RE: [Declude.Virus] RAR Support - why not?
Andy, Someone posted on this list a while ago a small ASP page that I am using to requeue a banned file. I send out a bannotify.eml what has the link back to the server with the appropriate file name. The user says I really really want this file and clicks on the link. It gets requeued automatically into the spool directory and it is not scanned/banned again and the user gets it within 30 minutes. I remember that there was some discussion on the list a while ago about having the users authenticate and fill in a form etc. I decided not to bother with that. I can send you my bannotify.eml and the asp file if you wish. Let me know Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, January 27, 2005 6:27 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? 1.82 will treat encrypted .RAR files the same as encrypted .ZIP files, and will block banned file extensions in .RAR files the same way as it blocks banned file extensions in .ZIP files. Beautiful! Now we just need McAfee to scan inside RAR files G (Globally banning zipped .EXE files is not an option for me - I gotta give those customers SOME practical way to send/receive restricted file types.) Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Foto.rar
Another variation - came with a foto.rar attachment. Received: from host46.ipowerweb.com [66.235.216.140] by hm-software.com (SMTPD32-8.14) id A70B620D0124; Fri, 28 Jan 2005 14:48:27 -0500 Received: from riqotscr (168.113.230.53) by host46.ipowerweb.com; Fri, 28 Jan 2005 11:48:22 -0800 Message-ID: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: photo Date: Fri, 28 Jan 2005 11:48:22 -0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0091_01C4F282.E483B826 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Declude: Version 1.82; D970a620d01240fca.SMD from host46.ipowerweb.com [66.235.216.140] X-Declude: Triggered [0] WEIGHTSNIFFER X-Countries: UNITED STATES-[ARIN Unlisted]-destination Return-Path: [EMAIL PROTECTED] X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 406759401 Hi Pete! My porn photo, only for you ;) With love, Alice. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] RAR Support - why not?
Hi Goran: Oh, I've been thinking about just that. However does that mean you hold all virus files? I don't think I could afford the additional disk space (the spool file is already too big as it is.) Best Regards Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, January 28, 2005 12:48 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? Andy, Someone posted on this list a while ago a small ASP page that I am using to requeue a banned file. I send out a bannotify.eml what has the link back to the server with the appropriate file name. The user says I really really want this file and clicks on the link. It gets requeued automatically into the spool directory and it is not scanned/banned again and the user gets it within 30 minutes. I remember that there was some discussion on the list a while ago about having the users authenticate and fill in a form etc. I decided not to bother with that. I can send you my bannotify.eml and the asp file if you wish. Let me know Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, January 27, 2005 6:27 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? 1.82 will treat encrypted .RAR files the same as encrypted .ZIP files, and will block banned file extensions in .RAR files the same way as it blocks banned file extensions in .ZIP files. Beautiful! Now we just need McAfee to scan inside RAR files G (Globally banning zipped .EXE files is not an option for me - I gotta give those customers SOME practical way to send/receive restricted file types.) Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] RAR Support - why not?
Hi Andy, Yes I keep all virus files VIRDIR spool\virus But I have a process that runs every night and cleans out the 6th day of files. That way I only hold 5 days of files. Right now in my spool\virus directory I have 2818 files which is 1409 mail messages. Total space of 27.7 MB. Of course your mail system is MUCH bigger than mine if memory serves me correctly. Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, January 28, 2005 5:05 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? Hi Goran: Oh, I've been thinking about just that. However does that mean you hold all virus files? I don't think I could afford the additional disk space (the spool file is already too big as it is.) Best Regards Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, January 28, 2005 12:48 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? Andy, Someone posted on this list a while ago a small ASP page that I am using to requeue a banned file. I send out a bannotify.eml what has the link back to the server with the appropriate file name. The user says I really really want this file and clicks on the link. It gets requeued automatically into the spool directory and it is not scanned/banned again and the user gets it within 30 minutes. I remember that there was some discussion on the list a while ago about having the users authenticate and fill in a form etc. I decided not to bother with that. I can send you my bannotify.eml and the asp file if you wish. Let me know Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, January 27, 2005 6:27 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? 1.82 will treat encrypted .RAR files the same as encrypted .ZIP files, and will block banned file extensions in .RAR files the same way as it blocks banned file extensions in .ZIP files. Beautiful! Now we just need McAfee to scan inside RAR files G (Globally banning zipped .EXE files is not an option for me - I gotta give those customers SOME practical way to send/receive restricted file types.) Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] RAR Support - why not?
