Is there a way for Declude to stop checking for the GDI Vulnerability and
rely on F-Prot?
I went to 1.8 and we found that MANY JPG photos were being caught as false
positives.
Mark Smith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came
Title: Lines in the virus.cfg file
I was looking through my virus.cfg and I noticed the following:
# The SKIPEXT option will let you skip scanning of certain file extensions. For
# example, a GIF file can't contain a virus, so there is no need to scan it.
#
SKIPEXT GIF
SKIPEXT TXT
Can we advise anyone sending pictures from a MAC to zip them? Change the
extension? Would either solution bypass the scanning?
Changing the extension or zipping them would bypass the scanning.
-Scott
---
Declude JunkMail: The advanced anti-spam
Ok, maybe it's just me but something seems funky. Given that 99% of the
jpg's will go through no problem and the other 1% will be caught, that means
the 1% are unique in some way, shape or form. They are detectable which
declude virus does and other virus packages do if you scan all files.
In
Doug,
The fault is in the detection test not the JPG.
And in the fact that this Vulnerability is so new that there has not
been the usual time for careful testing before this test was released.
(This is also why the test is found in an interim not a fully tested
release.) Scott got us a
I should eliminate (comment out) at least the JPG line right away.
The new test (when it's fully ready) provides a great safty net to
backup the AV programs. The new test will ignore these lines and bad
JPEGs will be caught.
The test is available by install a new interim version of Declude.
When you release next fix, can you add the ability to disable this test from
inside of declude and rely on the AV software?
It killed our photos department yesterday... :)
Mark Smith
Associated Press
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Testing Declude 1.80 with the test emails on Declude.com, I'm having an
issue with Vulnerabilities. Declude AV catches the Vulnerability and sends
the Recipient Email as expected. But the original message is also
delivered. If I revert back to Declude 1.79 the original message is not
delivered,
When you release next fix, can you add the ability to disable this test from
inside of declude and rely on the AV software?
We probably will, but there should be no legitimate reason for JPEGs to
contain the exploit.
The issue is that Microsoft's algorithm for detecting them was bad. Our
Scott,
Any idea on ETA for the new algorithm? Also, will this be an interim,
release, or beta?
Jim Matuska Jr.
Computer Tech II
CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday,
I upgraded Declude to 1.80 two days ago.
Today IMail has been logging the following error:
09:30 14:46 SMTP-(0714) ERR 005 - Send message thread exception handled
I wonder if that error could be related to Declude new version.
Any suggestions?
Mario Antonio
---
[This e-mail was scanned
How about adding per domain too.. for the pro..
ie, in virus_domains.txt do:
DOMAINON / OFF / INONLY / OUTONLY
ADD:
DOMAIN FILEX.CFG
and in x.cfg have the standard:
Skipext, Banext, Prescan, Ban Options, Footer, Delivererrors,Delete options,
which overwrite the standard
I upgraded Declude to 1.80 two days ago.
Today IMail has been logging the following error:
09:30 14:46 SMTP-(0714) ERR 005 - Send message thread exception handled
I wonder if that error could be related to Declude new version.
That shouldn't have anything to do with Declude. However, to be
How about adding per domain too.. for the pro..
DOMAIN FILEX.CFG
and in x.cfg have the standard:
Skipext, Banext, Prescan, Ban Options, Footer, Delivererrors,Delete
options, which overwrite the standard
settings in virus.cfg just for that domain.
We do have enhanced
I thought it might be because of these errors in the Declude Virus logs -
the first line occurs 25 times or so, then the Time Out -
log snip
ERROR: Could not move virus-infected E-mail! Code: 3 0
Are there other numbers on that line?
That line indicates a Windows Path not found error, which
R. Scott Perry wrote:
We probably will, but there should be no legitimate reason for JPEGs
to contain the exploit.
The issue is that Microsoft's algorithm for detecting them was bad.
Our algorithm should be perfect.
If you provided a switch for all such vulnerabilities, then we wouldn't
have
And not to upset anyone, how long does it take
it to make it to production or beta?
I noticed this has been in the Suggestion Database for
almost two years.
---
From: R. Scott Perry
Subject: Re: [Declude.Virus] Customized Footer for domain
Date: Thu, 19 Dec 2002
And not to upset anyone, how long does it take
it to make it to production or beta?
I noticed this has been in the Suggestion Database for
almost two years.
It is important to realize that the suggestion database is not a list of
features for the next release. It is as the name implies -- a
This is part of the logs:
IMAIL
=
09:30 11:15 SMTP-(07DC2889) processing d:\IMAIL\spool\Q22f30bf500ec93c4.SMD
09:30 11:15 SMTP-(07DC2889) ERR 005 - Send message thread exception handled
DECLUDE
===
09/30/2004 11:15:01 Q22f30bf500ec93c4 MIME file:
[text/html][quoted-printable;
Are there other numbers on that line?
That line indicates a Windows Path not found error, which would suggest
that your VIRDIR option is not set correctly (in the
\IMail\Declude\virus.cfg file).
The entire line is -
09/30/2004 12:18:26 Q31ad047f00a465ac ERROR: Could not move virus-infected
09:30 11:15 SMTP-(07DC2889) processing d:\IMAIL\spool\Q22f30bf500ec93c4.SMD
09:30 11:15 SMTP-(07DC2889) ERR 005 - Send message thread exception handled
I would recommend letting Ipswitch know about this (assuming you are
running the latest version of IMail) -- it appears to be an issue with
Is there a test yet? I would really like to know if we are atleast
protected by email.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 30, 2004 2:21 PM
Subject: Re: [Declude.Virus] GDI false Postive
And not to upset anyone,
I note a new interim version - Does this fix the GDI false Postive issue?
Thursday, September 30, 2004 3:27 PM 506785 Declude.exe
P
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
Thanks a lot for your prompt answer.
After troubleshooting I find that there is just one particular email with an
special format that makes the queue manager crash. First time I have seen
that happens in our server. will you be willing to take a look at these
files (header file and Queue file)
After troubleshooting I find that there is just one particular email with an
special format that makes the queue manager crash. First time I have seen
that happens in our server. will you be willing to take a look at these
files (header file and Queue file) to see if there is something special
Is IMail installed in D:\IMail or E:\IMail? It looks like it is installed
in E:\IMail, but Declude Virus is trying to move the E-mail to a
non-existent D:\IMAIL\spool\virus\ directory (which would occur if the
VIRDIR option in the virus.cfg file pointed to the D: drive).
Thanks Scott. iMail
Thanks Scott. iMail is installed in D, the spool is in E. I'll
double-check that the config file and the Registry are in synch, but I
don't
have any problem when running 1.79, only with 1.80 - AFAIK.
I confirmed that iMail is installed in D:\imail and the spool and logs are
E:\imail\spool.
27 matches
Mail list logo
