Re: [Declude.Virus] what does this mean in the virus log file?
Nick, With the enhancement of turning off checking for individual vulnerabilities, this information indicates for Declude which vulnerabilities are being checked and which ones are not. David Franco-Rocha Declude Technical Support - Original Message - From: NIck Hayer [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Monday, June 06, 2005 5:51 PM Subject: Re: [Declude.Virus] what does this mean in the virus log file? Vulnerability flags = 76 Thanks! -Nick --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] what does this mean in the virus log file?
Thanks David! David Franco-Rocha [ Declude ] wrote: Nick, With the enhancement of turning off checking for individual vulnerabilities, this information indicates for Declude which vulnerabilities are being checked and which ones are not. David Franco-Rocha Declude Technical Support - Original Message - From: NIck Hayer [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Monday, June 06, 2005 5:51 PM Subject: Re: [Declude.Virus] what does this mean in the virus log file? Vulnerability flags = 76 Thanks! -Nick --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] what does this mean in the virus log file?
Vulnerability flags = 76 Thanks! -Nick --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What is our future?
By now most of you will have seen the recent announcement by Ipswitch of their product repackaging. Like you, we are disappointed by their decision to effectively impose a price increase to their base product offerings and to burden existing and future customers who appreciate the advantages of purchasing the Declude suite of applications. To all our customers including the many hundreds of you who contacted us yesterday by phone, email, support system and the JunkMail and Virus lists we can assure you that Declude will not abandon you and we will continue to deliver and enhance Declude, or as one customer described it yesterday, the best single feature of IMail! We had hoped to make this announcement when we had a definitive delivery date but the 2 additional versions of Declude that will address this situation are in the development mill. We are not able to provide more information at the present time but we will keep you up-to-date with specific information as it becomes available. We thank our loyal customers and partners for their support. If any of you have specific questions please feel free to contact me at [EMAIL PROTECTED]
[Declude.Virus] What are these
Q06634053002e6803 Error 183 creating temp directory F:\IMail\spool\D06634053002e6803.vir\. 10/25/2004 10:26:26 Q06634053002e6803 Scanned: Error starting scanner Thanks for the aid, running 1.81 --- Keith Johnson Senior Network Engineer Network Advocates, Inc. 9001 Shelbyville Road Burhans Hall, Suite 260 Louisville, KY 40228 TEL: 502.992.5928 FAX: 502.412.1058 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What are these
Also, ERROR: Could not open recip file F:\IMail\spool\_08dc4c3a0030129f.~MD [2] Please advise to what this is, thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Monday, October 25, 2004 10:24 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] What are these Q06634053002e6803 Error 183 creating temp directory F:\IMail\spool\D06634053002e6803.vir\. 10/25/2004 10:26:26 Q06634053002e6803 Scanned: Error starting scanner Thanks for the aid, running 1.81 --- Keith Johnson Senior Network Engineer Network Advocates, Inc. 9001 Shelbyville Road Burhans Hall, Suite 260 Louisville, KY 40228 TEL: 502.992.5928 FAX: 502.412.1058 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What are these
Also getting: Q08b8153d00e2843a Couldn't rename SMD to SM$ [32]. Priority back to 32. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Monday, October 25, 2004 10:24 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] What are these Q06634053002e6803 Error 183 creating temp directory F:\IMail\spool\D06634053002e6803.vir\. 10/25/2004 10:26:26 Q06634053002e6803 Scanned: Error starting scanner Thanks for the aid, running 1.81 --- Keith Johnson Senior Network Engineer Network Advocates, Inc. 9001 Shelbyville Road Burhans Hall, Suite 260 Louisville, KY 40228 TEL: 502.992.5928 FAX: 502.412.1058 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What are these
Do you have an on-access scanner running? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Monday, October 25, 2004 7:38 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What are these Also, ERROR: Could not open recip file F:\IMail\spool\_08dc4c3a0030129f.~MD [2] Please advise to what this is, thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Monday, October 25, 2004 10:24 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] What are these Q06634053002e6803 Error 183 creating temp directory F:\IMail\spool\D06634053002e6803.vir\. 10/25/2004 10:26:26 Q06634053002e6803 Scanned: Error starting scanner Thanks for the aid, running 1.81 --- Keith Johnson Senior Network Engineer Network Advocates, Inc. 9001 Shelbyville Road Burhans Hall, Suite 260 Louisville, KY 40228 TEL: 502.992.5928 FAX: 502.412.1058 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] What are these
