I guess when it comes down to it either could be forged.
If I'm going to block like this, I generally prefer to do it by IP rather
than domain or email... for exactly that reason.
Does fromfile actually use something different than MAILFROM in filter
tests? I didn't catch that from the manual.
One caveat. The MAILFROM uses the envelope mailfrom, which is different than
the ones displayed in the headers.
If the below doesn't stop it, add
HEADERS 0 CONTAINS [EMAIL PROTECTED]
HEADERS 0 CONTAINS [EMAIL PROTECTED]
- Original Message -
From: "Kevin Rogers" <[EMAIL PROTECTED]>
To:
I was going to suggest a fromfile.
One potential problem.. the fromfile would use the enevelope from. In the
case of a virus, I don't know if the envelope from would have the forged
address in it.
You'd have to capture some of the messages to know for sure.
- Original Message -
From:
If you want to know what caused the weight, then add
MYFILTER WARN
to both the global.cfg and the $default$.junkmail. This will add a line to
the header telling you the message failed MYFILTER.
Otherwise it looks good. You can add multiple filter files for different
needs as well.
Darin.
--
I looked up the filter section at the manual. This is what I did.
I made a file called filter.txt. This contains:
MAILFROM0CONTAINS[EMAIL PROTECTED]
MAILFROM 0CONTAINS[EMAIL PROTECTED]
etc.
I then added this line in global.cfg:
MYFILTERfilterC:\Imail\Declude
Nope... add a "filter" test and put those lines in it. The same thing I
mentioned without pro applies here for adding test names to the global.cfg
and $default$.junkmail.
The manual at http://declude.com/junkmail/manual.htm decribes adding filter
files pretty well.
Darin.
- Original Messag
I have pro. How do I add filters?
Should I add that line "MAILFROM10 CONTAINS [EMAIL PROTECTED]" in
virus.cfg or global.cfg? Do I need to use another file?
If I use the HEADERS option "HEADERS 10 CONTAINS [EMAIL PROTECTED]"
- where would I put that?
Sorry for the newbie questions.
Kevin
> I was interested in what folks were using as a second scanner aside
> from F-Prot. ... I thought someone had posted some stats about this
> but can't find them. Any suggestions?
ClamAV -
http://www.sosdg.org/clamav-win32/index.php
Get my utilities: runclamd, runclamdscan
http://www.smartbusine
You don't have to have PRO. You can also use a FROMFILE test with a text
file listing all of the email addresses and/or domains you want to penalize.
Just put a line like this in your Global.CFG:
FROMBLACKLIST fromfile C:\IMail\Declude\fromblacklist.txt x 200
0
This penalizes every a
If you've got pro, you could add a filter:
MAILFROM10 CONTAINS [EMAIL PROTECTED]
that will check the envelope mailfrom.
To check for those addresses in the headers:
HEADERS 10 CONTAINS [EMAIL PROTECTED]
Another option is to update your virus software more often to minimize the
opportunity windo
How do I ban certain email addresses?
Some viruses have gotten through lately (first that I know about since
installing Declude) sent from forged email addresses using our own
domain. We do not whitelist our domain. I'd like to ban some of these
common addresses (e.g., [EMAIL PROTECTED], [EM
Matt posted speed comparison's I'd say about a year ago.
I use F-Prot
ClamAV
and McAfee
- Original Message -
From: "David Sullivan" <[EMAIL PROTECTED]>
To:
Sent: Thursday, June 02, 2005 4:50 PM
Subject: [Declude.Virus] Second Scanner
I know this comes up every now and then, but the
I know this comes up every now and then, but the last thread I can
find is from May 2004.
I was interested in what folks were using as a second scanner aside
from F-Prot. I've heard AVG is good but slow, Kaspersky fast with
updates but expensive, MacAfee good but hard to get a command line.
I tho
Hi list,
what does /archive mean in:
SCANFILE [Drive:]\[Path]\F-Secure\anti-v~1\fsav.exe /ALL /ARCHIVE /NOBOOT
/SILENT
We have F-Secure as an eMail-Scanner.
Does it mean, that F-Secure should scan
in archives as well ?
Uwe
---
This E-mail came from the Declude.Virus mailing list. To
unsubscri
I have verified by watching the files on my server and contacting
BitDefender support that on the Free version you must be logged into the
computer for the updates to occur.
:(
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf O
Another MyTob variant is out. F-Prot is catching it but Mcafee is not.
Mcafee does have an extra.dat for it.
The file is coming in as "info-text.zip".
Darrell
DLAnalyzer - Comprehensive reporting on Declude Junkmail
16 matches
Mail list logo
