I'm feeling lonely here...like I'm talking to myself...
Could someone PLEASE check the %RECIPHOST% and %REMOTEHOST% variables in your
email notification on 3.0.6 just to make sure it's not me for some
reason.
You don't have to mess with your active notifications. Just put
another .eml file in
Thanks to all.
I have a PF gateway in front of Imail and Hop to 1 in JM so maybe that
could explain why my REMOTEHOST isn't working (even though it did in
1.x-2.x) but it looks like my RECIPHOST problem is not just me...whew.
Wednesday, March 8, 2006, 12:24:18 PM, you wrote:
SF Remotehost Yes.
Hello Markus,
Looks like your REMOTEHOST is working to. Try your RECIPHOST.
I think we saw something about 3.0.6 on the list here. Not much
fanfare.
-David
Wednesday, March 8, 2006, 12:26:50 PM, you wrote:
MG Sorry, David hadn't had time to read latest postings on this list.
MG On my servers
Hello Markus,
LOCALHOST would be Imail's Host Name, RECIPHOST would be the domain of
the recipient.
-David
Wednesday, March 8, 2006, 12:35:02 PM, you wrote:
MG I use %LOCALHOST% in my postmaster.eml file. As I understand this should be
MG the same, or not?
MG Markus
---
This E-mail came
Thursday, September 22, 2005, 9:01:37 AM, you wrote:
Dsic AVAFTERJM ON goes in the virus.cfg file and it makes AV run after JM as
Dsic you suspected. Several of us run this mode for the reason you cited. The
Dsic only deal you have to remember is if something is trapped by JM and you
put
Dsic
Friday, September 23, 2005, 12:17:32 PM, you wrote:
M You could write something to the message that Declude JunkMail was set
M to whitelist, and then copy the D*.smd file to the spool and the Q*.smd
That's a great idea. Something innocuous in the headers as a whitelist
key. Rather than just
Matt,
Is it possible to call declude.exe with the path to another folder
containing the Q/D?
M The one issue with calling declude.exe directly is that you don't want
M the Q*.smd file to be in the spool, otherwise IMail's Queue Manager can
M steal it, though that would only cause an error in
Anybody know if this is cause for concern:
06/22/2005 11:47:00 Q87f41a41009eef86 Warning: Caught a MIME boundary in a
broken uuencoded segment
--
Best regards,
David mailto:[EMAIL PROTECTED]
---
This E-mail came from the Declude.Virus mailing list. To
Hello Terry,
Sunday, June 5, 2005, 8:14:04 AM, you wrote:
It took a reboot of both machines to fix the problem. On one I had 288
process running which fouls everything else up. Clam is SCANNER2
Any ideas?
TF What did the runclamscan log report if anything? What kind of times
TF are
Hello Scott,
Saturday, June 4, 2005, 7:08:02 PM, you wrote:
SF I also use Terry's runclamscan with no issues.
SF I have had rare email melt downs when I was running runclamd. I could never
SF pin it firmly on anything. So I stopped the runclamd to see how it handles.
So you're saying you use
TF What did the runclamscan log report if anything? What kind of times
TF are you seeing in it for the actual scanning?
I do have some weird log lines on one of the machines:
06-04-2005 13:48:35 0.4840,0.015,0.469 HTML.Phishing.Pay-39 65 0
06-04-2005 13:49:02 0.2660,0.031,0.235
TF These exist because the scanner never completed and the files are
TF owned by SYSTEM. You'll have to select them - right click - and
TF change the owner to your Admin account so you can then change the
TF permissions to delete them.
So, it looks like the genesis of the problem is
Hello Terry,
Monday, June 6, 2005, 3:39:42 PM, you wrote:
it looks like the genesis of the problem is that clam started
timing out.
TF It may be but I haven't been able to force it to happen so far. For
TF me this is the first instance of this in more than one year.
TF I am suspicious
Hello Terry,
TF Normally the service establishes a socket - meaning a hole punched
TF through the OS - to allow such communication to occur. However, for
TF ClamD in the configuration file there is an option to bind the
TF service to a specific IP address and a specific port assignment.
Hello Scott,
Friday, June 3, 2005, 10:48:47 PM, you wrote:
SF One last ClamAV comment...
SF I've added the command line switch --max-ratio 0
SF I've had some false positives on some .zip files that forced me to add the
SF switch.
Thanks for the info. I've been running clam now with Terry's
Hello Terry,
TF ClamAV -
TF http://www.sosdg.org/clamav-win32/index.php
TF Get my utilities: runclamd, runclamdscan
TF http://www.smartbusiness.com/imail/declude/
TF Set up a scheduled task to periodically run freshclam to keep the
TF database update.
