Re: [Declude.Virus] Virus Log Batch?
Grant, If you are referring to the Virus Log Analyzer at http://www.csonline.net/imailstuff/viruslog.htm There is an auto run option in the latest version that allows you to set a run time and will e-mail the results. When you check the auto run box a selection is provided to set the time and select the file to be analyzed. Then just minimize the program. Stu At 03:47 PM 7/14/2005 -0500, you wrote: Does anyone have a batch file that runs the Virus Log Analyzer on a nightly basis and emails the results to an admin? We are wanting to run this report on a nightly or every so many hours to send the report to the network security person to contact the customer and let them know they are sending viruses out. I have looked on the Declude site, but the one link to a batch file is not working. We are mostly intereted in the IP the email is coming from. We can not control incoming much, but can control the outgoing. Thanks, Grant Griffith EI8HTLEGS, A Division of ETC (812)932-1000 html xmlns:o=urn:schemas-microsoft-com:office:office xmlns:w=urn:schemas-microsoft-com:office:word xmlns=http://www.w3.org/TR/REC-html40; head META HTTP-EQUIV=Content-Type CONTENT=text/html; charset=us-ascii meta name=Generator content=Microsoft Word 11 (filtered medium) style !-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:Times New Roman;} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:Arial; color:windowtext;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.Section1 {page:Section1;} -- /style /head body lang=EN-US link=blue vlink=purple div class=Section1 p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'Does anyone have a batch file that runs the Virus Log Analyzer on a nightly basis and emails the results to an admin?nbsp; We are wanting to run this report on a nightly or every so many hours to send the report to the network security person to contact the customer and let them know they are sending viruses out.nbsp; I have looked on the Declude site, but the one link to a batch file is not working.nbsp; We are mostly intereted in the IP the email is coming from.nbsp; We can not control incoming much, but can control the outgoing.o:p/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'o:pnbsp;/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'Thanks,/span/fonto:p/o:p/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'Grant Griffith/span/fonto:p/o:p/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'EI8HTLEGS, A Division of ETC/span/fonto:p/o:p/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'(812)932-1000/span/fonto:p/o:p/p p class=MsoNormalfont size=3 face=Times New Romanspan style='font-size: 12.0pt'o:pnbsp;/o:p/span/font/p /div /body /html --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus log program / new log format
John, The answer to your question is Yes this is something that will be looked at. Steve has been on another project that is just finishing so there should be some time to have him look at this and correct this issue. I will try and have time frame for you by tomorrow. Stu At 02:26 PM 6/7/2005 -0500, you wrote: This is directed to Stephen Slater (csonline.net), author of VirusLogAnalyzer 3.0 beta. Stephen: A change in logging format for Declude Virus (EVA) apparently has broken the program. (Getting a division by zero error.) Any chance you might be updating this program? Really did like it. Thanks, John --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] New Virus option question
Scott, Would it be possible to add an option to the per user setting in Declude virus to A) allow the vulnerabilities test to be skipped per user while maintaining all other defined virus scanning or B) to override the virus.cfg defined virus action for email failing vulnerabilities test. like [EMAIL PROTECTED] BANCRVIRUSES OFF or [EMAIL PROTECTED] BANCRVIRUSES NOACTION In the past this was mostly a now and then issue. However lately this has come up more often. Luck of the draw I guess. Just asking Stu - CSOnline Technical Support Normal hours - Monday thru Saturday 8am - 12pm CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Cochranton 814-425-1696 Parker724-399-1158 GremLan 814-337-7060 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com http://www.gremlan.org - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] CSonline Virus Log analyser
John, My apologies as I completely missed your first message. Yes this is somthing will look into adding. Stu Any comments? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- Feature request: List number by extension messages held for banned extension. John Tolmachoff Engineer/Consultant/Owner eServices For You - CSOnline Technical Support Normal hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Summer hours - Monday thru Saturday 8am - 12pm (June - July - August) CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Cochranton 814-425-1696 Parker724-399-1158 GremLan 814-337-7060 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com http://www.gremlan.org - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] log file analyzer
