RE: [Declude.Virus] Panda Antivirus
#PANDASCAN SCANFILE C:\Panda\Pavcl32\pavcl.com /NOM /NOB /AEX /CMP /NOS /NOR VIRUSCODE 13 VIRUSCODE 16777472 I like it. I switched to them maybe 4 years ago after I finally grew tired of Symantec -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Ognenoff Sent: Thursday, December 21, 2006 4:27 PM To: declude.virus@declude.com Subject: [Declude.Virus] Panda Antivirus I am evaluating replacing Symantec as my server and workstation scanner with Panda Antivirus (http://www.pandasoftware.com/products/business_tp.htm) and I noticed that they have a commandline version available. Is anyone else using Panda either on the desktop or in conjunction with Declude? If so, do you like it and what does your config file look like for calling the scanner? Thanks! - Andy Ognenoff --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. smime.p7s Description: S/MIME cryptographic signature
RE: [Declude.Virus] 4.2.3 Built-in scanner
Declude/scanners/avg I disabled my other test, which would leave AVG the only running one. Logs showed scanning activity with test virus. I assumed all was working as intended. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 7:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
Really? I read this as AVG detected a virus, and then went on to scanners #1 and #2. 05/09/2006 10:20:59.531 qb3591c200020536d.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 10:20:59.531 qb3591c200020536d.smd AVG Reports Not Healable 05/09/2006 10:20:59.531 qb3591c200020536d.smd Starting scanner #1: C:\Panda\Pavcl32\pavcl.com /NOM /NOB /AEX /CMP /NOS /NOR C:\IMail\spool\proc\work\DB3591~1.VIR\ 05/09/2006 10:20:59.531 qb3591c200020536d.smd Scanner to start immediately, no need to wait for others to end. 05/09/2006 10:20:59.531 qb3591c200020536d.smd Virus Scanner Started: C:\Panda\Pavcl32\pavcl.com /NOM /NOB /AEX /CMP /NOS /NOR C:\IMail\spool\proc\work\DB3591~1.VIR\ 05/09/2006 10:20:59.843 qb3591c200020536d.smd Scanning Time: 265ms [kernel=31 user=234] 05/09/2006 10:20:59.843 qb3591c200020536d.smd Virus scanner 1 reports exit code of 16777472 05/09/2006 10:20:59.843 qb3591c200020536d.smd Scanner #1 detected a virus 05/09/2006 10:20:59.843 qb3591c200020536d.smd Starting scanner #2: C:\IMail\spool\proc\work\DB3591~1.VIR\ 05/09/2006 10:20:59.843 qb3591c200020536d.smd Scanner to start immediately, no need to wait for others to end. 05/09/2006 10:20:59.843 qb3591c200020536d.smd Your virus scanner DOES NOT EXIST (at C:\IMail\spool\proc\work\DB3591~1.VIR\); NOT SCANNING ATTACHMENTS! [2] Error String: [The system cannot find the file specified.] Why is scanner #2 constantly failing too? I am deleting viruses upon detection, and it looks like it's erroring because that infected mail no longer exists. Is there a way to prevent this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 10:04 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner That is true except for the built in scanner which if it finds a virus does not call the additional scanners. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 9:49 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner I sent myself a test virus after installing the update, and it was stopped by my existing scanner. I don't see any indication of additional log lines as a result of adding AVG. The default virus.cfg file states that The default behavior is for Declude to call all scanners and I have the EXITSCANONVIRUSDETECT OFF line still completely commented out, but looking at the logs it appears that the default behavior is just the opposite. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, 09 May 2006 9:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Error 40
I am getting the following error, and trying to search through the list archives, I have come up with nothing. 03/08/2006 16:58:11 Q617000CD007623DA Error 40 in virus scanner 1. 03/08/2006 16:58:11 Q617000CD007623DA Scanned: Error in virus scanner. [MIME: 1 1468] 03/08/2006 16:58:26 Q618800D3007623DC Scanned: Banned file extension. [MIME: 2 684] From cfg file: SCANFILEC:\Progra~1\ClamWin\bin\clamscan.exe --verbose --database=C:\Docume~1\Alluse~1\.clamwin\db --tempdir=C:\Temp --no-summary -1 report.txt VIRUSCODE 1 Am I doing something wrong here? -- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Netsky, Declude, and pandaAV
I've just been testing declude.virus the past few days, and so far so good. I am having an odd issue though. After running through Decludes battery of email virus tests, all were caught, even the Eicar.zip one. Today I received several zipped files that apparently slipped through Declude line of defense. The kicker is that both scanning clients I use share the same signature file. I use PandaSoftware's BusinesSecure as my server/workstation scanner, and the bundled CL for Declude. Granted up until now, I've never used the command line scanner, but it has picked off the Eicar.zip file, so I assume that I've configured my argument correctly. Per Declude's suggestion, and verified by the manual: SCANFILEC:\Panda\Pavcl32\PAVCL.COM /NOM /NOB /AEX /CMP /NOS /NOR /HEU VIRUSCODE 13 VIRUSCODE 16777472 Once the mail passes through Delude, upon saving the zip to my desktop, my workstation scanner detects it as W32.Netsky.Z The sig file for both are the same, so what am I doing wrong? -- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.