One side note - if this feature is added please make sure this feature
is configurable so we can disable it if we choose (which I would). I
have customers who hold all spam for a certain period of time and than
we delete. If anything needs to be returned to the queue it is scanned
manually
Bonno,
This should do the trick.
http://www.fourmilab.ch/webtools/base64/
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG
Bonno,
After Declude finishes scanning the message it passes it off to
smtp32.exe for delivery. I can't think of any instance where declude
will use the imail.exe utility.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail,
Bonno,
After Declude finishes scanning the message it passes it off to
smtp32.exe for delivery. I can't think of any instance where declude
will use the imail.exe utility.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail,
Are you sure CLAMAV is hitting on this or is this a hit from the SANE phish
database being used with CLAM?
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And Imail.
IMail/Declude Overflow
Gary,
In order to scan the file I am sure Declude has to append the path to the
files to scan otherwise how would the virus scanner know what to scan? It
needs some type of path. Unless possibly it sets a working directory and
expects the scanner to scan all the files in the working
Honestly, I am not sure what all the individual files are, but here are my dates
incavi.avm - 4/15/2007
microavi.avg - 4/5/2007
miniavg.avg - 2/16/2007
avi7.avg - 2/21/2007
Howard - you can try this post from David from the Archive-
All and all it has been way down for me as well. In mid 2005 I was averging
around 100K-200K viruses a month (with AVAFTERJM). That has been dropping and
dropping. In 2006 the highest for any give month I had was 22K. This year I
have had nothing over 2,500. With running AVAFTERJM a lot of
Bill,
It's
CODE [PLACE YOUR DECLUDE CODE HERE]
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration,
Bill,
Do you have a declude.exe and a decludeproc in your imail folder? Do you
have the decludeproc service in services? Do you also have a proc folder
off of imail\spool (i.e. imail\spool\proc). Are files starting to be
deposited into the proc folder?
Darrell
put it in both declude.cfg files. I now have two. One in the
IMail\Decude Folder, and one in the Program Files\Declude Folder. I'm not
sure which one is working right now.
Bill Green
dfn Systems
- Original Message -
From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED]
To: declude.virus
DLAnalyzer 5.2.0 has been released.
DLAnalyzer is a comprehensive reporting tool that integrates both Junkmail
and Virus statistics into one report. Some of the features require the
Enterprise or Standard version, but we also have a FREE LITE version
available.
Report Samples:
DLAnalyzer 5.2.0 has been released.
DLAnalyzer is a comprehensive reporting tool that integrates both Junkmail
and Virus statistics into one report. Some of the features require the
Enterprise or Standard version, but we also have a FREE LITE version
available.
Report Samples:
Wolf,
I use McAfee, CLAM, Internal AVG, and at one time (before licensing changes)
F-Prot all at the same time. If you have extra CPU there is no reason not to
use multiple scanners. One thing though when I switched to processing AV last
I seen a dramatic drop in viruses due to them being
but
for some reason they still don't get deleted (but it's possible to do it
manually.)
-Original Message-
From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED]
Sent 2/27/2007 10:17:46 AM
To: declude.virus@declude.com
Subject: Re: [Declude.Virus] Current Version of Clam AV
FWIW - I
Gary,
I upgraded on Friday and have not ran into any issues.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Joe,
Just add the IP or CIDR block into the SMTP access control in Imail.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI
FYI - List of AV Vulns that were listed in the SANS Vulnerability Alert that
affect most of us one way or another.
Also, there was a McAfee vulnerability but it was for thier linux based version.
06.50.31 CVE: CVE-2006-5874
Platform: Cross Platform
Title: Clam Anti-Virus MIME Attachments
DLAnalyzer 5.2.0 has been released.
DLAnalyzer is a comprehensive reporting tool that integrates both Junkmail
and Virus statistics into one report. Some of the features require the
Enterprise or Standard version, but we also have a FREE LITE version
available.
New:
* Compatible with the
DLAnalyzer 5.2.0 has been released.
DLAnalyzer is a comprehensive reporting tool that integrates both Junkmail
and Virus statistics into one report. Some of the features require the
Enterprise or Standard version, but we also have a FREE LITE version
available.
New:
* Compatible with the
Eddie,
You do not need to run clamav twice to detect both phish and viruses. If
you put the phish.ndb into the same directory as the clam db it will also
use that.
Also, for me to get the virus name I had to use the wrapper.
