Plus, if they actually integrate our feedback, we'll buy the support
agreement in order to download the latest fruits of our labor. :)
Yes that is a key point and the reason I always rushed out to renew in the
past.
I sent this email because now I am not so sure. And I know others that have
Does anyone have an f-prot update script that they wouldn't mind sharing? I
have tried one that I found, but never could get it to work. Any help is
appreciated.
Thanks,
Daniel
===
Daniel Ivey
GCR Company / GCR Online
Voice: 434 - 570 - 1765
Fax:434 - 572 - 1981
[EMAIL
Take a look at:
http://www.declude.com/Articles.asp?ID=100
F-Prot for DOS updater - A batch file that automatically updates F-Prot
and its virus definitions (old version here), and a Cygwin version, and
a complete .ZIPed version. Finally, a Simple version!
Goran Jovanovic
The
I have tried using this script. I keep getting an error referring to
wget.exe and it doesn't update F-Prot.
Daniel
===
Daniel Ivey
GCR Company / GCR Online
Voice: 434 - 570 - 1765
Fax:434 - 572 - 1981
[EMAIL PROTECTED]
-Original Message-
From: Goran Jovanovic
Daniel,
Give this a try:
http://www.f-prot.com/support/windows/fpwin_faq/88.html
-Keith
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Ivey
Sent: Monday, May 02, 2005 11:06 AM
To: 'Declude.Virus@declude.com'
Subject: RE:
You could just go the simplistic route too and just put C:\Program
Files\FSI\F-Prot\FP-Updater\Updater.exe /internet /hidden in your task
scheduler, it is not quite as robust or foolproof as some of the other
scripts, but I have yet to have an issue with it and it is way simple to
setup and
Well, you've got two problems here, Daniel.
The first is that the script depends on an external program called wget
that you probably don't have installed.
The second is that this script should be deprecated, because the FTP
method is no longer provided by F-Prot!
As Jim and Keith pointed out,
If Scott would chime in here and say DON'T worry Doug these people know
their stuff, you are in good hands. I would order a renewal. But he left.
I'm not completely gone. :)
Everyone does things differently, and I knew when I sold that company that
the new owners wouldn't do everything
On 2 May 2005 at 9:51, Douglas Cohn wrote:
Douglas -
I agree with what you are saying. And I miss Scott for his slant on
techsupport and philosphy [ Remember Len Scott dialogs? :) ]
That said we need to give the new Declude a chance. [That is coming
from a guy that has been posting some
Scott,
While you have first hand knowledge of the inner-workings at Declude
under the new management, many around here have no clue as to whether or
not this list is even being monitored, and I think that's what is really
at issue. Free and open communication is the best way to go. I think
I sent this email because now I am not so sure. And I know others
that have the same feelings. Renew or not renew. I was told the
company would be run in the same high quality manner as before.
Clearly that is not the case. Without knowing the coders know their
stuff relating to spam it is
It appears that something has updated on F-Prot in the last hour. Now, a lot
of outbound HTML e-mails are being flagged by F-Prot as having the HTML
object exploit. Running the file on www.virustotal.com shows clean.
Any one else seeing problems?
For now, as I am at a client, I have turned off
I am seeing several files getting through that appear to have viruses
attached as zip files. I am running Declude with F-Prot. We ban encrypted
zips and I have error code 8 included. Anyone else seeing this behavior?
Here is part of the log.
05/02/2005 10:34:20 Q568a382 MIME file:
I saw a big bunch about 2 hours ago that were stopped by banned zip
extensions.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Chuck Schick
Sent: Monday, May 02, 2005 10:58 AM
To: Declude. Virus
Subject: [Declude.Virus]
Thank you for the tip, John.
I searched the logs and since the update there are legitimate E-mail, which
are caught.
Uwe
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, May 02, 2005 7:46 PM
Subject: [Declude.Virus] F-Prot
Yes, this is a problem! I rolled back to my latest defs prior to the last
update and all is well again. I disabled my updates for a while to see if
F-Prot fixes this issue.
Bill
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent:
I am having the same problems here. It all started around 12:30 Central
time...
Don
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, May 02, 2005 12:56 PM
Subject: Re: [Declude.Virus] F-Prot and
HTML object exploit
John,Thanks a bunch
Yep, these are being detected by NAI (W32/[EMAIL PROTECTED]) and ClamAV
(Worm.Sober.P), but not yet being detected by TrendMicro or F-Prot (although
I have F-Prot updates disabled for now, until they get there problem with
HTML/[EMAIL PROTECTED] fixed).