Q06634053002e6803 Error 183 creating temp directory F:\IMail\spool\D06634053002e6803.vir\. 10/25/2004 10:26:26 Q06634053002e6803 Scanned: Error starting scanner That error means that the .vir directory already exists -- this will happen if IMail accidentally calls Declude multiple times. Although you will see the warnings in the log file, Declude will still function properly. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What are these
John, Both are turned off, use F-prot (Realtime not install), Inoc turned off and Disabled. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, October 25, 2004 10:53 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What are these Do you have an on-access scanner running? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Monday, October 25, 2004 7:38 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What are these Also, ERROR: Could not open recip file F:\IMail\spool\_08dc4c3a0030129f.~MD [2] Please advise to what this is, thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Monday, October 25, 2004 10:24 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] What are these Q06634053002e6803 Error 183 creating temp directory F:\IMail\spool\D06634053002e6803.vir\. 10/25/2004 10:26:26 Q06634053002e6803 Scanned: Error starting scanner Thanks for the aid, running 1.81 --- Keith Johnson Senior Network Engineer Network Advocates, Inc. 9001 Shelbyville Road Burhans Hall, Suite 260 Louisville, KY 40228 TEL: 502.992.5928 FAX: 502.412.1058 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What are these
Scott, We are backing up in our Queue of about 8000 emails and we started seeing the below messages as well: Q08b8153d00e2843a Couldn't rename SMD to SM$ [32]. Priority back to 32. ERROR: Could not open recip file F:\IMail\spool\_08dc4c3a0030129f.~MD [2] Are these related? Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, October 25, 2004 10:55 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What are these Q06634053002e6803 Error 183 creating temp directory F:\IMail\spool\D06634053002e6803.vir\. 10/25/2004 10:26:26 Q06634053002e6803 Scanned: Error starting scanner That error means that the .vir directory already exists -- this will happen if IMail accidentally calls Declude multiple times. Although you will see the warnings in the log file, Declude will still function properly. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What are these
We are backing up in our Queue of about 8000 emails and we started seeing the below messages as well: Q08b8153d00e2843a Couldn't rename SMD to SM$ [32]. Priority back to 32. ERROR: Could not open recip file F:\IMail\spool\_08dc4c3a0030129f.~MD [2] Are these related? It almost certainly is related. Those warnings can occur if there are multiple Declude processes trying to handle the same E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] What is Partial Vulnerability on a PDF
Hi, Actually why couldn't Declude run uudecode and reassemble the file before hand, then have it scanned and determine if it is harmful or not?? Because the time between the e-mail with first part might be one second, one day one week, etc. Declude now simply scans one e-mail, and when it's finished... it's finished. If it were to scan something like this it would need to remember stuff between scans. And, when would Declude decide a file sent in parts is complete? And what if a part is missing, when would Declude decide it would never get to see all parts? And what would Declude need to do with all parts before it has seen *all* parts and can finally decide whether they contain a virus or not? Multiple questions/problems which Declude would need to solve but for which is no need to solve them. The reason for sending a large file in parts is virually gone,. I can find only one reason today, either the sender or receiver is on a slow dial-up and want's to send/receive across *dial-up sessions* for whatever reason. If that's the case, maybe they should split up the file beforehand using ZIP/RAR/etc. and sent eacht part seperate. Groetjes, Bonno Bloksma --- [E-mail scanned at tio.nl for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
Uuencode/Uudecode is what we used to use before the high speed world became a reality. You would type Uudecode and the file name and path. If I remember as long as all the parts where in the same directory it would reassemble it. There are plenty of mailers that will reassemble and I really thought all of them did it today. UUencode/UUdecode UUencode/UUdecode is a software utility that converts a binary file (often a photo or a graphic) to an ASCII (text) file so that it can be sent as an attachment to an e-mail message or downloaded from a newsgroup. Since e-mail messages must be text, not binary information, UUencode disguises non-text files as text so that they can be included in a mail message. When the message is received, the recipient, or their e-mail program, runs UUdecode to convert it to the original file. Easily available on the net via shareware. Google UUencode Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Loughlin Sent: Friday, June 04, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Was there ever a way to put these emails back together? I had some one send me pictures that got broken up by this, and was wondering if they could be re-assembled. Bruce -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 4:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Yes I looked again and you are right. So Declude would have to keep track of e-mail to e-mail and possible out of sequence and different clients marking the split stuff in different ways On/Off switch is the way to go (unfortunately) Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, June 03, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