This snippett below is from Scott Fisher who helped me get mine
Matt,
I agree with everyone of your points - My intent
was to bring it up that I had reported this issue up a long time ago as I also
thought that what was happening was undesirable. However, at the time
Scott did not feel this was a bug. However, times change and back scatter
is a huge
I brought this up to Scott several years ago - and
he said this is not a bug but a by design issue.He explained a scenario
why this was important and I understood based on the explantion but for the life
of me I can't remember the scenario.
Darrell
Pretty nice peice of social engineering below - how
many of your users will click on this tomorrow :) Who can resist the
temptation of a "secret" greeting card.
The link actually takes you to
http://www.lkkm.cz/help/postcard.gif.exe
Darrell
I noticed a new build from the SOSDG group has been released (88.3-1).
http://www.sosdg.org/clamav-win32/index.php
Anyone running it yet?
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
What version are you running Matt in version
3.0.5.20they fixed a ms-tnef issue with winmail.dat.
This might be the issue you are
seeing.
Darrell
Check
out http://www.invariantsystems.com for
utilities for Declude And
PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Wednesday, July 12, 2006 05:46 PM
To: declude.virus@declude.com
Cc: [EMAIL PROTECTED]
Subject: [Declude.Virus] 4.2.20 Error in Log
Since upgrading to 4.2.20 I started seeing the following error:
07/12/2006 00
: CONTAINS A VIRUS
[Prescan OK][MIME: 2 108872]
Darrell
Darrell ([EMAIL PROTECTED]) writes:
Andy,
Besides AVG I have 3 scanners: listed in order (F-Prot, Clam AV, McAfee).
I do think its an AVG issue like you suggested. I am trying to find a way
to disable the built in AVG virus scanner
Since upgrading to 4.2.20 I started seeing the following error:
07/12/2006 00:34:41.812 q7bca020f6715.smd 1 [1 of 2 not deleted] files
were deleted. You should not use an on-access virus scanner that scans the
\IMail directory or sub-directories.07/12/2006 00:34:41.328
This only happens
John,
What problems are you having with scan.exe? A lot of us use McAfee and have
no issues.
Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude, Imail,
mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI
Mcafee is catching these Trojan.Myno on my systems.
Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude, Imail,
mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log
Actually, it is CLAMAV catching it. Not sure about McAfee as I stop on
first virus. F-Prot is def. not catching it though.
Darrell
Darrell ([EMAIL PROTECTED]) writes:
Mcafee is catching these Trojan.Myno on my systems.
Darrell
---
Check out http
fpReview is a utility that allows you to easily review held mail on your
Imail or SmarterMail system. With fpReview you can review messages and
return them back to the queue for delivery or rescanning by Declude. Besides
being able to return the message to the queue for delivery many other
With older versions of Declude and Smartermail you used to have to do the
X rename to skip Declude processing. If you left the X off it would be
rescanned by Declude.
However, now that Declude is intergrated into Smartermail v3 what is the
correct requeing process?
Darrell
?
Thanks
Eric
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Darrell ([EMAIL PROTECTED])Sent: 08 May 2006 13:34To: Declude.Virus@declude.comSubject: Re: [Declude.Virus]
(re)Installing Declude v1.65 on Imail 8.22?
Eric,
Are you
DLAnalyzer 5.0 has been released. DLAnalyzer is a comprehensive reporting
tool that integrates both Junkmail and Virus statistics into one report.
Some of the features require the Enterprise or Standard version, but we also
have a FREE LITE version available.
With version 5.0 we have added
Michael,
Can you post some log snippet's from your junkmail logs showing this going
through junkmail and the corresponding AV log entries. I run this exact
same configuration and do not have this issue.
Darrell
Check
How does AVAFTERJM cut down on work? I thought it only affected the
order in which JM and AV ran, and that AV ran each time, regardless of
this setting.
The main benefit is that it cuts down on the amount of messages virus
scanned thus saving resources. It has been a MAJOR help for me.
:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, January 27, 2006 10:02 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Feature request: DELETEVIRUSNAME
How does AVAFTERJM cut down on work? I thought it only affected the
order in which JM and AV ran
still scans it, won't it still use
the same CPU cycles?
Keith
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, January 27, 2006 10:43 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Feature request
does it
cut down on machine resources?
Friday, January 27, 2006, 9:43:19 AM, Darrell ([EMAIL PROTECTED]) [EMAIL
PROTECTED] wrote:
Dsic Keith,
Dsic It still gets virus scanned. I have tons of viruses in my virus drop
point
Dsic for ROUTETO accounts.
