The recommended setups for NOD32 and Trend do not have a REPORT
line. Does anyone know the values to use for these in order to get a virus
name reported.
Thanks,
George
Block exe in zips (at least temporaly)!
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
...seem's beeing a new varaint of Bagle.Virustotal
says
Antivirus
Version
Update
Result
AntiVir
6.33.0.81
02.02.2006
TR/Bagle.Gen.B
Avast
4.6.695.0
02.01.2006
no virus found
AVG
718
02.01.2006
I-Worm/Bagle
It's not the only thread remaining without comment from
Declude even if there was replies to other threads in the
meantime.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott
FisherSent: Thursday, February 02, 2006 7:32 PMTo:
Does anyone know the values to use for these in order to get a virus
name reported.
NOD32: /logrewrite /log+ /log=FILENAME
--Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL
Sandy,
Thanks as always. Do you happen to have the correct content for the REPORT
entry?
George
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Sanford Whiteman
Sent: Thursday, February 02, 2006 2:28 PM
To: george kulman
Subject:
When scanning for viruses after JunkMail through use of the above directive,
the following rule applies:
All email will continue to be scanned for viruses EXCEPT those emails having
a final JunkMail action of:
HOLD
DELETE
David Franco-Rocha
Declude Technical / Engineering
---
[This E-mail
I reported this issue quite some time ago, when
Scott was still running the show, and never got a satisfactory answer. You
can scan the raw d*.smd file with f-prot and it will detect the virus, but run
it through Declude Virus, and the virus goes though undetected. After
pestering and
My raw speculation:
1) It is missed because the virus.cfg is using the
"PRESCANON" switch (the default, I believe) and the declude.exe
application does not decode the MIME or other coding as flexibly as a mail
client would, or makes an uninformed decision about what is an object worth
Andrew, I already have PRESCAN set to off and use
the /server switch with F-Prot, so those were not the issue that was causing
this behavior for me. From my virus.cfg:
#
F-ProtSCANFILE1C:\Progra~1\FSI\F-Prot\fpcmd.exe -AI -ARCHIVE=5 -DUMB
-NOBOOT -NOBREAK -NOMEM -PACKED -SAFEREMOVE -SERVER
3) On a very busy server, Declude may be aborting
the scan because it is taking too long. The default is 60
seconds.
ANSWER: Use SCANNERTIMEOUT90 in the virus.cfg or some
other time value of your choosing.
Andrew 8)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Scan timeouts were not the issue either, since my
secondary Declude Virus scanner (TrendMicro) would catch the virus fine, and the
logs would show the scanning to be taking a mere second or two.
Bill
- Original Message -
From:
Colbeck,
Andrew
To:
Thanks for the clarificaiton.
Matt
David Franco-Rocha [ Declude ] wrote:
When scanning for viruses after JunkMail through use of the above
directive, the following rule applies:
All email will continue to be scanned for viruses EXCEPT those emails
having a final JunkMail action of:
Thanks as always. Do you happen to have the correct content for the
REPORT entry?
Good question. I _think_ you want
REPORT -
With two spaces after the keyword REPORT.
--Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Sandy,
Thanks again. I've put it in place but it'll take a while to test. I don't
see many viruses in e-mail since they're mainly caught by my IPS. When the
Blackworm furor dies down I'll run a Eicar test with the IPS on bypass and
let you know.
George
-Original Message-
From:
All of my email virus notifications are all of a sudden stuck in the
Imail queue as GSC files ... I'm using the latest declude with Imail
9.01
No changes to the server and till last night was working fine ... how
do I unstick GSC files?
-
Internet Dental Forum www.internetdentalforum.org
16 matches
Mail list logo