Andy, If you have not gotten this to work yet pelase send me a copy of the log file off list at [EMAIL PROTECTED] so we can see what might be happening. Also what version of declude are you using. Stu At 09:04 AM 01/31/2004 -0500, you wrote: I tried 2.2, did the same thing. thanks, andy - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, January 31, 2004 2:07 AM Subject: RE: [Declude.Virus] log file analyzer As far as the error message, you need to comment out or delete a part of the setup config file, I forget what it is called. I think it is the second section. The one that talks about some vb dll and such. I am using version 1.2 and 2.2 fine. Try using 2.2. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of andyb Sent: Friday, January 30, 2004 9:16 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] log file analyzer Yes, I did the install in that order. I got an error with on the NT boxes on the install, but on a Win 2000 server and on the Win98 box, the install went fine. The analyzer appears to be working, it just isn't counting the virus, only the CR vulnerability. thanks, andy - Original Message - From: Fritz Squib [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 30, 2004 11:46 PM Subject: RE: [Declude.Virus] log file analyzer Andy, I,m using http://www.csonline.net/imailstuff/viruslog.htm v 3.0.0 beta on Declude v1.77i12 Pro and it's working fine. Only 1 scanner, f-prot. You DID run the installer from v222 first THEN replace the 222 executable with the 3.0.0, right? Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of andyb Sent: Friday, January 30, 2004 11:13 PM To: [EMAIL PROTECTED] Subject: Fw: [Declude.Virus] log file analyzer Hi everyone, Scott, anybody, does the log file analyzer work? Am I chasing my tail here? Is there a log file analyzer out there that IS working? If so can someone point the way? I've looked in the archives and haven't found anything. This the 3rd post, and haven't even gotten a grunt from anyone yet Thanks, Andy - Original Message - From: andyb To: [EMAIL PROTECTED] Sent: Friday, January 30, 2004 5:12 PM Subject: [Declude.Virus] log file analyzer HI, The log file analyzer 3.0 is counting the carriage return vulnerablity, but not the virus. There are hundreds of virus in log files. It also appears that the .txt file is properly formed (no garbage, it is just saying there are - 0 - virus found) I'm using declude 1.77. I've tried installing the analyzer on 4 different computers, 3 different operating systems so it appears that there may be an issue with the log files, not with the analyzer. There is nothing about this in the archives that I could find. What does the log analyzer need to have in the logs to count the virus? Guidance please. thanks, Andy Thumpernet --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. - CSOnline Technical Support Normal hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Summer hours - Monday thru Saturday 8am - 12pm (June - July - August) CSOnline Technical Support Numbers Seneca
[Declude.Virus] Virus Log Analyzer 3.0 beta
We have posted a new (beta) version of the virus log analyzer. http://www.csonline.net/imailstuff/viruslog.htm The Virus report (examples below) now includes a virus count by sending IP address. Requires Declude Virus 1.66 or higher for IP reporting. The option to for more detail by including the from information in virus count by ip address data. The ability to configure the program to exclude forging virus names from the count by IP address tallys. This does not affect the virus count by name part of the report. An Autorun feature. Sorry this is not command line yet. However in can be run minimized, has schedulin and will e-mail the results. The autorun feature is where we are still working on some issues. Please read the notes paying particular attention to the notes on file location. Stu Examples: Virus Summary by Count --- Count Inbound/OutboundName 337 337 / 0 W32/[EMAIL PROTECTED] 222 7 / 215 W32/Hybris.worm.B 92 57 / 35 W32/[EMAIL PROTECTED] -- IP Virus Summary - IP AddressCount Inbound / Outbound xxx.xxx.xxx.211 3 0 / 3 xxx.xxx.xxx.30 82 82 / 0 xxx.xxx.xxx.59 18 18 / 0 xxx..xxx.60 351 351 / 0 Virus Summary by Count --- Count Inbound/OutboundName 337 337 / 0 W32/[EMAIL PROTECTED] 222 7 / 215 W32/Hybris.worm.B 92 57 / 35 W32/[EMAIL PROTECTED] -- IP Virus Tally --- IP AddressVirus Name Sender - In/Outbound xxx.xxx.xxx.211 W32/Hybris.worm.B (3) - Outbound xxx.xxx.xxx.30 W32/[EMAIL PROTECTED] [EMAIL PROTECTED](1) - Inbound xxx.xxx.xxx.30 W32/[EMAIL PROTECTED] [EMAIL PROTECTED](2) - Inbound - CSOnline Technical Support Normal hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Summer hours - Monday thru Saturday 8am - 12pm (June - July - August) CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Cochranton 814-425-1696 Parker724-399-1158 GremLan 814-337-7060 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com http://www.gremlan.org - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus Log Analyzer..