Dsic Darrell
Dsic
HOLD, DELETE, ETC - Does not get virus scanned with AVAFTERJM
ROUTETO, SUBJECT, Etc - Does get virus scanned.
Think of it this way anything that ends up being delivered somewhere (i.e.
mailbox etc) gets scanned.
Darrell
Matt writes:
This is the crux of the issue that I would like to
If you don't want to bother learning or using perl
I suggest you look at DLAnalyzer. It can do Junkmail reporting and Virus
reporting for Declude integrated into one Windows based application. There
is a functional free version (lite).
Darrell
FYI - For the other affected by this I put 3.0.5.22
back on and everything is flying along with no issues. Processing messages
as fast as could be.
FWIW - My issues started on December 24th at
approximatly - 2:10pm EST.
I will follow-up with Declude tomorrow to determine
why my version
http://www.pcworld.com/news/article/0,aid,123876,00.asp
Key paragraph -
//begin
Security firm iDefense said it broke the encrypted code in a Sober variant
discovered in November and found that it is designed to download the unknown
code from various Web addresses on January 5, 2006. Millions
Knowing that there are issues with 1.x and 2.x with Imail 8.2x and 2006
extends from 8.2x I would suspect that you may have issues.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail.
I run 3.0.5.20 DFx - I think 1 or 2. It has a few extra fixes for me the
dnsbl issue is the ket one. I run it on two servers (imail) volume on
server 1 - 150K and volume on server 2 - 100K.
External tests: invURIBL Sniffer
Darrell
I understand what everyone is saying, beleive me I do. What I can tell you
is that 3.x is much better than 2.x. Especially, since it fixes the issues
I had where 100's of declude processes would unexpectantly launch and would
hose the server. I have found the later versions to be very stable
Mark,
In general for these types of viruses yes you are ok as long as the
extensions in the zips are ones that you are blocking.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail.
Also, in the Command AVAFTERJM OFF
I assume this means it SCANS viruses first, then the junkmail?
No it actually scans for viruses after junkmail.
Darrell
---
invURIBL - Intelligent URI Filtering. Stops SPAM by focusing on the
David,
When you say messages are getting stuck in the spool do you mean after they
are processed by Declude? When you upgraded to Declude 3.x did you replace
the declude.exe file?
Darrell
---
Check out http://www.invariantsystems.com for utilities
]
To: Darrell ([EMAIL PROTECTED]) Declude.Virus@declude.com
Sent: Saturday, November 05, 2005 3:57 PM
Subject: Re[2]: [Declude.Virus] Help! Upgraded from 1.82 to 3. today
Saturday, November 5, 2005, 1:42:02 PM, Darrell
([EMAIL PROTECTED]) wrote:
Also, in the Command AVAFTERJM OFF
I assume this means
http://www.invariantsystems.com for utilities for Declude And
Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parsers.
- Original Message -
From: David Dodell [EMAIL PROTECTED]
To: Darrell ([EMAIL PROTECTED
I use Mcafee and it has been great they tend to be amoung the top for
getting updates out quick. However, it is very resource intensive.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
(4) MODERATE: Multiple Anti-virus Vendor Detection Bypass
Affected: Multiple AV vendors including McAfee, Trend Micro, Kaspersky,
Sophos, CA, Panda.
Description: Multiple anti-virus engines reportedly contain a vulnerability
that can lead to bypassing detection of malware in .bat, .html and
Anyone seen this before? The message (attachment) have the W97M/Thus Virus
and is detected by McAfee as having such, but the final virus string somehow
ends up at Netsky?
Darrell
x:\imail\spoolgrep -i q41c378d5099ed6c9.smd vir1028.log
10/28/2005 11:21:09.718 q41c378d5099ed6c9.smd
qaf506d06099e03ac.smd Scanner 1: Virus=
W32/[EMAIL PROTECTED] Attachment=email-password.zip [11] O
10/28/2005 00:56:05.015 qaf506d06099e03ac.smd File(s) are INFECTED [
W32/[EMAIL PROTECTED]: 3]
Darrell ([EMAIL PROTECTED]) writes:
Anyone seen this before? The message (attachment) have
to sender
=
Bill
- Original Message - From: Darrell
([EMAIL PROTECTED]) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, October 28, 2005 9:37 AM
Subject: [Declude.Virus] Virus name reported as different than what
scanner detected.
Anyone seen this before
Kevin,
I thought PGP had a desktop version that integrates directly with outlook?
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring,
Please no talk about sharp objects - I just had a vasectomy a couple of
hours ago - oh the pain...
Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring,
FYI - For those using Bitdefender -
05.40.20 CVE: Not Available
Platform: Cross Platform
Title: BitDefender Antivirus Logging Function Format String
Vulnerability
Description: BitDefender Antivirus is a proprietary antivirus product
for multiple platforms. It is vulnerable to a format string
Alot got through today with that one, but its being
caught by F-Prot now.
10/05/2005 22:06:18 Q86937B8E01F27E50 MIME file:
pword_change.zip [base64; Length=113709 Checksum=13075286]10/05/2005
22:06:18 Q86937B8E01F27E50 Scanner 2: Virus=W32/[EMAIL PROTECTED]
Attachment=pword_change.zip [12]
visit us at www.avertlabs.com
---DLAnalyzer - Comprehensive
reporting on Declude Junkmail and Virus. Download it today - http://www.invariantsystems.com.
- Original Message -
From:
Darrell
([EMAIL PROTECTED])
To: Declude.Virus
Harry,
The message on my system just said you need to remove the last version.
Once I did that and re-ran the update all was well.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Jeff,
Yes that is normal with the 3.0 upgrade. It is just a cosmetic change and
does not really impact anything.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude
Our MRTG scripts that we make available for Declude users have been updated
for the new log format of Declude 3.0. The programs are provided free and
as is.
They can be downloaded from our site listed in the tag line.
Any questions let me know.
Darrell
I think it really depends on your volume if you will see this. Also, if you
have already tweaked your WAITFORMAIL you may not see it as well. On my
system during off peak hours I get on anverage between 75-100 messages per
minute. What you will see is Declude will spawn up to 20 or so
Marcel,
AVAFTERJM ON goes in the virus.cfg file and it makes AV run after JM as
you suspected. Several of us run this mode for the reason you cited. The
only deal you have to remember is if something is trapped by JM and you put
it back in the queue it will not be virus scanned.
Darrell
The directives are for tuning both single and multiprocessor systems.
They
are not meant as a tradeoff. Some multiprocessor systems do not exhibit
the
reported sleep for 30 seconds behavior. We have not been able to
reproduce
it ourselves.
I can produce it on my machine even on version
Also, any emails that are mime/base64 encoded should be mime decoded by the
AV scanner. I know mcafee has that option which we enable.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
David,
Any progress on the issues we seen under multi-processor environments?
Darrell
David Barker writes:
If you are running the Declude Beta please upgrade to 3.0.3.8 and send
feedback to [EMAIL PROTECTED]
David B
www.declude.com
---
This E-mail came from the Declude.Virus mailing
Grant,
Their is nothing native to Declude to prevent that - the only real option
besides something custom is to limit the size at the imail layer.
Darrell
InvURIBL - Intelligent URL filtering - stops 85% of spam with
]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, July 08, 2005 9:13 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Limit Size of message to be scanned?
Grant,
Their is nothing native to Declude to prevent that - the only real option
besides
]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, July 08, 2005 9:34 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Limit Size of message to be scanned?
Grant,
What I do is set the Single Message Size under the domain. The limit I
have in place
Slap on the wrist and his friends got paid for turning him in... Looks like
a win-win for all of them.
Darrell
John Tolmachoff (Lists) writes:
So the virus writer got a slap on the wrist. Boy, that will sure send a
message to would be virus writers.
John T
eServices For You
See - http://www.mail-archive.com/declude.junkmail@declude.com/msg24938.html
I posted about this issue a couple of times. We are currently waiting on a
fix - but this is the cause from what I can see from the debug logs.
Darrell
---
invURIBL -
FYI - For those who have not seen this and are running ClamAV.
05.26.8 CVE: CAN-2005-1923
Platform: Cross Platform
Title: ClamAV Cabinet File Parsing Remote Denial of Service
Description: ClamAV is a virus scanning utility. ClamAV is affected by a
remote denial of service issue. ClamAV
Dan,
I have been running 2.0.6 with no major issues that plague me on a daily
basis. The only issue I have encountered is when the server is under high
load and Declude spawns processes until the server starts generating errors.
Since I upgraded the server it doesnt happen very often.
For
If you are using Imail just add it into the SMTP Access Control List. This
will block them from connecting to them.
Darrell
--
DLAnalyzer - Comprehensive reporting for Declude Junkmail and SPAM. Try it
today http://www.dlanalyzer.com
Susan Duncan
Kevin,
You would place that in your virus.cfg file.
