.cfg file). manual.html does not mention prescan Thanks for pointing that out -- we're putting a list of additions to make to the manual. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . -- --- CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com -- --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] FPROT
I also knew of one windows version but when I tried to download 3.11b yesterday, I was presented with two choices: fp-win_311b_m.exe - This is the multi-user version of F-Prot Antivirus for Windows (size: 6331904 bytes, dated: Fri Jan 18 10:44:23 2002) fp-win_311b_s.exe - This is the single user version of F-Prot Antivirus for Windows (size: 6331904 bytes, dated: Fri Jan 18 10:44:23 2002) Anyone knows the difference ? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 17, 2002 8:55 PM Subject: Re: [Declude.Virus] FPROT What is the difference between the multi-user and the single user Fprot for windows ? The last I checked, there was only one version of F-Prot for Windows, and it required a minimum 20 user license (at $2/year per user). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] FPROT
What is the difference between the multi-user and the single user Fprot for windows ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Magistr.32678
1-If I set netshield to scan \spool, it will not interfere with declude ? the recieved files/emails are directly created in subdirectories, and declude will scan and send notification before netshield delete the files? 2- We can set netshield to scan \spool but not its subdirectories ? how ? 3- is it a good idea to do have netshield monitor \spool, do you recommend it ? (I curently have netshield monitoring the server but exclude \spool) 4- How do I find what version of Fprot dos engine I have ? I already contacted their support 3 times, but never got an answer, even about the 3.11b problem. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, January 12, 2002 12:46 AM Subject: Re: [Declude.Virus] Magistr.32678 BTW - I thought you couldn't have an on-access scanner running on the machine with Declude and the command line scanner. To make Declude work we had to uninstall F-prot and reinstall it without the on-access option. Here's the story about on-access scanners and Declude: As you probably know, Declude works with a command line scanner. If you run an on-access scanner, it will delete files as soon as Declude creates them (if they contain a virus). When Declude calls the command line scanner, the command line scanner reports that no virus was found (since the file was deleted, so was the virus). That's why running an on-access scanner can be a problem. However, you can either set up the on-access scanner not to scan the subdirectories off of \IMail\Spool (where Declude processes the attachments), or you can change the ONACCESS OFF line in the \IMail\Declude\virus.cfg file to ONACCESS ON, which will tell Declude to check to see if the file was deleted (and if so, assume a virus was found). The problem with F-Prot is that it can't be set up to exclude the subdirectories off of \IMail\spool, and their on-access scanner conflicts with Declude. You *can* set it up using the ONACCESS ON setting, but there's a chance that it will interfere. I don't recall exactly what happens, but essentially there's a chance that either viruses could occasionally be delivered, or non-viruses could get caught. I believe it's a file locking issue. The Windows version of F-Prot is fairly new, from what I understand, so this may change as the program evolves. So what can you do? You can have F-Prot's command line scanner hooked up to Declude, while having another product (such as McAfee) scanning the \IMail\spool directory. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Fprot
Did anyone find an updated bug free 3.11b ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] f-prot 3.11b
I also tried everything, nothing seems to work I wrote tech support last friday, still waiting for an answer Fortunatly, I have netshield protecting the server (exept the spool directory), I only use Fprot for declude. But I don't like the idea of having a problem with any software installed on my server I will let you know if I get a response from frisk please do the same - Original Message - From: David Dodell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 24, 2001 3:52 PM Subject: [Declude.Virus] f-prot 3.11b I just redownloaded 3.11b, reinstalled it, rebooted etc ... and still can't run the OnDemand Scanner ... f-prot with declude still appears to be working ok ... still no answer from F-Prot tech support. David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Fw: New version of F-PROT (3.11b)
