I am thinking of adding a second virus scanner to Declude to suplement
F-Prot. I am looking at AVG and was wondering which version I'd have to
purchase. They have the AVG Professional Single Edition and the AVG File
Server Edition. My email server is NT Server 4.0.
Also, any tips on running both
Hello,
Wednesday, March 3, 2004, 11:54:36 PM, you wrote:
Do I need to do something on my end to hit this DB??
Run recent version of declude
and set AUTOFORGE ON in virus.cfg
Ok that was essy. Thanks.
--
Best regards,
~Paul~ mailto:[EMAIL PROTECTED]
---
Scott:
Is EICAR considered forged?
Using Tools page I sent myself tests for eicardynamicencodedzip and
eicarencodedzip. Both were stopped (see logs below) but no notice was
sent. Should I have gotten a notice if:
- Running i9
- VIRUS.CFG (logging MID) has BANEXT ZIP and BANEXT EZIP
-
Bill:
Which version of McAfee are you using? AVG sounds processor intensive if it
takes 3 seconds per email. Maybe I should look at McAfee.
Hank
---
[This E-mail has been scanned for viruses.]
[MGT of America, Inc.]
---
[This E-mail was scanned for viruses by Declude Virus
No problem. Thanks for the help.
John
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, March 04, 2004 9:26 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Ban notice
Is EICAR considered forged?
Sorry, my mistake.
Hank,
Regarding AVG, it doesn't seem to be extremely processor intensive, just slow in
getting going and doing the scan due to the 16-bit engine, versus the 32-bit of the
others. This was brought up in a previous thread.
Perhaps someone else has information on when the 32-bit version will
I think Scott's right. If he spends the time on this, implements it, and
virus writers immediately adapt as he suggested, then the effort was wasted
as it has not other longer reaching benefit. I think development time
should be spent on features that will have ongoing value. Otherwise we will
Serge,
old way in order to be able to use :
onlysendifsender [forged] in recpforged.eml, so we can warn the
recipient
whithout pointing to an innocent sender.
Can I ask how you have this working? Is there something you put in the
cfg file? I created this file and added the line you indicated
In our bannotify.eml, we display the banned extension by using the
%BANEXT% variable:
bannotify.eml snippet
You have sent an attachment with the .%BANEXT% extension.
/bannotify.eml snippet
Today I received a banned attachment message and the extension name was
blank:
message snippet
You have
Today I received a banned attachment message and the extension name was
blank:
message snippet
You have sent an attachment with the . extension.
/message snippet
Why is the variable not being set? How can I tell what is going on with
this message?
If you look at the D*.SMD file that was caught,
Scott - you may shoot me for suggesting this, especially if it has been
suggested before. I am not a programmer so I suggest this not knowing how
difficult it may be, but if both Virus and Junkmail use the declude.exe is
it possible to have things like BANEZIP be defined as a test in the global
This has been working quite well
make sure you have no extra blank spaces or tabs
in the regular recep.eml we have
SKIPIFSENDER [forged]
in recepforged.eml we have
ONLYSENDIFSENDER [forged]
Of course, the virus shoud be marked as forging in virus.cfg
you can test by marking eicar as forging in
(mainly that someone using just Declude Virus won't be running the Declude
JunkMail code, and vice versa).
OK, but if JM users ask for
ContainEZIPatt test, why would you refuse the request :)
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
I just got a SpamCop report about one of my mail servers. Upon looking at the report,
it appears
that they are complaining about a Undeliverable Mail message.
It seems that one of my domains is being dictionary attacked. The spammer did a
joe-job, so some
poor guy is being bombed by my server
Why does the BANEXT EZIP report a virus (and send the associated
notifications) instead of reporting a banned extension (and send the
bannotify.eml)??
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
702.319.4349
www.xidix.com
---
[This E-mail scanned for viruses by Declude Virus
I just received a notification message that said:
quote
The mail server for continentaloffice.com does not accept E-mail with
attachments that contain the extension.
/quote
quote
--pbgivjxdscnisewbjysa
Content-Type: application/octet-stream; name=Readme.zip
Content-Transfer-Encoding:
Does anyone have a way of using doing this? I mean if scumware people and
pornographers can use the windows messenger service why can't I? I know it
wouldn't always work, but most of the IP's I get in my virus notifications
are from Road Runner or Cablevision. I'll bet more than half of those
Matt,
Thanks for following up. I tried AVG based on your earlier post about using the 16-bit
version. There was another post stating that the 32-bit version did in fact work and
that's why I asked Scott for clarification. It's good to see that the 32-bit version
is viable. I plan to set it up
I'm sorry, but I'm confused on all the settings and the release notes aren't really
clear.
If I want to allow all file extensions for attachments and allow all regular zip files
but:
1. Ban encrypted zip files
2. Ban zip files with dangerous .bat,.com.,.pif.,.scr
What are the BAN
Scott
the minimum that would be practicaly usable for us :
1- Notifications based on banned extension: ONLYSENDIFEXT, SKIPIFEXT
AND
2-BANEZIPEXT2 independant from banext, as in
BANEZIPEXT2 exe
BANEZIPEXT2 com
BANEXT scr
BANEZIPEXT ON
AND
3- ONLYSENDIFFORGING
Also, request for 2 cross-product
20 matches
Mail list logo