From the report format I believe you downloaded this from http://www.csonline.net/imailstuff/viruslog.htm I belive the issue is your version. The report states Version 1.2. it should be version 2.2.2 Try downloading version 2.2.2. http://www.csonline.net/imailstuff/viruslog.htm (right above the full install) The full set up was for those that did not have VB runtime. Once that is installed either via the full set up or by some other VB program all that is needed is the update. Seems we missed getting to updating the full install to include the latest version. My apologies other internal projects seem to have taken priority. Stu Report on a log file using 2.2.2 Virus Log Analyzer Report Date: 08/27/2003 12:20:56 PM Source Files: v0822ml.log ** Scan Summary - Total Emails Scanned= 117,228 Total Emails Clean = 112,465 Total Emails Infected = 4,763Inbound=4,581 / Outbound=182 Outlook vulnerabilities = 209 Infected / Scanned = 4.063 % -- Log File Summary - Log NameVirus Count Total Scanned v0822ml.log 4,763 117,228 -- Virus Summary by Count --- Count Inbound/OutboundName 4,495 4,495 / 0 W32/[EMAIL PROTECTED] 126 1 / 125 W32/Hybris.worm.B 91 58 / 33 W32/[EMAIL PROTECTED] 13 0 / 13 W32/[EMAIL PROTECTED] 11 1 / 10 W32/[EMAIL PROTECTED] 9 9 / 0 W32/[EMAIL PROTECTED] 8 8 / 0 W32/[EMAIL PROTECTED] 4 4 / 0 W32/[EMAIL PROTECTED] 3 3 / 0 VBS/Lovelorn.dropper 1 1 / 0 W32/[EMAIL PROTECTED] 1 0 / 1 W32/Hybris.worm.D 1 1 / 0 W32/[EMAIL PROTECTED] -- - CSOnline Technical Support Normal hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Summer hours - Monday thru Saturday 8am - 12pm (June - July - August) CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Cochranton 814-425-1696 Parker724-399-1158 GremLan 814-337-7060 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com http://www.gremlan.org - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Hourly Logs?
You could use NT's scheduler to rename the files on a hourly (or whatever) time frame. Stu At 02:59 PM 02/20/2003 -0600, you wrote: Does anyone know of a way to set the logs to go hourly? Our daily logs, set on Low are reaching over 100 megs. Thanks. Bralynn [Scanned by AwesomeNet Anti-Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
DSN:Re: [Declude.Virus] Tis the season log analzyer
Tis the seaon to be jolly Consider this it being looked at. Questions and suggestions can be posted to this list or sent to be directly at [EMAIL PROTECTED] Stu At 08:29 AM 12/09/2002 -0600, you wrote: The holiday junk mail sure has kicked up its pace. Declude Antivirus is catching so many of them by Outlook vulnerabilities, starting to wonder if I really need Junkmail -- (don't worry, Scott, the order should be on it way shortly.) Who do I get in contact with about the Antivirus log analyzer program (from CSonline -- but don't know who there is doing it.) Have suggestion of adding the from addresses to report output -- so one could cut/paste to kill file if they wanted to or at least see who the bad boys are. Thanks, John - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
DSN:Re: [Declude.Virus] Tis the season log analzyer
The main reason this has not been done in the past is due to the number of forged from addresses that show up. Snowhite for example shows up with in the from address. However we may be able to add something for those that want to trust this information. Stu At 08:29 AM 12/09/2002 -0600, you wrote: The holiday junk mail sure has kicked up its pace. Declude Antivirus is catching so many of them by Outlook vulnerabilities, starting to wonder if I really need Junkmail -- (don't worry, Scott, the order should be on it way shortly.) Who do I get in contact with about the Antivirus log analyzer program (from CSonline -- but don't know who there is doing it.) Have suggestion of adding the from addresses to report output -- so one could cut/paste to kill file if they wanted to or at least see who the bad boys are. Thanks, John --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
DSN:Re: [Declude.Virus] Something wrong?