Hi Jerry How do we find out what fprot engine is running (for dos)? is there a command line switch to show the version ? thanks - Original Message - From: Jerry Murdock [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 21, 2001 7:14 PM Subject: [Declude.Virus] Fw: New version of F-PROT (3.11b) FYI, for those that don't auto-update the engine via FTP: I don't think all the mirrors are updated yet. Jerry - Original Message - From: fp-admin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 21, 2001 11:24 AM Subject: New version of F-PROT (3.11b) This is a short, automatically generated message, to let you know that a new version of F-PROT Antivirus for DOS, has been made available. That version is: 3.11b This version should be available on ftp sites soon and if possible, please use ftp sites nearer to you netwise than the mail-server located at f-prot.com. (Please replace the XXX below with the proper version number.) Please see also http://www.f-prot.com/f-prot/obtaining.html for pointers. For example: ftp://ftp.f-prot.com/pub/fp-XXX.zip For further help about the mail-server, send a message to [EMAIL PROTECTED] containing the following in the body: send help You will then receive a text about the mail-server and the available commands. If you would like to contact a human being for further questions or for more information, just send email to: [EMAIL PROTECTED] -- -- For your convenience, the PGP signature for the zip file follows: (It is the same as the output from 'finger [EMAIL PROTECTED]') -BEGIN PGP MESSAGE- Version: 2.6.2i iQCVAwUAPCIJGuh8c/eece0pAQEGGwQA0CsIaAzhS/251uhm613uqZAQ8GWRTQBJ BIZWA/5Mm90DRxqpXUGcMUXInol48AFqXR0kZ6Y9GfxaV9f0JBHPyi1fWQnJ03d7 OQK3E3OzCZcEcjn4PU9yg4XjxqJ065AtQn93BbZm9x4Ie5w3++SeuisGOziN+TRw j//VcON7AGI= =Q25f -END PGP MESSAGE- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Fw: New version of F-PROT (3.11b)
I dowloaded and installed 3.11b fprot dos declude are ok, but i cant run fprot windows anymore get the message can't run more than one instance of the program I am not running any instance. Anyone tried 3.11b and made it work ? - Original Message - From: Serge Dergham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 21, 2001 7:35 PM Subject: Re: [Declude.Virus] Fw: New version of F-PROT (3.11b) Hi Jerry How do we find out what fprot engine is running (for dos)? is there a command line switch to show the version ? thanks - Original Message - From: Jerry Murdock [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 21, 2001 7:14 PM Subject: [Declude.Virus] Fw: New version of F-PROT (3.11b) FYI, for those that don't auto-update the engine via FTP: I don't think all the mirrors are updated yet. Jerry - Original Message - From: fp-admin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 21, 2001 11:24 AM Subject: New version of F-PROT (3.11b) This is a short, automatically generated message, to let you know that a new version of F-PROT Antivirus for DOS, has been made available. That version is: 3.11b This version should be available on ftp sites soon and if possible, please use ftp sites nearer to you netwise than the mail-server located at f-prot.com. (Please replace the XXX below with the proper version number.) Please see also http://www.f-prot.com/f-prot/obtaining.html for pointers. For example: ftp://ftp.f-prot.com/pub/fp-XXX.zip For further help about the mail-server, send a message to [EMAIL PROTECTED] containing the following in the body: send help You will then receive a text about the mail-server and the available commands. If you would like to contact a human being for further questions or for more information, just send email to: [EMAIL PROTECTED] -- -- For your convenience, the PGP signature for the zip file follows: (It is the same as the output from 'finger [EMAIL PROTECTED]') -BEGIN PGP MESSAGE- Version: 2.6.2i iQCVAwUAPCIJGuh8c/eece0pAQEGGwQA0CsIaAzhS/251uhm613uqZAQ8GWRTQBJ BIZWA/5Mm90DRxqpXUGcMUXInol48AFqXR0kZ6Y9GfxaV9f0JBHPyi1fWQnJ03d7 OQK3E3OzCZcEcjn4PU9yg4XjxqJ065AtQn93BbZm9x4Ie5w3++SeuisGOziN+TRw j//VcON7AGI= =Q25f -END PGP MESSAGE- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Multiple Scanner Support - Pricing