Actually why couldn't Declude run uudecode and reassemble the file before hand, then have it scanned and determine if it is harmful or not?? DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Saturday, June 05, 2004 5:41 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Uuencode/Uudecode is what we used to use before the high speed world became a reality. You would type Uudecode and the file name and path. If I remember as long as all the parts where in the same directory it would reassemble it. There are plenty of mailers that will reassemble and I really thought all of them did it today. UUencode/UUdecode UUencode/UUdecode is a software utility that converts a binary file (often a photo or a graphic) to an ASCII (text) file so that it can be sent as an attachment to an e-mail message or downloaded from a newsgroup. Since e-mail messages must be text, not binary information, UUencode disguises non-text files as text so that they can be included in a mail message. When the message is received, the recipient, or their e-mail program, runs UUdecode to convert it to the original file. Easily available on the net via shareware. Google UUencode Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Loughlin Sent: Friday, June 04, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Was there ever a way to put these emails back together? I had some one send me pictures that got broken up by this, and was wondering if they could be re-assembled. Bruce -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 4:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Yes I looked again and you are right. So Declude would have to keep track of e-mail to e-mail and possible out of sequence and different clients marking the split stuff in different ways On/Off switch is the way to go (unfortunately) Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, June 03, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
Was there ever a way to put these emails back together? I had some one send me pictures that got broken up by this, and was wondering if they could be re-assembled. Bruce -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 4:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Yes I looked again and you are right. So Declude would have to keep track of e-mail to e-mail and possible out of sequence and different clients marking the split stuff in different ways On/Off switch is the way to go (unfortunately) Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, June 03, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E
[Declude.Virus] What is Partial Vulnerability on a PDF
Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] What is Partial Vulnerability on a PDF
Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. That's the vulnerability -- a single attachment that has been split into multiple E-mails. This was cool in the early 90's to bypass the 50K size limit for E-mails. But today, it is not necessary, and causes a vulnerability (if not blocked, viruses could spread that way). We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? A mail client that gets all 5 parts should (if it supposed split E-mails) be able to automagically put them back together into one E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
Yes I looked again and you are right. So Declude would have to keep track of e-mail to e-mail and possible out of sequence and different clients marking the split stuff in different ways On/Off switch is the way to go (unfortunately) Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, June 03, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing
Re: [Declude.Virus] What is it?
Another way to defend against these is with your desktop AV program. McAfee Enterprise 7.x has some check boxes to turn on testing for these pests. (Because they're not exactly a virus, McAfee makes you turn on the extra checking) Some corporate tools, like remote control or intrusion testing may produce false positives. Because in the "wrong hands" these can be dangerous cracker/hacker tools. So, do some testing before making a mass switch. You may have some tools to exclude from checking. It has worked ok here in early testing. http://vil.nai.com/vil/content/v_100696.htm (This is a typical McAfee write-up for a spyware, Adware-180Solutions) Greg Greg Little wrote: The only other really effective way to "prevent further infections" is to block access to the whole internet. Greg PS These Spyware programs have gotten at least as annoying as the viruses. Between McAfee and Declude most of the viruses never reach the user PCs, but several times a week I'm addressing some kind of Spyware issue. inline: VSE7-ODS-PROGRAM.gif
RE: [Declude.Virus] What is it?