Bill
- Original Message -
From:
I'm seeing it here. Neither Norton or FPROT detect it as a virus yet. The
non-encrypted Zip file includes a .PIF file, but the filename seems to be
mangled in some way.
For now I have added
BANNAME account_info.zip
to my config. With your report, I have added account_info-text.zip as
I saw it start at about 10:00 AM PDT.
Some one please contact F-Prot. I would
but I am at a client trying to recover data from a failed hard drive. Fun.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Don
F-Prot may have already fixed their pattern file. My current sign.def
is timestamped:
05/02/2005 03:53 AM
and checking their website and downloading the current version manually
shows that the current version is:
05/02/2005 01:32 PM
Can anybody with the issue confirm which pattern file they
http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=133409
Mcafee Dat 4473 should detect it.
- Original Message -
From: Donn Bly [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, May 02, 2005 2:28 PM
Subject: RE: [Declude.Virus] Viruses appearing to be getting
I posted to list about a virus problem then I get this stupid (IMHO)
challenge-response stuff. If everyone did this on all the lists I belong to
- I would do a posting and then spend the next 3 days answering all the
challenge-responses. I think I will report this as spam.
Dear Greg Hedgepath -
Mine has the 01:32 PM time stamp and the last update time was at 10:00 AM
which is after when I saw the problem, so I would have to say the 01:32 time
stamp is the problem one.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of
Hahaha.. Yeah, I agree.
- Original Message -
From: Chuck Schick [EMAIL PROTECTED]
To: Declude. Virus Declude.Virus@declude.com
Sent: Monday, May 02, 2005 2:49 PM
Subject: [Declude.Virus] Is this sort of stuff necessary on a list?
I posted to list about a virus problem then I get this
Thanks, Chuck. I appreciate your contribution. I've added several
strings from this Zaep email to my filter that blocks lousy
Challenge-Response emails.
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick
Sent: Monday, May 02, 2005
mailing list. To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
__ NOD32 1.1086 (20050502) Information __
This message was checked by NOD32 antivirus system.
http://www.nod32
How can I roll back ??
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, May 02, 2005 2:12 PM
Subject: Re: [Declude.Virus] F-Prot and HTML object exploit
Yes, this is a problem! I rolled back to my latest defs prior to the last
I'm having the same problem. Again - how do you rollback the virus defs?
Wind wrote:
Thank you for the tip, John.
I searched the logs and since the update there are legitimate E-mail,
which are caught.
Uwe
- Original Message - From: John Tolmachoff (Lists)
[EMAIL PROTECTED]
To:
Depends on how you execute your updates. I use a script that saves a copy
of the previous defs to a backup directory. I can zip and send the previous
defs to you if you do not have copies of them.
Bill
- Original Message -
From: Jeff [EMAIL PROTECTED]
To: Declude.Virus@declude.com
sure - thanks! Has anyone let F-Prot know about this?
Kevin
Bill Landry wrote:
Depends on how you execute your updates. I use a script that saves a
copy of the previous defs to a backup directory. I can zip and send
the previous defs to you if you do not have copies of them.
Bill
-
F-Prot Seems to be catching it now as
X-Declude-Virus: Detected W32/[EMAIL PROTECTED]
Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Monday, May 02, 2005 12:55 PM
Question: Have you all running the latest v3.16b ?
I can't see any appearance of HTML/ObjData in the entire current logfile,
but I've still running 3.16a
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Tolmachoff (Lists)
Sent:
Markus,
3.16b here, but only 3 hits so far for this on a busy server, so it's
not necessarily common. I was able to capture one of these and it
appears to be hitting at least E-mails generated in "Microsoft Word 11".
META HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=us-ascii"
meta
I have not updated to 3.16b and have this problem...
Don
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, May 02, 2005 3:09 PM
Subject: RE: [Declude.Virus] F-Prot and HTML object exploit
Question: Have you all running the latest
I've been running 3.15b - I'm downloading the latest version now.
Should I install? or will this have no effect on this particular issue?
And what about the previous defs - anyone out there want to email me a
previous def file as a work around??
Thanks
Kevin
Markus Gufler wrote:
Question:
I don't think the engine version matters, just the pattern file.
I've confirmed that the culprit is this, the most recent sign.def from
05/02/2005 01:32 PM
And yes, I've sent in a support request via their web page; I'd like to
supply them with several samples.
I've also played around with
I e-mailed you the latest, non-affected defs, offline. I run 3.16b and it
has the same problem (since it's a detection issue with the virus
definition, not the application), but I would still upgrade to the latest
version.