Craig, There is no weight in the third column and the type is helovalid. The line should look like this HELOBOGUS helovalid x x 1 0 Stu At 04:32 PM 06/26/2002 -0400, you wrote: Am I doing something incorrectly? I have put the following lines in my config files: Global.cfg HELOBOGUS helobogus x x 0 0 $default$.junkmail HELOBOGUS HOLD F:\IMaildeclude -diag Declude (C) Copyright 2000-2002 Computerized Horizons. All Rights Reserved. Diagnostics ON (Declude v1.55). Declude JunkMail: Config file found (F:\IMail\Declude\global.CFG). Declude Virus: Config file found (F:\IMail\Declude\Virus.CFG). Declude Hijack:Not installed (no F:\IMail\Declude\Hijack.CFG file). Declude Confirm: Not installed (no F:\IMail\Declude\Confirm.CFG file). So why am I getting none of these bogus emails being held? I find it impossible to believe that I am not getting any bogus connections. We handle over 2 million emails a month. Craig. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
DSN:RE: Re: [Declude.Virus] E-Mail Count
Rodney, For a quick and dirty count of Inbound vs. Outbound you can download the unix/dos tools from http://unxutils.sourceforge.net/ and use a line like grep -i -c ldeliver log.txt(Local/inbound Deliveries) grep -i -c rdeliver log.txt(Remote/outbound Deliveries) grep -i -c gdeliver log.txt(gateway Deliveries if needed) or on NT you could use find /C /I ldeliver log.txt find /C /I rdeliver log.txt find /C /I gdeliver log.txt /C = display count only /I = ignore case This will give you a good count of just the number of outbound vs. inbound messages. Stu At 09:28 AM 06/03/2002 -0400, you wrote: I'll take a look at the I-Mail analyzer, but I won't go in expecting too much. ;-) I've been spoiled by Scott and all that Declude has to offer. Thanks! Rodney -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, June 03, 2002 9:14 AM To: [EMAIL PROTECTED] Subject: DSN:Re: [Declude.Virus] E-Mail Count Rodney, If by regular e-mail you mean messages not containg a virus the answer is no as this is not recorded in the logfile. (at least not at the MID level) Something like this must be gathered from the IMail logs and one of the IMail log file analyzer. IMail has been beta testing their own version on this on the IMail list. Scott and the fokes at Declude were nice enough to include an in/out indicator for the virus messages at the MID level upon request. It may be a bit much to ask for this on the regular mail messages. Stu At 07:55 AM 06/03/2002 -0400, you wrote: Hello, I've recently downloaded the Virus Log Analyzer and love the report it generates. The only thing it's missing is a breakdown on regular e-mail as to # incoming and # outgoing. Is there a way to generate this? Thanks, Rodney --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] DSN:New Version of Virus Log Analyzer
I dosen't cost anything so it must be a minor one :) :) Stu At 04:54 PM 05/09/2002 -, you wrote: is is a major or minor upgrade ? :) - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 09, 2002 4:28 PM Subject: [Declude.Virus] DSN:New Version of Virus Log Analyzer New version of the Virus Log Analyser has been posted. - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] DSN:New Version of Virus Log Analyzer
No I don't believe you are doing anything wrong. I received one other report on this. They noticed that the program won't create a new file but if you select an existing file it will work. You might want to try this as a possible work around. Making a blank file with notepad then selecting it. Nothing on this should be different but we are checking to see if there is something that might have gotten changed that would cause this in some instances. Stu At 08:18 AM 05/10/2002 -0500, you wrote: I just downloaded your latest version of Virus Log Analyzer and I cannot get it to work. I keep getting an error about the source and output files being the same. They are not. I have attached a screen shot of the files I have selected and the error dialog. Am I doing something wrong here? My previous version (1.2) worked fine. John Olden - Systems Administrator Champaign Park District - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] DSN:New Version of Virus Log Analyzer