One way I found to get rid of those type is to start the computer with a DOS disk and then delete or rename files that way. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Friday, April 30, 2004 5:43 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is it? I've had to fix two computers over the last two weeks because of adware/spyware. Just logging into the computer and letting it sit would make pop-ups all over the place. Sometimes it was so bad, you couldn't close them quick enough. I ran ad-aware and both computers had 668 infections reported. Also found another program called Spy Hunter that found even more infections than what Ad-Aware reported. BUT in order to delete these entries, you have to buy the program; $29.99. There were .DLL's that couldn't be deleted because they were being used (safe mode wouldn't work as well, the spyware/adware was being started then too). One way I was able to delete them is to use task manager and shut down just about everything; but the one computer had adware/spyware running that wouldn't show up in task manager. In order to fix this problem, I found a program that would allow you to copy and rename files such as these dlls prior to your system starting (you'd run the program, select the file you want to rename/copy, reboot and it was done). I can't find the program right now, but I'll do some searching for it. It was actually pretty nice. But one other thing, if there are registry entries that you can't delete, take permission of these entries (right-click-permissions) and you'll be able to delete them this way as well. I'll let y'all know if I find that program and then send it to you off-lists. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug Anderson Sent: Thursday, April 29, 2004 5:10 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is it? Been there done it. Didn't work. Recover console was the only way to kill it. Now I'm just trying to figure what it wasmaybe prevent further infections. - Original Message - From: Goran Jovanovic [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 29, 2004 4:05 PM Subject: RE: [Declude.Virus] What is it? Try restarting the machine in Safe Mode and then deleting it. You can also try to rename it and then reboot to see if you can break the startup of it. , Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Doug Anderson Sent: Thursday, April 29, 2004 4:55 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.Virus] What is it? Anyone deal with a file called AkAAMON.DLL or AkAAMON.CPY.DLL Adaware found it but couldn't remove it on one of our workstations. Mcafee doesn't worry about it. Anyone know what it is? Only way to get rid of it is via a repair console cause it was always in use/locked. *Scanned for viruses by Declude Virus* --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. *Scanned for viruses by Declude Virus* *Scanned for viruses by Declude Virus* --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What is it?
Try restarting the machine in Safe Mode and then deleting it. You can also try to rename it and then reboot to see if you can break the startup of it. Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Doug Anderson Sent: Thursday, April 29, 2004 4:55 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.Virus] What is it? Anyone deal with a file called AkAAMON.DLL or AkAAMON.CPY.DLL Adaware found it but couldn't remove it on one of our workstations. Mcafee doesn't worry about it. Anyone know what it is? Only way to get rid of it is via a repair console cause it was always in use/locked. *Scanned for viruses by Declude Virus* --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] What is it?
Been there done it. Didn't work. Recover console was the only way to kill it. Now I'm just trying to figure what it wasmaybe prevent further infections. - Original Message - From: Goran Jovanovic [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 29, 2004 4:05 PM Subject: RE: [Declude.Virus] What is it? Try restarting the machine in Safe Mode and then deleting it. You can also try to rename it and then reboot to see if you can break the startup of it. Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Doug Anderson Sent: Thursday, April 29, 2004 4:55 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.Virus] What is it? Anyone deal with a file called AkAAMON.DLL or AkAAMON.CPY.DLL Adaware found it but couldn't remove it on one of our workstations. Mcafee doesn't worry about it. Anyone know what it is? Only way to get rid of it is via a repair console cause it was always in use/locked. *Scanned for viruses by Declude Virus* --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. *Scanned for viruses by Declude Virus* *Scanned for viruses by Declude Virus* --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] What is it?
I've been successful on similar junk by unchecking the pest's startup commands in MSConfig. (Also a good research tool) Spybot Search and Destroy has an innoculate function. At a quick glance they add 00's of entries into the HOSTS file. The idea is that www.WorthlessTrash.com will resolve to 0.0.0.0 so that the user can't reach it for the initial download (and neither can an affiliated program that does get through). The only other really effective way to prevent further infections is to block access to the whole internet. Greg PS These Spyware programs have gotten at least as annoying as the viruses. Between McAfee and Declcude most of the viruses never reach the user PCs, but several times a week I'm adressing some kind of Spyware issue. --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] What is this please
First post. I really appreciate the discussion here, it's helped me a lot to keep things working. This is likely the wrong place to ask, but as of 11AM today, I've had over 14 illegal Imail listserv command messages, I believe to be originating from . I've been getting a few of them everyday, but not to this extent. My sys files, normally around 3 -4 mb, are swelling to 70 - 80 mb. These all seem to be coming from different IPs. I'm running Imail 6. Since I'm not using it, I thought I would just turn the listserv function off, but there doesn't seem to be any way to do it. Any thoughts would be welcomed. Thanks Royce Burnett CICI --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] what is p_usb.zip
I am not sure about F-prot, but Mcafee updated their definition files last night to catch this. Mcafee calls it Proxy-Cidra http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=100939 Don - Original Message - From: Bennie [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 6:32 PM Subject: [Declude.Virus] what is p_usb.zip Hey guys... What is p_usb.zip... my Norton on my computer just caught this that means declude and f-prot missed it. opps .. guess i jumped the gun... my norton says it is Trojan.Download.Inor.B. but why did declude not catch it... Bennie --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] What does 'Found potentially dangerous stuff' really mean?