Darin, What do you do with the old log files? Do you put them on another machine for processing/analysis/archiving? If you are archiving how long do you keep the data? Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, January 28, 2005 5:15 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] RAR Support - why not? Notices only go out for banned files. We include a statement that the email will be available to be requeued for x number of days...so automatic processes clean it up if it's unclaimed. Regarding the space problem, are you moving logs off to another partition on a nightly basis? Between that, automatic cleanup, and zipping old logs ours stays pretty clean. Darin. - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Friday, January 28, 2005 5:05 PM Subject: RE: [Declude.Virus] RAR Support - why not? Hi Goran: Oh, I've been thinking about just that. However does that mean you hold all virus files? I don't think I could afford the additional disk space (the spool file is already too big as it is.) Best Regards Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, January 28, 2005 12:48 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? Andy, Someone posted on this list a while ago a small ASP page that I am using to requeue a banned file. I send out a bannotify.eml what has the link back to the server with the appropriate file name. The user says I really really want this file and clicks on the link. It gets requeued automatically into the spool directory and it is not scanned/banned again and the user gets it within 30 minutes. I remember that there was some discussion on the list a while ago about having the users authenticate and fill in a form etc. I decided not to bother with that. I can send you my bannotify.eml and the asp file if you wish. Let me know Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, January 27, 2005 6:27 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? 1.82 will treat encrypted .RAR files the same as encrypted .ZIP files, and will block banned file extensions in .RAR files the same way as it blocks banned file extensions in .ZIP files. Beautiful! Now we just need McAfee to scan inside RAR files G (Globally banning zipped .EXE files is not an option for me - I gotta give those customers SOME practical way to send/receive restricted file types.) Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] RAR Support - why not?
I may have to start doing that. I used to be able to keep 30 days of logs - but volume, dictionary attacks and SPAM volume are making it increasingly difficult. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, January 28, 2005 05:15 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] RAR Support - why not? Notices only go out for banned files. We include a statement that the email will be available to be requeued for x number of days...so automatic processes clean it up if it's unclaimed. Regarding the space problem, are you moving logs off to another partition on a nightly basis? Between that, automatic cleanup, and zipping old logs ours stays pretty clean. Darin. - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Friday, January 28, 2005 5:05 PM Subject: RE: [Declude.Virus] RAR Support - why not? Hi Goran: Oh, I've been thinking about just that. However does that mean you hold all virus files? I don't think I could afford the additional disk space (the spool file is already too big as it is.) Best Regards Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, January 28, 2005 12:48 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? Andy, Someone posted on this list a while ago a small ASP page that I am using to requeue a banned file. I send out a bannotify.eml what has the link back to the server with the appropriate file name. The user says I really really want this file and clicks on the link. It gets requeued automatically into the spool directory and it is not scanned/banned again and the user gets it within 30 minutes. I remember that there was some discussion on the list a while ago about having the users authenticate and fill in a form etc. I decided not to bother with that. I can send you my bannotify.eml and the asp file if you wish. Let me know Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, January 27, 2005 6:27 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? 1.82 will treat encrypted .RAR files the same as encrypted .ZIP files, and will block banned file extensions in .RAR files the same way as it blocks banned file extensions in .ZIP files. Beautiful! Now we just need McAfee to scan inside RAR files G (Globally banning zipped .EXE files is not an option for me - I gotta give those customers SOME practical way to send/receive restricted file types.) Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] RAR Support - why not?
