[Declude.Virus] Funny how....
[EMAIL PROTECTED] is used only as a recipient for Declude Virus and now its getting (attempted) viruses. I thought the Badtrans was done but maybe some domains are slow ;) Chris === To: [EMAIL PROTECTED] Subject: virus detected Declude Virus v1.29 caught the : W32/Badtrans.B@mm virus in New_Napster_Site.MP3.pif from [EMAIL PROTECTED] to: [EMAIL PROTECTED] Date: 12/11/2001 06:46:49 Subject:Re: WARNING: YOU MAY HAVE A VIRUS Spool File: Df22714a.SMD --- [This E-mail scanned for viruses by Declude/F-Prot Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Funny how....
I've added %HEADERS% to my postmaster email as I've had several badtrans that have used the recipient address as the sender address . -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chris Hunt Sent: Tuesday, December 11, 2001 7:14 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Funny how [EMAIL PROTECTED] is used only as a recipient for Declude Virus and now its getting (attempted) viruses. I thought the Badtrans was done but maybe some domains are slow ;) Chris === To: [EMAIL PROTECTED] Subject: virus detected Declude Virus v1.29 caught the : W32/Badtrans.B@mm virus in New_Napster_Site.MP3.pif from [EMAIL PROTECTED] to: [EMAIL PROTECTED] Date: 12/11/2001 06:46:49 Subject:Re: WARNING: YOU MAY HAVE A VIRUS Spool File: Df22714a.SMD --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] vir####.log analyzer ?
I'm wondering if anybody has a utility that will process the vir.log that is produced to provide useful statistics on the types of viruses received as well as the number (and maybe even sender/recipient info). Has this been done by anybody yet? Mike Tindor 1st.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Where is the virus information in vir####.log
That is all I se as well. I was just about to respond to your last email and say that I was in the middle of writing an asp app to check the logs and report on viruses. I guess we are waiting on the gret Mr. R. Scott Perry for this one -- Original Message -- From: FIRST Internet Declude Virus Account [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 11 Dec 2001 09:16:08 -0500 Am I missing something? In the past I thought that the vir.log actually listed the names of the viruses found - but I am not seeing this. All I am seeing are generic messages such as '12/09/2001 21:57:49 Q249e036 File(s) are INFECTED [3]' Is this a result of using the PRESCAN, or is it something else? Am I just imagining things when I think I saw actual itemization of viruses in the vir.log file in the past? Mike Tindor 1st.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . Sent via the WebMail system at lohrtech.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Where is the virus information invir####.log
Am I missing something? In the past I thought that the vir.log actually listed the names of the viruses found - but I am not seeing this. All I am seeing are generic messages such as '12/09/2001 21:57:49 Q249e036 File(s) are INFECTED [3]' Is this a result of using the PRESCAN, or is it something else? Am I just imagining things when I think I saw actual itemization of viruses in the vir.log file in the past? You need to be using LOGLEVEL MID or LOGLEVEL HIGH to see the name of the virus, and the attachment that it was in. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
MISSING_REVERSE_DNS:RE: [Declude.Virus] Where is the virus information in vir####.log
First you need to change declude configuration to give you more info. Look for X:\Imail\declude\virus.cfg and make sure logging is set to mid. # The in the LOGFILE option automatically gets replaced with the month/date LOGFILE D:\IMail\spool\vir.log LOGLEVEL MID CONSOLEOFF Also make sure that you have the correct SCANFILE directive. I use McAffee so this is what I have. (note: SCANFILE through /REPORT report.txt must be on the same line.) # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. SCANFILE C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP /UNZIP /SILENT /NODDA /PANALYZE /REPORT report.txt VIRUSCODE 13 REPORT Found And finally I wrote an NT command script that parses your mail and virus logs to create a summary that is mailed to the address of your choice every morning for the previous day. The only other software you need for it to work is DOMLIST.EXE from the IPswitch Imail website under free tools. Best regards, Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of FIRST Internet Declude Virus Account Sent: Tuesday, December 11, 2001 9:16 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Where is the virus information in vir.log Am I missing something? In the past I thought that the vir.log actually listed the names of the viruses found - but I am not seeing this. All I am seeing are generic messages such as '12/09/2001 21:57:49 Q249e036 File(s) are INFECTED [3]' Is this a result of using the PRESCAN, or is it something else? Am I just imagining things when I think I saw actual itemization of viruses in the vir.log file in the past? Mike Tindor 1st.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . Usage1-1.zip Description: Zip compressed data
DSN:Re: [Declude.Virus] vir####.log analyzer ?
A simple virus log file analyizer can be found at the addresses below. Note in the Declude virus.cfg file the LOGLEVEL must be set to MID to report the virus names. Stu CSOnline System Administrator An update to the Virus Log File Analyzer previously listed has been posted. Version 1.2 deals with: Deals with an issue where some log files did not contain a : after the virus= in the log file. It allows for the selection of multiple files at one time. There is a read me file included that can be viewed by clicking on help. For those that have already installed the program or have VB on their systems the new exe and read me file can be found at http://www.csonline.net/imailstuff/VirusLog_v12_StandAlone.zip For those that may need the complete install program this can be found at http://www.csonline.net/imailstuff/VirusLogAnalyzer12_Setup.zip Stu At 09:10 AM 12/11/2001 -0500, you wrote: I'm wondering if anybody has a utility that will process the vir.log that is produced to provide useful statistics on the types of viruses received as well as the number (and maybe even sender/recipient info). Has this been done by anybody yet? Mike Tindor 1st.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . At 09:10 AM 12/11/2001 -0500, you wrote: I'm wondering if anybody has a utility that will process the vir.log that is produced to provide useful statistics on the types of viruses received as well as the number (and maybe even sender/recipient info). Has this been done by anybody yet? Mike Tindor 1st.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] f-prot server and termserv
Every time I logon on my Win2k server running f-prot with TermServ the realtime protector comes on. My scheduler seems to be working. Anyone know how to make the realtime protector stay off? Terry --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