I've found several messages in my Declude Virus Log referring to Found Potential dangerous stuff, yet no action is taken on these. I cannot find these items in the spool\virus folder either. Can somebody explain this for me? Here is a sample of my logs: 02/19/2004 07:23:55 Qb8ea0da5012241cc Found potentially dangerous stuff in D:\IMail\spool\Db8ea0da5012241cc.vir\0.! 02/19/2004 07:24:00 Qb8ea0da5012241cc Scanned: Virus Free 02/19/2004 07:26:18 Qb979030900da73fd Found potentially dangerous stuff in D:\IMail\spool\Db979030900da73fd.vir\0.! 02/19/2004 07:26:23 Qb979030900da73fd Scanned: Virus Free [MIME: 1 20293] 02/19/2004 08:27:39 Qc7d60a3201168cf4 Found potentially dangerous stuff in D:\IMail\spool\Dc7d60a3201168cf4.vir\0.! 02/19/2004 08:27:43 Qc7d60a3201168cf4 Scanned: Virus Free [MIME: 1 33471] 02/19/2004 07:08:10 Qb53602cf00daccce MIME file: [text/html][quoted-printable; Length=3761 Checksum=310659] 02/19/2004 07:08:10 Qb53602cf00daccce Found potentially dangerous stuff in D:\IMail\spool\Db53602cf00daccce.vir\0.! 02/19/2004 07:08:10 Qb53602cf00daccce MIME file: valium.gif [base64; Length=2264 Checksum=289030] 02/19/2004 07:08:10 Qb53602cf00daccce MIME file: xanax.gif [base64; Length=2512 Checksum=294103] 02/19/2004 07:08:10 Qb53602cf00daccce MIME file: xenical.gif [base64; Length=1974 Checksum=248014] 02/19/2004 07:08:10 Qb53602cf00daccce MIME file: ambien.gif [base64; Length=2625 Checksum=325940] 02/19/2004 07:08:10 Qb53602cf00daccce MIME file: ativan.gif [base64; Length=1809 Checksum=227271] 02/19/2004 07:08:10 Qb53602cf00daccce MIME file: o1.gif [base64; Length=1515 Checksum=196803] 02/19/2004 07:08:10 Qb53602cf00daccce MIME file: vicodin.gif [base64; Length=1822 Checksum=223091] 02/19/2004 07:08:10 Qb53602cf00daccce MIME file: prior.gif [base64; Length=3344 Checksum=428506] 02/19/2004 08:34:03 Qc95a03cd00da7a68 MIME file: [text/html][*DEFAULT*; Length=7626 Checksum=625247] 02/19/2004 08:34:03 Qc95a03cd00da7a68 Found potentially dangerous stuff in D:\IMail\spool\Dc95a03cd00da7a68.vir\0.! 02/19/2004 08:34:08 Qc95a03cd00da7a68 Scanned: Virus Free [MIME: 2 9695] Scott Fisher Director of IT Farm Progress Companies --- [This E-mail scanned for viruses by Farm Progress Companies using Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] What does 'Found potentially dangerous stuff' really mean?
I've found several messages in my Declude Virus Log referring to Found Potential dangerous stuff, yet no action is taken on these. I cannot find these items in the spool\virus folder either. Can somebody explain this for me? Since you are using LOGLEVEL HIGH and PRESCAN ON, Declude Virus Pro reports that line for E-mails that did not pass the pre-scanning, and therefore need to be sent to the virus scanner. It will occur in HTML E-mails that include scripts or other potentially dangerous code. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] what?