That would have been true if everyone had to pay for a new feature. but the fact that the pro version get the new feature free, and the standard version do not is not right. If everybody had to pay for it, or if there was some type of support contract, I would be the first one to accept. But this is a sort of descrimination against the chipies :) When I bought the product, there was nothing that said that the pro version will get additional features in the future for free. - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 6:35 PM Subject: RE: [Declude.Virus] Multiple Scanner Support - Pricing Hm, I feel just the opposite. I feel guilty about getting top support, a great tools web-site and an ever-expanding product and NOT paying an annual upgrade fee to pay for all that development effort. So - my vote is: New features CAN cost more if that's commercially necessary. If a new feature is used only by a small subset of clients, then I feel it can be 'banned' into the Pro version. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Serge Dergham Sent: Tuesday, December 18, 2001 01:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Declude v1.30 released (beta) o PRO version adds internal support for multiple virus scanners. Com'on, the main feature of pro version is multi-domain support, support for multiple scanner should be available for everybody ! - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 6:11 PM Subject: [Declude.Virus] Declude v1.30 released (beta) Computerized Horizons has just released Declude Virus v1.30. Notable changes include: o Major overhaul to MIME decoding functions to support further enhancements o Declude's dependency on user32.dll was removed, which (should) prevent Declude from counting towards the depletion of Microsoft's Mystery Heap. o DELIVERERRORS ON config option will allow E-mail that a scanner reports an error on to be delivered (if neither a Virus free or Virus found code is returned). o TEMPDIR config option to let you choose the temporary directory that Declude scans files in (to allow usage with on-access scanners that can't exclude subdirectories, and for RAM disk support) o Will automatically detect F-Prot.PIF file and delete it if necessary, to prevent halt of E-mail delivery. o PRO version adds internal support for multiple virus scanners. Also, the size of the Declude.exe has been shrunk to about 1/2 of its original size, so don't be alarmed if it appears small. The beta can be downloaded from http://www.declude.com/junkmail/support/ip4r.htm . -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] TempDir
have a huge ramdisk... ?!?! How big is big enough ? 10M ? 50M? 100M ? Anyone already using a ramdrive with Imail and/or declude please share your experience - Original Message - From: Jim Jones, Jr. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 9:13 PM Subject: Re: [Declude.Virus] TempDir - Original Message - From: Serge Dergham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 3:10 PM Subject: Re: [Declude.Virus] TempDir and how to make sure not to run out of free space on the ram disk ? - Original Message - From: Jim Jones, Jr. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 9:04 PM Subject: Re: [Declude.Virus] TempDir I bet that it really speeds things up to do the scanning in a ram disk... anyone know for sure and if so, how do you set up a ram disk in windows 2000 server? thanks jim - Original Message - From: Don Brown [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 2:57 PM Subject: [Declude.Virus] TempDir Scott, What is the advantage, if any, of specifying a Temporary directory for AV to scan files? They're are scanned in the spool directory by default, aren't they? Thanks, Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED]http://www.inetconcepts.net PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049 Providing Internet Solutions Worldwide - An eDataWeb Affiliate --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] MISSING_REVERSE_DNS:Neshield
Hi, I exluded all imail directories (spool, domaines, users, ...) and the subdirectories from netshield scanning, but it is still trying to scan the spool (see below). Anyone run into this problem before ? please help ! 12/10/01 06:32 Cleaned AUTORITE NT\SYSTEM E:\imailsrvr\Spool\D8e81268.vir\0.bat W32/Magistr.b@MM 12/10/01 07:11 Deleted AUTORITE NT\SYSTEM E:\imailsrvr\Spool\D978a166.vir\0.htm VBS/Tam@M This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] v1.27 (beta) released
Scott would it be possible to get a SENDONLYIFLOCALRECIPIENT feature soon please? Yes, Yes, Yes :)) - Original Message - From: Craig Gittens [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 11, 2001 8:40 PM Subject: RE: [Declude.Virus] v1.27 (beta) released Scott would it be possible to get a SENDONLYIFLOCALRECIPIENT feature soon please? Craig -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Thursday, October 11, 2001 3:14 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] v1.27 (beta) released We have just released Declude Virus v1.27. The main change is that it adds the ability to pre-scan HTML files (for Declude Virus Pro). When you add PRESCAN ON to the \IMail\Declude\virus.cfg file (for the Pro version only), Declude Virus will pre-scan HTML files. E-mail with HTML (but no other attachments or non-text MIME segments) files typically account for about 80% to 90% of E-mail traffic, but rarely contain viruses. They still need to be scanned, because there are some HTML viruses (such as Kak.worm). Scanning all this extra traffic (thanks to Microsoft, for pushing HTML even when it isn't needed) uses lots of CPU time. With th This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] McAfee NetShield Upgrade