Something for the future? How about Inbound and outbound counts by domain for those of us who use the Pro version and need/want stats on a per domain basis. We run the pro version also. We have looked at this before but have stayed away from it as it may not be too accurate due to a few of the viruses forging the to: and from: addresses. For example this is a log entry for the Snow White virus that was caught. 05/08/2002 00:01:11 Qa2fb1b2 Scanner 1: Virus=: W32/Hybris.worm.B 05/08/2002 00:01:11 Qa2fb1b2 File(s) are INFECTED [3] 05/08/2002 00:01:11 Qa2fb1b2 Deleting file with virus 05/08/2002 00:01:11 Qa2fb1b2 Deleting E-mail with virus! 05/08/2002 00:01:11 Qa2fb1b2 Scanned: CONTAINS A VIRUS [MIME: 2 23288] 05/08/2002 00:01:11 Qa2fb1b2 From: To: @05/08/2002 00:01:11 Qa2fb1b2 Subject: Snowhite and the Seven Dwarfs - The REAL story! As you can see the To: and From: probably don't exist in anyones user list :) The accuracy would vary depending on whether the virus forged the to: from: info in the log file. As others have asked I will look into some type of summary report via domain. How well it works for each may need to be taken with a grain of salt due to the address forging though. Stu At 04:28 PM 05/09/2002 -0500, you wrote: Something for the future? How about Inbound and outbound counts by domain for those of us who use the Pro version and need/want stats on a per domain basis. Steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 09, 2002 11:29 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] DSN:New Version of Virus Log Analyzer New version of the Virus Log Analyser has been posted. http://www.csonline.net/imailstuff/viruslog.htm The report will now show inbound and outbound counts for the individual viruses detected. Example: Virus Summary by Count --- Count Inbound/Outbound Name 10090 / 10 W32/Klez.H@mm 150125/ 25 W32/Hybris.worm.B Stu -- --- CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] DSN:New Version of Virus Log File Analyzer
Is there a way to get the inbound/outbound stat per virus, instead of total for the report ? I will put this on the list. Also, inbound mean local delivery, and outbound is delivery to a remote mail server. Correct ? Inbound would be mail inbound from the Internet to accounts on the server. Outbound would be mail outbound for the Internet. I believe, and Scott may correct me on this, mail sent locally (to users on the same IMail server) would be included in the outbound totals as Declude would scan this as the sender sent the e-mail through IMail before it was delivered to the intended local account. anyway we can get stats of viruses sent by local senders ? (Outbound + local2local) We will look into this however, I'm not sure if there is any direct viable indication of local to local e-mail at the MID level. So I'm not sure if this can be done. Using the to and from information is not accurate as many viruses forge this information. My first thought is, following the thought that Declude would pick up local sent viruses as outbound, that any reduction (if possible) of outbound viruses would also cause a reduction of local to local sent viruses. Stu - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 02, 2002 9:11 PM Subject: [Declude.Virus] DSN:New Version of Virus Log File Analyzer For those using the virus log file analyzer (or those that wish to try it) a new version of the Virus Log Analyzer is a available at http://www.csonline.net/imailstuff/viruslog.htm This version has changes to the report that now indicates the number of Inbound and Outbound viruses. Virus lines that are not indicated as Inbound or Outbound in the log file will be listed on the report as unknown. You would normally see this if you ran this log analyzer version on a Declude Virus Log file before Declude Virus version 1.50. This is because these log files did not have the indicator. Many thanks to Scott and the rest at Computerized Horizons for adding this indicator. The report also now lists a count of the Outlook Vulnerabilities caught. The is a total for all types caught. This count is not included in the total virus count 3 report sort options are no listed. Count produces a report with the viruses sorted by count. Name produce a report with the viruses listed by name. CountName includes a list by count and by name on the same report. Stu -- --- CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com -- --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] DSN:Log File Request
Many Thanks Scott. Stu At 05:12 PM 04/24/2002 -0400, you wrote: I know I mentioned this before but thought I'd ask again. Any chance of getting an I (for Inbound) or O (for Outbound) added to the virus line in the log file at the MID level. So Inbound vs Outbound Viruses can be tracked. This will be included in the next release, so it will appear as you described with an I or O at the end of the line to designate incoming or outgoing: 04/11/2002 01:44:13 Q22a1152 Scanner 1: Virus=: W32/Hybris.worm.B Attachment=dwarf4you.exe [0] I 04/11/2002 01:44:13 Q22a1152 Scanner 1: Virus=: W32/Hybris.worm.B Attachment=dwarf4you.exe [0] O -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
DSN:Re: [Declude.Virus] scanning ?