Read the manual at www.declude.com\virus\manual.htm. Did you notice the [1/3] after the file name? That means the sender has his e-mail client set to take on message and break it up into smaller ones. Very bad. Lets viruses hide there. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tyler Jensen Sent: Wednesday, October 29, 2003 12:49 PM To: Declude. [EMAIL PROTECTED] com Subject: [Declude.Virus] what? What kind of a virus is this? The guy sent a .tif file. Declude Virus v1.76b caught the [Partial Vulnerability] virus in Unknown File from [EMAIL PROTECTED] to: [EMAIL PROTECTED] Date: 10/29/2003 15:39:44 Subject: snr logo SRbwlogo.tif [1/3] Spool File: D253d0255003e12e8.SMD Remote IP: 207.217.120.48 Headers: Received: from mallard.mail.pas.earthlink.net [207.217.120.48] by MAIL.SPORTS-SECTION.COM with ESMTP (SMTPD32-8.03) id A53D255003E; Wed, 29 Oct 2003 15:38:21 -0500 Received: from sdn-ap-029neomahp0026.dialsprint.net ([65.178.232.26] helo=Desktop3) by mallard.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 1AEx4M-aW-00 for [EMAIL PROTECTED]; Wed, 29 Oct 2003 12:37:30 -0800 From: Steve Yates [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: snr logo SRbwlogo.tif [1/3] Date: Wed, 29 Oct 2003 13:53:30 -0700 MIME-Version: 1.0 Content-Type: message/partial; total=3; id=[EMAIL PROTECTED]; number=1 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. Importance: Normal Message-Id: [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus]
Re: [Declude.Virus] what?
Seeing the subject line snr logo SRbwlogo.tif [1/3] I am thinking he has his email program set to break attachments into multiple parts, thus a single file would be split over 3 messages in this case. When that happens the virus scanner can't tell which of the parts if any could have a virus and thus it is a vulnerability. Have the guy check his email settings for a spot that says break attachments over a certain size and disable that feature and it should go through ok. Jim Matuska Jr.Computer Tech IICCNANez Perce TribeInformation Systems[EMAIL PROTECTED] - Original Message - From: Tyler Jensen To: Declude. [EMAIL PROTECTED] com Sent: Wednesday, October 29, 2003 12:48 PM Subject: [Declude.Virus] what? What kind of a virus is this? The guy sent a .tif file. Declude Virus v1.76b caught the [Partial Vulnerability] virus in Unknown File from [EMAIL PROTECTED] to: [EMAIL PROTECTED]. Date: 10/29/2003 15:39:44 Subject: snr logo SRbwlogo.tif [1/3] Spool File: D253d0255003e12e8.SMD Remote IP: 207.217.120.48 Headers: Received: from mallard.mail.pas.earthlink.net [207.217.120.48] by MAIL.SPORTS-SECTION.COM with ESMTP (SMTPD32-8.03) id A53D255003E; Wed, 29 Oct 2003 15:38:21 -0500 Received: from sdn-ap-029neomahp0026.dialsprint.net ([65.178.232.26] helo=Desktop3) by mallard.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 1AEx4M-aW-00 for [EMAIL PROTECTED]; Wed, 29 Oct 2003 12:37:30 -0800 From: "Steve Yates" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: snr logo SRbwlogo.tif [1/3] Date: Wed, 29 Oct 2003 13:53:30 -0700 MIME-Version: 1.0 Content-Type: message/partial; total=3; id="[EMAIL PROTECTED]"; number=1 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. Importance: Normal Message-Id: [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus]
RE: [Declude.Virus] what?
Thanks Jim and John! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, October 29, 2003 4:09 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] what? Read the manual at www.declude.com\virus\manual.htm. Did you notice the [1/3] after the file name? That means the sender has his e-mail client set to take on message and break it up into smaller ones. Very bad. Lets viruses hide there. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tyler Jensen Sent: Wednesday, October 29, 2003 12:49 PM To: Declude. [EMAIL PROTECTED] com Subject: [Declude.Virus] what? What kind of a virus is this? The guy sent a .tif file. Declude Virus v1.76b caught the [Partial Vulnerability] virus in Unknown File from [EMAIL PROTECTED] to: [EMAIL PROTECTED] Date: 10/29/2003 15:39:44 Subject: snr logo SRbwlogo.tif [1/3] Spool File: D253d0255003e12e8.SMD Remote IP: 207.217.120.48 Headers: Received: from mallard.mail.pas.earthlink.net [207.217.120.48] by MAIL.SPORTS-SECTION.COM with ESMTP (SMTPD32-8.03) id A53D255003E; Wed, 29 Oct 2003 15:38:21 -0500 Received: from sdn-ap-029neomahp0026.dialsprint.net ([65.178.232.26] helo=Desktop3) by mallard.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 1AEx4M-aW-00 for [EMAIL PROTECTED]; Wed, 29 Oct 2003 12:37:30 -0800 From: Steve Yates [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: snr logo SRbwlogo.tif [1/3] Date: Wed, 29 Oct 2003 13:53:30 -0700 MIME-Version: 1.0 Content-Type: message/partial; total=3; id=[EMAIL PROTECTED]; number=1 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. Importance: Normal Message-Id: [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus]
[Declude.Virus] What version should I be using?