TF Works extremely well for us.
Thanks,
Looks like I have clam up and running. I'm testing it as my primary
scanner to make sure it catches viruses and all looks good so far. It
looks like it takes about as much CPU as FProt.
I have Rundclamd running as a service under LocalSystem. Should I
set the startup type to Automatic or leave it
How can I figure out if freshclam is grabbing the latest defs?
--
Best regards,
Davidmailto:[EMAIL PROTECTED]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.
Hello Terry,
Friday, June 3, 2005, 3:26:33 PM, you wrote:
How can I figure out if freshclam is grabbing the latest defs?
TF I set up a scheduled task update_clamav to run every 2 hours or so:
TF start in: c:\clamav-devel\bin\
TF run: freshclam.exe --quiet -l c:\clamav-devel\log\freshclam.log
What happened:
Everything was flowing along beautifully, then all of a sudden I got
this:
06/03/2005 16:30:54 Qbdc2591500a28e52 ERROR: Virus scanner 2 didn't finish
after 60 seconds; terminating.
06/03/2005 16:30:54 Qbdc2591500a28e52 WARNING: Couldn't remove .vir directory
I know this comes up every now and then, but the last thread I can
find is from May 2004.
I was interested in what folks were using as a second scanner aside
from F-Prot. I've heard AVG is good but slow, Kaspersky fast with
updates but expensive, MacAfee good but hard to get a command line.
I
Hello R.,
Thursday, February 3, 2005, 8:24:35 PM, you wrote:
RSP Do you have a gateway in front of your mailserver? Comparing the two log
RSP file snippets, they showed the plaintext segment ending in different
RSP places, which would suggest that they were scanning two different
RSP E-mails.
Hello R.,
Friday, February 4, 2005, 10:26:29 AM, you wrote:
Yes, we have a PF gateway on the front end. I thought of that
originally but PF doesn't do anything to modify messages that get past
it's basic blocking.
RSP Are you positive? I've seen PF modify E-mail headers, such as adding a
RSP
Hello R.,
Thursday, February 3, 2005, 3:45:24 PM, you wrote:
RSP As far as I can tell, Declude Virus is handling this properly. The E-mail
RSP is plain text, and therefore should not be scanned.
But the exact same email is getting scanned by Andrew. Do you see any
difference in the log files
Sorry to revive this old thread. But I just had a customer report that
22 is still getting through. Could someone that's catching this with
F-prot please share your configs. I've got Declude 1.82 F-Prot 3.16
with the following virus.cfg:
SCANFILE P:\Progra~1\fsi\f-prot\fpcmd.exe /TYPE /SILENT
MJ Nice work. Thanks for the contribution. This is one of the best benefits of
MJ the list.
Great comments in that virus.cfg file. Well, this took forever to
extract (couldn't copy from baregrep and couldn't sort with excel) but
here is the debug log from test 22. Looks like the scanner isn't
Hello R.,
Thursday, January 27, 2005, 6:21:06 PM, you wrote:
RSP How about 1.82? :)
Is 1.82 out? If so, do we need BANERAR like BANEZIPS?
--
Best regards,
Davidmailto:[EMAIL PROTECTED]
---
[This E-mail was scanned for viruses by Declude Virus
Hello David,
Monday, January 31, 2005, 1:17:08 PM, you wrote:
DS Hello R.,
DS Thursday, January 27, 2005, 6:21:06 PM, you wrote:
RSP How about 1.82? :)
DS Is 1.82 out? If so, do we need BANERAR like BANEZIPS?
Ok, I checked the Junkmail list and it looks like Declude is at 1.82
based on
Hello R.,
Monday, January 31, 2005, 2:56:53 PM, you wrote:
RSP For some reason, it is listed as something like SPAMHEADERS fix for
RSP v1.76+ on the website, rather than as v1.82.
Ah, ok. And 2.0 is being issued to release today?
Also, original question still holds. Do we need to make a
Hello Scott,
Monday, January 31, 2005, 3:18:16 PM, you wrote:
SF file. For example, if you have a line BANEXT EXE and BANZIPEXTS ON, then
SF .EXE files within .ZIP files will be blocked. You can also use BANEZIPEXTS
SF ON to do the same thing, but only applying to encrypted .ZIP files.
I block
Does anyone know a reason why .tiff should not be excluded from
scanning? I was going to add .tiff to my don't scan list. Didn't see
any know exploits using .tiff but thought it'd be a good idea to see
what everyone here thought.