Declude scans the e-mail when it is received by IMail. So if you set up a gateway server running Imail and Declude the gateway server will scan the e-mail before it delivers it to your other mail server. Stu At 06:10 PM 04/25/2002 +0200, you wrote: Hi Is this possible: On the gateway server i want to recieve the mail and when its passed to my mailserver it will be scanned by declude. So that the server just recieve the mail without scanning and first when it pass it to the other server it will be scanned on the way out ? Benny --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
DSN:Re: [Declude.Virus] DORKZTL:what to have in declude
Set the LOGLEVEL to MID in the Virus Configuration file Stu At 11:29 PM 04/17/2002 +0200, you wrote: Hi what do i vahe to have in declude to se the virusname ? after setting prescan to on and loglewel to low its no longer tellig the virusname in the virlog file Benny --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
DSN:Re: [Declude.Virus] Prescaning the party
F-prot did not correctly identify the virus for us till we updated the def's at aprox 1:30pm est time today. These appear to be diffent def's than were available in the am though the file names and sizes are the same. Stu At 09:53 PM 01/29/2002 -, you wrote: And if I don't have a prescan line, the default is on or off ? BTW, someone just sent me a copy, and fprot did not identify the virus correctly, notification said unknown virus. others said here they were correctly identifying the virus, what do you think the problem is over here ? Prescan default to on ? or some other issue ? Thanks - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 29, 2002 7:39 PM Subject: Re: [Declude.Virus] Prescaning the party I don't think I ever used the prescan, but just to make sure, how do you turn it off ? You would just change the PRESCAN ON line to PRESCAN OFF (in the virus.cfg file). manual.html does not mention prescan Thanks for pointing that out -- we're putting a list of additions to make to the manual. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
DSN:Re: [Declude.Virus] vir####.log analyzer ?
A simple virus log file analyizer can be found at the addresses below. Note in the Declude virus.cfg file the LOGLEVEL must be set to MID to report the virus names. Stu CSOnline System Administrator An update to the Virus Log File Analyzer previously listed has been posted. Version 1.2 deals with: Deals with an issue where some log files did not contain a : after the virus= in the log file. It allows for the selection of multiple files at one time. There is a read me file included that can be viewed by clicking on help. For those that have already installed the program or have VB on their systems the new exe and read me file can be found at http://www.csonline.net/imailstuff/VirusLog_v12_StandAlone.zip For those that may need the complete install program this can be found at http://www.csonline.net/imailstuff/VirusLogAnalyzer12_Setup.zip Stu At 09:10 AM 12/11/2001 -0500, you wrote: I'm wondering if anybody has a utility that will process the vir.log that is produced to provide useful statistics on the types of viruses received as well as the number (and maybe even sender/recipient info). Has this been done by anybody yet? Mike Tindor 1st.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . At 09:10 AM 12/11/2001 -0500, you wrote: I'm wondering if anybody has a utility that will process the vir.log that is produced to provide useful statistics on the types of viruses received as well as the number (and maybe even sender/recipient info). Has this been done by anybody yet? Mike Tindor 1st.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
DSN:RE: [Declude.Virus] Virus Log File Analyzer
Ed, Thanks for the virus log file. I don't know why your version of Declude writes only the virus= without the :. That would be a question for Scott in his spare time :) In the meantime we are just going to change the change the search string to not include the :. This should fix your situation. Stu At 04:49 PM 11/30/2001 -0500, you wrote: Stu, I have changed the virus.cfg to LOGLEVEL MID and I can see the text Virus= without the :, and the analyzer doesn't pick up any viruses. Is there some other setting? Do I have the wrong version of Declude? Any help is appreciated. Ed Chabot The Marlin Firearms Company 100 Kenna Drive North Haven, CT 06473 (203)985-3254 - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] DSN:Virus Log File Analyzer
A quick and dirty Virus Log Analyzer is available at http://www.csonline.net/imailstuff/Virusanalyzer.zip You can select single or multiple the log files and can select the location for the summary file to be saved to. This is nothing fancy. Below is a sample output. This was run on a log file where the Deculde loglevel is set to MID. Virus Log Analyzer Report Date: 11/12/2001 8:27:17 AM Source Files: *** vir1103.log * Scan Summary Total Emails Scanned = 91,268 Total Emails Clean = 88,463 Total Emails Infected= 2,805 Virus Summary --- Count= 1,835Virus Name= W95/Hybris.worm.B Count= 822 Virus Name= W95/Sircam.worm@mm Count= 136 Virus Name= W95/Magistr.28672@mm Count= 4Virus Name= JS/Kak.A@m Count= 4Virus Name= W95/Hybris.worm.D Count= 2Virus Name= W95/MTX.9244.worm.A Count= 1Virus Name= Virus=: W95/Magistr.28672@mm Count= 1Virus Name= W95/Hybris.worm.C Stu We installed Declude Virus yesterday without any major problems (the demo of F-Prot is not upgradable to the newest definition files... and we had to wait for the key to arrive today). In the last 3 hours, Declude has intercepted 732 virus attachements! Has anyone written a log analyzer to sumarize what is scanned and blocked at the end of the day? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications E-Commerce that makes sense! 360-457-9023http://store.tenforward.com Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .