Great. Exactly what I needed.
I was also confused about the MAILFROM. Does MAILFROM mean what is
displayed as the FROM: in the headers or what it says in the X-Note:
This E-mail was sent from 206-72-95-86.wi.skypipeline.com
([206.72.95.86]) or in the X-Declude-Sender field?
Maybe I
Title: Message
Good
morning
Im getting alot of
calls from yesterday on customers getting and attached zip. with and exe
file
X-Virus-Scan-Result:
Repaired 5542 [EMAIL PROTECTED].
Subject: Your Email
Account is Suspended For Security Reasons
WHat do I need to do
to stop this?
I saw this
It's a game of "catch me if you can".
Mytob has been change frequently (often several times per day) and then
sent (seeded) to 000's of addresses, before the AV companies have a
chance to react.
(I've been getting a few reports each week on these.)
It makes for about a 1 day window on many of
Title: Message
We block .exe's and zips containing exe's. Check out
item #15 (Banning files based on
extension) in the Declude Virus Manual at http://www.declude.com/Articles.asp?ID=117.
You must be running the "Standard" or "Pro" version of Declude
Virus.
HTH,
~Patrick
From:
Title: Message
I also
block exe,
But
how do you do that for exe contained in zips?
Kevin ShimwellLink Brokers Group,
LLC ( Support )1600 Hwy 17 SouthNorth Myrtle Beach, SC
29582Phone: 843-663-1004Fax: 843-663-1007Email:
[EMAIL PROTECTED]24/7Help
Title: Message
From the 4th paragraph of section 15 (of the link I
posted):
"If you wish the banned file
extensions to apply to files with .ZIP files, you can add a line "BANZIPEXTS ON"
to your \{MAILSERVER}\Declude\virus.cfg file. For example, if you have a
line "BANEXT EXE" and
Hello Terry,
TF ClamAV -
TF http://www.sosdg.org/clamav-win32/index.php
TF Get my utilities: runclamd, runclamdscan
TF http://www.smartbusiness.com/imail/declude/
TF Set up a scheduled task to periodically run freshclam to keep the
TF database update.
TF Works extremely well for us.
Thanks,
I use ClamAV (with Runclamscan/Runclamd) as my second scanner and it works
great. The only downside is it is a resource hog (but still worth it.) If
and when you move to AV/JM 2.0.6.16, consider using the new directive
EXITSCANONVIRUSDETECT. It has helped.
John
-Original Message-
Looks like I have clam up and running. I'm testing it as my primary
scanner to make sure it catches viruses and all looks good so far. It
looks like it takes about as much CPU as FProt.
I have Rundclamd running as a service under LocalSystem. Should I
set the startup type to Automatic or leave it
How can I figure out if freshclam is grabbing the latest defs?
--
Best regards,
Davidmailto:[EMAIL PROTECTED]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.
How can I figure out if freshclam is grabbing the latest defs?
I set up a scheduled task update_clamav to run every 2 hours or so:
start in: c:\clamav-devel\bin\
run: freshclam.exe --quiet -l c:\clamav-devel\log\freshclam.log
Then I can check the freshclam.log file.
I have Rundclamd running
Personally if it is working ok, I'd go automatic. I have been known to
forget to restart a manual service after rebooting.
.16 is a beta, but seems to be doing fine here.
John
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Sullivan
Sent: Friday,
Hello Terry,
Friday, June 3, 2005, 3:26:33 PM, you wrote:
How can I figure out if freshclam is grabbing the latest defs?
TF I set up a scheduled task update_clamav to run every 2 hours or so:
TF start in: c:\clamav-devel\bin\
TF run: freshclam.exe --quiet -l c:\clamav-devel\log\freshclam.log
Hi Bill,
First, welcome. I hope yours will be a
constant voice on the list.
Questions:
1. What version of Declude? 2.06 only,
or other versions as well?
2. How about older versions of IMail (8.1x,
8.0x, 7, 6, etc.)
Thanks.
Darin.
- Original Message -
From: Bill Billman
To:
Hello Everyone,
I would like to introduce myself and say hello to
everyone. Im new to Declude, having just joined last week.
Im very excited about working for Declude and looking forward to working
with you all.
We have uncovered an intermittent issue with Declude and IMail
8.2.
What happened:
Everything was flowing along beautifully, then all of a sudden I got
this:
06/03/2005 16:30:54 Qbdc2591500a28e52 ERROR: Virus scanner 2 didn't finish
after 60 seconds; terminating.
06/03/2005 16:30:54 Qbdc2591500a28e52 WARNING: Couldn't remove .vir directory
Welcome Bill.
John T
[EMAIL PROTECTED]
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Billman
Sent: Friday, June 03,
2005 1:25 PM
To: Declude.Jun[EMAIL PROTECTED]; Declude.Virus@declude.com
Subject: [Declude.Virus] System
Thanks Darin.
The problem seems to be with IMail 8.2 and
any version of Declude. We havent seen this problem using any
version of Declude and older versions of IMail.
Bill
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Friday, June 03, 2005
Thanks, Bill.
Darin.
- Original Message -
From: Bill Billman
To: Declude.Virus@declude.com
Sent: Friday, June 03, 2005 5:05 PM
Subject: RE: [Declude.Virus] System resources
Thanks
Darin.
The problem seems to be
with IMail 8.2 and any version of Declude. We havent seen this
P.S. You can schedule freshclam often because it makes a DNS call to
determine if there is a new version of the database, it will only download
if that DNS result tells it to.
Very efficient. I schedule freshclam every 15 minutes.
- Original Message -
From: David Sullivan [EMAIL
One other ClamAV tip.
If you can afford the performance hit and can use PRESCAN OFF, clamav will
be a very effective Phish blocker.
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, June 03, 2005 3:20 PM
Subject: Re[2]:
The MAILFROM filter test is seperate from anything in the headers. It is the
envelope sender.
If you want to test on the header from (I call it display from because
that's what Outlook displays), you need to check the HEADERS.
- Original Message -
From: Kevin Rogers [EMAIL
I'm running 2.0.6.16 and would consider it as stable as 1.82
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: John Carter Declude.Virus@declude.com
Sent: Friday, June 03, 2005 2:02 PM
Subject: Re[4]: [Declude.Virus] Second Scanner
Looks like I have clam up and
One last ClamAV comment...
I've added the command line switch --max-ratio 0
I've had some false positives on some .zip files that forced me to add the
switch.
- Original Message -
From: Terry Fritts [EMAIL PROTECTED]
To: David Sullivan Declude.Virus@declude.com
Sent: Thursday, June
24 matches
Mail list logo