thanks just tried sdat4100.exe and 4100xdat.exe that came with the CD, they both said I have the latest engine and dat files the about netshield has: Netshield for windows NT and W 2000 4.5 Virus def 4.0.4165 Scan engine 4.0.70 What is going on ? how can I get the new engines ? I just got my CD last week ? - Original Message - From: Jerry Murdock [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 11, 2001 8:23 PM Subject: Re: [Declude.Virus] McAfee NetShield Upgrade 1: 4.0.70 must be 2-3 years old now. Run SDAT ASAP, the scanner isn't worthless, but there are plenty of things that require the newer engines. 2: I don't like ME much. Haven't used it recently enough to help you. I've moved almost all clients with a corporate desktop solution to Trend Officescan. 3: See #2 Jerry - Original Message - From: Serge Dergham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 11, 2001 3:22 PM Subject: Re: [Declude.Virus] McAfee NetShield Upgrade Hi jerry, few questions if you have the time: 1- I keep getting this type of alert from netshield: The scan of F:\pcany\pcanywhere\Full.Cab\F1477_Aw32ban.dll has taken too long to complete and is being canceled. Scan engine version used is 4.0.70 DAT version 4.0.4164. How can avoid this, is there a timeout or a time limit I can change ? 2- I am playing with ME (management edition), I downloaded and saved latest DAT with netshield, and used it to updated other machienes with netshield, but could not use it on machines with Viruscan, it gives a message that it could not get update.ini any idea what to do ? 3- can/should we use sdat with ME ? TIA - Original Message - From: Jerry Murdock [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 11, 2001 7:10 PM Subject: Re: [Declude.Virus] McAfee NetShield Upgrade Yes. - Original Message - From: Charles Stanley [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 11, 2001 3:06 PM Subject: Re: [Declude.Virus] McAfee NetShield Upgrade At 12:03 PM 10/11/01, you wrote: If you just mean the engine, download and run the latest SDAT.exe. This will update the engine for the server version of Netshield? This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] McAfee NetShield Upgrade
upgraded to engine 4.1.5, but still getting the timout alerts do you know what are these ? The scan of E:\McAfee\SecureCast\ESC_55SP2.zip\ESC_55SP2.EXE has taken too long to complete and is being canceled. Scan engine version used is 4.1.50 DAT version 4.0.4165 - Original Message - From: Jerry Murdock [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 11, 2001 10:04 PM Subject: Re: [Declude.Virus] McAfee NetShield Upgrade 4100 is over a year old. Get the latest 4165 from the mcafee site. Jerry - Original Message - From: Serge Dergham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 11, 2001 4:57 PM Subject: Re: [Declude.Virus] McAfee NetShield Upgrade thanks just tried sdat4100.exe and 4100xdat.exe that came with the CD, they both said I have the latest engine and dat files the about netshield has: Netshield for windows NT and W 2000 4.5 Virus def 4.0.4165 Scan engine 4.0.70 What is going on ? how can I get the new engines ? I just got my CD last week ? - Original Message - From: Jerry Murdock [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 11, 2001 8:23 PM Subject: Re: [Declude.Virus] McAfee NetShield Upgrade 1: 4.0.70 must be 2-3 years old now. Run SDAT ASAP, the scanner isn't worthless, but there are plenty of things that require the newer engines. 2: I don't like ME much. Haven't used it recently enough to help you. I've moved almost all clients with a corporate desktop solution to Trend Officescan. 3: See #2 Jerry - Original Message - From: Serge Dergham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 11, 2001 3:22 PM Subject: Re: [Declude.Virus] McAfee NetShield Upgrade Hi jerry, few questions if you have the time: 1- I keep getting this type of alert from netshield: The scan of F:\pcany\pcanywhere\Full.Cab\F1477_Aw32ban.dll has taken too long to complete and is being canceled. Scan engine version used is 4.0.70 DAT version 4.0.4164. How can avoid this, is there a timeout or a time limit I can change ? 