I'm still using 1.66i18 since I hadn't had any problems with it and hadn't seen any reason to upgrade it. I don't remember 1.70 coming out and why I didn't install it. Is there a good reason why I should go to the newer version? Dan -- Original Message -- From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 03 Jun 2003 12:43:26 -0400 06/01/2003 22:36:28 Qb82911e Outlook 'MIME Header' Vulnerability: type=audio/x-midi, name=Fbvw.pif. 06/01/2003 22:36:30 Qb82911e Scanner 1: Virus= the W32/[EMAIL PROTECTED] virus !!! Attachment=Fbvw.pif [0] I 06/01/2003 22:36:31 Qb82911e Scanner 2: Virus=: W32/[EMAIL PROTECTED] Attachment=Fbvw.pif [0] I 06/01/2003 22:36:31 Qb82911e File(s) are INFECTED [[Outlook 'MIME Header' Vulnerability]: 3] generated a MIME header vulnerability email and not a virus notification. Thanks for pointing this out -- there is an interim release v1.70i2 at http://www.declude.com/release/170i/declude.exe that takes care of this issue. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] What version should I be using?
I'm still using 1.66i18 since I hadn't had any problems with it and hadn't seen any reason to upgrade it. I don't remember 1.70 coming out and why I didn't install it. Is there a good reason why I should go to the newer version? I would recommend upgrading to 1.70, as interim releases often can't be fully supported (meaning that if you have a problem, there's a good chance we'll tell you that you need to upgrade to the latest version). v1.66i18 is a rather old beta version. If it is working fine for you, though, you don't need to upgrade. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] what does this mean?
No big deal, I don't think, but can someone tell me what this is in my virlog file? We're set up to level MID. 11/22/2002 06:13:59 Q117616cf0124f484 Warning: EOF in middle of MIME segment [] [---f8de0acee6fc52cf1ab9eab27] 11/22/2002 06:13:59 Q117616cf0124f484 Scanned: Virus Free [MIME: 2 3512] I know EOF, End Of File, right? I see several of these in the logs, but don't know if it's important, or just messed up e-mail. Thanks! Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] what does this mean?
No big deal, I don't think, but can someone tell me what this is in my virlog file? We're set up to level MID. 11/22/2002 06:13:59 Q117616cf0124f484 Warning: EOF in middle of MIME segment [] [---f8de0acee6fc52cf1ab9eab27] 11/22/2002 06:13:59 Q117616cf0124f484 Scanned: Virus Free [MIME: 2 3512] I know EOF, End Of File, right? I see several of these in the logs, but don't know if it's important, or just messed up e-mail. It's just a messed up E-mail. The EOF does mean End Of File. MIME segments are supposed to have a beginning and an end, but in this case it was missing the ending. This is most commonly seen in spam. I believe it will only appear at the MID logging level or higher. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] What to do with a virus Mail?
Hello, Declude filtered a virus, but the customer want's to have this mail. What should I do now? Can I copy the file to the spool directory? Or does Declude filters this mail again? I looked at manual.htm, but there is nothing mentioned. Alex --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What to do with a virus Mail?
Declude filtered a virus, but the customer want's to have this mail. What should I do now? Can I copy the file to the spool directory? Yes, you can. Or does Declude filters this mail again? No. Are you really sure you know that you want this? Most viruses do not attach to an email with content, instead make an own mail, maybe with a subject from an old mail. So there is nothing useful in this email. Hermann --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] What to do with a virus Mail?
Declude filtered a virus, but the customer want's to have this mail. What should I do now? Can I copy the file to the spool directory? Or does Declude filters this mail again? I looked at manual.htm, but there is nothing mentioned. If you need to deliver it, you will need to copy both the D*.SMD and Q*.SMD file back to the \IMail\spool directory (IMail stores E-mail in two separate files; the D*.SMD has the actual E-mail, the Q*.SMD has the routing information). IMail will deliver it on the next queue run (typically in about 20-30 minutes, unless you use Send Now in the IMail Administrator). Declude Virus will not re-scan the file when you do that, so it will be delivered. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