Yeah...we had to do it previously due to log storage. It was a good thing we did it when there was still plenty of room as our logs doubled in size last November from a sudden increase in spam and dictionary attacks. Over a span of two days we went from 80% to 95% spam for about three weeks before it settled back down to around 90% spam...and stayed there. Darin. - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Friday, January 28, 2005 5:28 PM Subject: RE: [Declude.Virus] RAR Support - why not? I may have to start doing that. I used to be able to keep 30 days of logs - but volume, dictionary attacks and SPAM volume are making it increasingly difficult. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, January 28, 2005 05:15 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] RAR Support - why not? Notices only go out for banned files. We include a statement that the email will be available to be requeued for x number of days...so automatic processes clean it up if it's unclaimed. Regarding the space problem, are you moving logs off to another partition on a nightly basis? Between that, automatic cleanup, and zipping old logs ours stays pretty clean. Darin. - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Friday, January 28, 2005 5:05 PM Subject: RE: [Declude.Virus] RAR Support - why not? Hi Goran: Oh, I've been thinking about just that. However does that mean you hold all virus files? I don't think I could afford the additional disk space (the spool file is already too big as it is.) Best Regards Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, January 28, 2005 12:48 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? Andy, Someone posted on this list a while ago a small ASP page that I am using to requeue a banned file. I send out a bannotify.eml what has the link back to the server with the appropriate file name. The user says I really really want this file and clicks on the link. It gets requeued automatically into the spool directory and it is not scanned/banned again and the user gets it within 30 minutes. I remember that there was some discussion on the list a while ago about having the users authenticate and fill in a form etc. I decided not to bother with that. I can send you my bannotify.eml and the asp file if you wish. Let me know Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, January 27, 2005 6:27 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? 1.82 will treat encrypted .RAR files the same as encrypted .ZIP files, and will block banned file extensions in .RAR files the same way as it blocks banned file extensions in .ZIP files. Beautiful! Now we just need McAfee to scan inside RAR files G (Globally banning zipped .EXE files is not an option for me - I gotta give those customers SOME practical way to send/receive restricted file types.) Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.
RE: [Declude.Virus] Foto.rar
McAfee calls it: MultiDropper-IY an Extra.dat is available. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, January 28, 2005 04:39 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Foto.rar Another variation - came with a foto.rar attachment. Received: from host46.ipowerweb.com [66.235.216.140] by hm-software.com (SMTPD32-8.14) id A70B620D0124; Fri, 28 Jan 2005 14:48:27 -0500 Received: from riqotscr (168.113.230.53) by host46.ipowerweb.com; Fri, 28 Jan 2005 11:48:22 -0800 Message-ID: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: photo Date: Fri, 28 Jan 2005 11:48:22 -0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0091_01C4F282.E483B826 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Declude: Version 1.82; D970a620d01240fca.SMD from host46.ipowerweb.com [66.235.216.140] X-Declude: Triggered [0] WEIGHTSNIFFER X-Countries: UNITED STATES-[ARIN Unlisted]-destination Return-Path: [EMAIL PROTECTED] X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 406759401 Hi Pete! My porn photo, only for you ;) With love, Alice. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] RAR Support - why not?
My log files go to a separate directory (partition if available) and are zipped either weekly or monthly depending on size and when there are enough they get burned to CD then deleted. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, January 28, 2005 2:24 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? Darin, What do you do with the old log files? Do you put them on another machine for processing/analysis/archiving? If you are archiving how long do you keep the data? Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, January 28, 2005 5:15 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] RAR Support - why not? Notices only go out for banned files. We include a statement that the email will be available to be requeued for x number of days...so automatic processes clean it up if it's unclaimed. Regarding the space problem, are you moving logs off to another partition on a nightly basis? Between that, automatic cleanup, and zipping old logs ours stays pretty clean. Darin. - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Friday, January 28, 2005 5:05 PM Subject: RE: [Declude.Virus] RAR Support - why not? Hi Goran: Oh, I've been thinking about just that. However does that mean you hold all virus files? I don't think I could afford the additional disk space (the spool file is already too big as it is.) Best Regards Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, January 28, 2005 12:48 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? Andy, Someone posted on this list a while ago a small ASP page that I am using to requeue a banned file. I send out a bannotify.eml what has the link back to the server with the appropriate file name. The user says I really really want this file and clicks on the link. It gets requeued automatically into the spool directory and it is not scanned/banned again and the user gets it within 30 minutes. I remember that there was some discussion on the list a while ago about having the users authenticate and fill in a form etc. I decided not to bother with that. I can send you my bannotify.eml and the asp file if you wish. Let me know Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, January 27, 2005 6:27 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? 1.82 will treat encrypted .RAR files the same as encrypted .ZIP files, and will block banned file extensions in .RAR files the same way as it blocks banned file extensions in .ZIP files. Beautiful! Now we just need McAfee to scan inside RAR files G (Globally banning zipped .EXE files is not an option for me - I gotta give those customers SOME practical way to send/receive restricted file types.) Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an