2- I am playing with ME (management edition), I downloaded and saved latest DAT with netshield, and used it to updated other machienes with netshield, but could not use it on machines with Viruscan, it gives a message that it could not get update.ini any idea what to do ? 3- can/should we use sdat with ME ? TIA - Original Message - From: Jerry Murdock [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 11, 2001 7:10 PM Subject: Re: [Declude.Virus] McAfee NetShield Upgrade Yes. - Original Message - From: Charles Stanley [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 11, 2001 3:06 PM Subject: Re: [Declude.Virus] McAfee NetShield Upgrade At 12:03 PM 10/11/01, you wrote: If you just mean the engine, download and run the latest SDAT.exe. This will update the engine for the server version of Netshield? This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED
Re: [Declude.Virus] Magstr.39921
Hi Sharyn, What av are you using with Declude ? - Original Message - From: Sharyn Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 08, 2001 3:41 PM Subject: RE: [Declude.Virus] Magstr.39921 The Declude installed on my mail server nabbed this :) Sharyn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Spangenberg Sent: Monday, October 08, 2001 11:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Magstr.39921 I received this message with several attached files, .mbx .srt .iud. So either they aren't infected, or Fprot also let them through here. Anyone else? Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Serge Dergham Sent: Monday, October 08, 2001 9:22 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Magstr.39921 Attached is the Imail Mailbox with a virus tha got thru today Declude+fprot Please check and let us know Thanks - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 08, 2001 1:17 PM Subject: Re: [Declude.Virus] Declude Confirm for sending email to lists? Ideally on large lists the sender should have to send the message, receive a confirmation request, and then send a confirming message, in the same style as a Declude Confirm used for subscription. That way a forged message can't get distributed as if it were legitimate. Any solutions? Could Declude Confirm be configured or extended to take this role? I don't think this could be done with Declude Confirm, nor do I know of any other way to accomplish it. This is something we may consider adding to Declude Confirm. One option in the meantime would be to use passwords (depending on the type of list, that may or may not be convenient). -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged Best in the World at the annual San Francisco Wine and Spirits Championships, and the artisan tequilas of Porfidio 100% Agave Tequilas, judged Best Tequila four years running by the Wine Enthusiast magazine. For more information, please click (go to) htmla href=http://www.cruzanrums.com;http:///aa href=http://www.cruzanrums;www.cruzanrums.com/a/html This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Magstr.39921
stop shouting please it is important for all of us to understand what is going on. Beside, I did state the attachement contain a virus, and all you need to do is not open it, I hope for your sake you know that, If you don't know that, you probably don't belong on this list. - Original Message - From: Ken Lizotte [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 08, 2001 3:41 PM Subject: Re: [Declude.Virus] Magstr.39921 NOT A VERY NICE THING TO DO. SEND A VIRUS TO THE WHOLE LIST! PLEASE GET A NEW LIFE, THANK YOU. Ken - Original Message - From: Serge Dergham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 08, 2001 11:21 AM Subject: [Declude.Virus] Magstr.39921 Attached is the Imail Mailbox with a virus tha got thru today Declude+fprot Please check and let us know Thanks - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 08, 2001 1:17 PM Subject: Re: [Declude.Virus] Declude Confirm for sending email to lists? Ideally on large lists the sender should have to send the message, receive a confirmation request, and then send a confirming message, in the same style as a Declude Confirm used for subscription. That way a forged message can't get distributed as if it were legitimate. Any solutions? Could Declude Confirm be configured or extended to take this role? I don't think this could be done with Declude Confirm, nor do I know of any other way to accomplish it. This is something we may consider adding to Declude Confirm. One option in the meantime would be to use passwords (depending on the type of list, that may or may not be convenient). -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