Bill
- Original Message -
From: Kevin Rogers [EMAIL PROTECTED]
I also filled out the form at FProt's site. Thanks for the defs. When
I open up FProt, though, it says that my defs are up-to-date, even
though I replaced the newest ones with the ones that you sent. I hope
that that message indicates whether we've downloaded the latest - not
whether we are
F-Prot Seems to be catching it now as
X-Declude-Virus: Detected W32/[EMAIL PROTECTED]
My F-Prot is catching it for over 3 hours nou as Sober.O
Previously only the second scanner Mcafee has catched is as Sober.gen for
around a hour while F-prot has not detected it. In this hour there was
Well, what matters is that you have the correct (older) *.def files, not
whether the GUI says you're up to date. As far as it knows, you are.
Remember to temporarily disable your updater, or correct (older) *.def
files will just get overwritten again when the auto-updater kicks in.
Andrew 8)
We have been running F-prot as the virus scanner with Declude for over a
year but lately it seems to have more and more bugs in it. What do others
recommend as low-cost scanners to work with declude?
Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
---
This E-mail came from the
F-Prot may have pulled the latest defs do to the number of complaints
received, which could explain why the app reports that you have the latest
version.
Bill
- Original Message -
From: Kevin Rogers [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, May 02, 2005 1:54 PM
On 2 May 2005 at 15:02, Chuck Schick wrote:
We have been running F-prot as the virus scanner with Declude for over
a year but lately it seems to have more and more bugs in it. What do
others recommend as low-cost scanners to work with declude?
Hi Chuck -
Well Mcafee is hard to beat for
Matt posted the authoritative roundup in a head to head comparison when
he revamped his Declude Virus setup.
Unless he chimes in here with an updated answer, the answer is somewhere
in the archives.
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Hi,
As of now I'm still getting hit by a virus with attachments like our _
secret . zip which Sophos catches as Sober.O.
Ff-prot is still nopt catching them and there is as of yet no update. Just
did a manual update and no new version. I'm at:
SIGN.DEF 2-may-2005, 13:32 CET
SIGN2.DEF
Hi,
Oops, correct that. F-prot is catching it as Sober.O, Sophos is still not
catching it. :-(
Sure glad I'm using two scanners. ;-)
As of now I'm still getting hit by a virus with attachments like our _
secret . zip which Sophos catches as Sober.O.
Ff-prot is still nopt catching them and
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, May 02, 2005 04:36 PM
Subject: AVERT Medium Threat Advisory for Home Users Only: W32/[EMAIL PROTECTED]
Advisory
This is a Medium Threat Advisory for W32/[EMAIL PROTECTED] for Home Users Only.
Justification
W32/[EMAIL PROTECTED] has
Chuck,
Search the archives for scanner efficiency olympics. It's a year old
now, and I was primarily focused on performance instead of accuracy.
F-Prot is the king of speed, however it seems to have several hiccups
each year, and there seems to be a slew of different things happening
lately.
I don't have any samples of the latest Sober, but *if* you're using the
penultimate pattern file for F-Prot and have your auto-update disabled,
then according to the writeups, either of these two techniques in your
virus.cfg will keep this specific virus out of your user's mailboxes:
BANEXT PIF
I've found several bugs in the win32 implementations of ClamAV (some
really ugly stuff), but none that really effect the scanning of viruses.
Since that post was made, I think it's safe to say that ClamAV has made
a bit of headway on performance. I'd be interested in seeing a head to
head
I also started catching them at 16:21 Eastern Time Scanner 1 is FPROT
05/02/2005 16:21:48 Q8BBB4614012AF05F Scanner 1: Virus= W32/[EMAIL PROTECTED]
Attachment=account_info.zip [2] O
05/02/2005 16:21:49 Q8BBB4614012AF05F Scanner 2: Virus= the
W32/[EMAIL PROTECTED] Attachment=account_info.zip [2] O
We have been running F-prot as the virus scanner with Declude for
over a year but lately it seems to have more and more bugs in it.
What do others recommend as low-cost scanners to work with declude?
I've been finding BitDefender to have a very reliable auto-updater,
which is
Or even allowed on a list
What many lists I belong to help avoid this is disallow any reposting of the
footers. That way an automated process like this would never get through.
It requires the users posting, us, to cut off the footers manually but that
keeps the lists mean and lean. Initially I
The sign*.def files have been updated to:
05/02/2005 11:46 PM
Which I'm pretty sure is UTC. However, these still have the
false-positive. As of this writing, I've received no reply to my ticket
with F-Prot.
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
55 matches
Mail list logo