--
Best regards,
David mailto:[EMAIL
Hello David,
Ok, back to my original problem ;-)
Is test 22 getting caught for anyone else? It was the only one that
slipped through my Declude setup.
I'm running 1.81 with F-prot and prescan off.
--
Best regards,
Davidmailto:[EMAIL PROTECTED]
---
[This E-mail
Hello William,
Monday, December 20, 2004, 9:34:55 AM, you wrote:
WS #22 was cuaght here., #17 not caught
I caught 17 with no problem. But 22 is STILL getting through. What
version of Declude are you running? What virus scanner?
--
Best regards,
Davidmailto:[EMAIL
I turned if off and it still got through.
Test #17: Eicar virus hidden using the CR Vulnerability (attachment can be
opened by all versions of Microsoft Outlook and Outlook Express)
RSP I just checked this one, and it got through here, too. I examined the raw
RSP source of the E-mail, and there
Can someone else test #22 at testvirus.org to see if it gets through.
I want to make sure I don't have something misconfigured that's
allowing it through. BTW - all others were stopped.
Test #22: Eicar virus within zip file hidden using the MIME Continuation
Vulnerability (attachment can be
Hello Jim,
Thursday, December 16, 2004, 2:39:22 PM, you wrote:
JM Caught it without any issues whatsoever.
What version you using?
--
Best regards,
Davidmailto:[EMAIL PROTECTED]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Hello Matt,
Wednesday, November 10, 2004, 2:41:59 PM, you wrote:
M is McAfee though, and turning PRESCAN OFF might soon become my only
M realistic choice. I'm going to guess that this might remove more than
M 25% of my system's capacity however, and that gets costly.
FYI - one of our boxes is
Is anyone else having a problem with this vulnerability in order
confirmations from TigerDirect? If so, how are you handling it since
there aren't any whitelist options for Vulnerabilities?
--
Best regards,
David mailto:[EMAIL PROTECTED]
---
[This E-mail was scanned
Hello Patrick,
Monday, May 3, 2004, 6:44:52 PM, you wrote:
PC Hello David,
BANEZIPEXTS ON
PC Sorry to jump in but just a couple of thoughts.
PC Are you running the Pro version of Declude? I don't think BANEZIPEXTS
PC works on the Standard version. Secondly, I believe, in special
PC
Hello R.,
Friday, April 30, 2004, 9:30:44 PM, you wrote:
RSP Note the directory P:\SPROTECT\Virus\ -- Trend is finding a virus that
RSP Declude Virus already found. :)
P:\SPROTECT\Virus\ is where Trend puts a virus after it finds one.
My default file for Declude to put viruses is L:\VirusTrap
Hello R.,
RSP Is it possible that that wasn't from an E-mail that came through Declude?
Unfortunately no, going through Imail/Declude is the only path this
mail server can receive email from.
--
Best regards,
Davidmailto:[EMAIL PROTECTED]
---
[This E-mail was
Should Declude be catching a ByteVerify exploit?
This came through Declude/F-Prot/Trend::
NetShield-4.6.0: The file CACHE1:\ETC\PROXY\CACHE\1B\8FCC389B.AAJ\bb.class was
infected with
Exploit-ByteVerify . The file was successfully cleaned with Scan engine version 4.2.40
DAT version 4.0.4350.
DC Hmmm...I hate having to turn off the footer for everyone just because of one
DC customers. Haven't run into it yet myself, but some people on this list
DC will probably run into the problem with having to pass encrypted zips for
DC one customer while banning them for everyone else...or similar
Hello Pete,
Friday, September 12, 2003, 2:27:22 PM, you wrote:
PM * Some systems do not have server based virus scanning.
Unwise but in some cases reality.
PM * We *may* be able to respond more quickly than some anti-virus
PM companies.
Yep, most likely.
PM * Non-viable versions of viruses
Hello R.,
Thursday, August 21, 2003, 2:59:18 PM, you wrote:
I did that with eicar and the On-Demand Scanner picked it up. However, when
I did it with Sobig.F, there was no attachment. Then I noticed that it was a
bounced message from another server (not using SKIPIFVIRUSNAMEHAS). I'm now
I just noticed on Declude site that it is compatible for use on a RAM drive.
Haven't used one of these since DOS but trying to squeeze every last bit of
performance out of Declude. Anyone doing this or have additional perfomance
tuning tips?
Thanks
-David
---
[This E-mail was scanned for
Hi,
If anybody is using this, please reply on list. We bought AVG but haven't
been able to set it up. Would appreciate any tips.
Thanks
David
Is anyone on the list using AVG with declude? If so I would like to know
what setup you are using and are you able to get AVG to report the Virus
47 matches
Mail list logo