Darrell
-
DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus. Try it
today - http://www.invariantsystems.com
Kevin Rogers writes:
Should I put AVAFTERJM ON in my
Another MyTob variant is out. F-Prot is catching it but Mcafee is not.
Mcafee does have an extra.dat for it.
The file is coming in as info-text.zip.
Darrell
DLAnalyzer - Comprehensive reporting on Declude Junkmail
John,
What do the filenames appear to be - any pattern either filename, subject,
body content etc?
Darrell
John Tolmachoff (Lists) writes:
One of the servers I manage is getting hit with lots of messages being
caught with banned exe within zip.
They are coming from different IPs
a mass-mailing virus. Declude defaults to BANCSLID ON which may or may
not protect from such an attack. Some CSLID calls are entire valid and
normal for Outlook/Office generated E-mails, and I'm not totally sure
Plus the other question is does Declude look for the CSLID calls in files in
My thoughts are this - a virus is a virus and a vulnerability is a
vulnerability. My expectation is that if a virus is detected than the other
scanners will not be called. However, if a vulnerability is detected the
scanners will execute until such time a virus is found.
Maybe two switches -
Does declude virus need any modification as
such?
No...
Darrell
---invURIBL - Intelligent URI
Filtering. Stops 85%+ SPAM with the defaultconfiguration. Download a
copy today - http://www.invariantsystems.com
Alex,
Also make sure you add their mail servers address in the relay for ip
address options in smtp..
Everything else you mentioned from the Declude side is correct and what we
do.
Darrell
-
invURIBL - Intelligent URI filtering plug-in for Declude.
Matt,
I am seeing the same thing - but my server (this one) is way more loaded
than it should. Scanner 2 is F-Prot as you can see there is an excessive
amount of time when this issue occurs. It was so bad that I ended up
disabling F-Prot until I can get to the bottom of this.
Darrell
Title: Message
Andrew,
During your test what did the CPU look like was it
a solid 100%? I have not ran the test, but on my mail server when I was
seeing the issue live it was 100%.
Darrell
---DLAnalyzer - Comprehensive
reporting for Declude Junkmail
In the last 24 hours I have seen F-Prot start to use an excessive amount of
CPU. Normally it very rarely shows up in task manager and now it has been
using a considerable amount of CPU.
Thoughts?
Darrell
Comprehensive Declude Virus and
saw F-Prot time out 3 times today in my logs, and I can't
remember that ever happening before. McAfee didn't time out
once, and that's usually the first to go. Maybe this
explains the issue. I think it's time to so some performance
monitoring to see what is up.
Matt
Darrell ([EMAIL
/PANALYZE - Turn on program heuristics.
I have been running this switch for a while and
have not seen any issues with it. I turned it on as a result of the jpeg
exploit - see http://www.mail-archive.com/declude.virus@declude.com/msg10831.html
Darrell
improved. If a virus is found with scanner 1, I'd like an option to avoid
calling later scanners. While it's good for comparison sakes, if a virus
is found, I don't need 2 other programs to confirm that.
I'd also like to have the PRESCAN ON/OFF setting moved within the virus
scanner definitions. I
Not that this solves the issue, but what if you installed Sophos first?
Darrell
invURIBL - Intelligent URI Filtering for Declude Junkmail. Blocks 85% of
SPAM with the default configurations. Try it out -
http://www.invariantsystems.com
Aaron
Without the attachments.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
DLAnalyzer 4.1.0 has been released. Version 4.1.0 is compatible with the
enhanced logging changes introduced with Declude version 4.0.6.
DLAnalyzer is a comprehensive reporting tool that integrates both Junkmail
and Virus statistics into one report. Some of the features require the
Mark,
As one of the testers I can say 2.0.6 is for Imail as well.
Darrell
Mark E. Smith writes:
Will this version work with iMail as well?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, March 25, 2005 9:48 AM
To:
I am seeing it detected as Bagle.BL by F-Prot. It is not being detected
by Mcafee right now.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue
Title: F-prot help
Mark,
When you say "on access is set to on" and then
below that you mentioned the realtime scanner was not installed. Do you
have an on access virus scanner running? Even one other than F-Prot that
may be scanning your server?
Darrell
Thomas,
The line you are looking for is the "Last Action"
line. The line you posted means the message triggered the ipnotinmx test
which normally is not used to punish messages. This message had a total
weight of -5. From the information provided Declude did not toss that
message. You need
Yes it does.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log
Parsers.
Chris Hunt writes:
My company is
1 - 100 of 108 matches
Mail list logo
