The latest outbreak has caused me a great deal of backscatter. You sent a
banned file, virus in an attachment sent by you, undeliverables and so. I
am very hesitant to try to create rules in JM to stop all notices like this
because some of them are necessary. I've pretty much told the users to
I use a customized version of Mailpure's antiav filter. I then combo this
with a mailfrom-postmaster filter to add points when the bounce comes from a
postmaster.
- Original Message -
From: Marc Catuogno [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday, November 23,
Not OT, or?
Some months ago there was a similar situation.
I've set up a combination of 3 junkmail text filters.
The first to identify such warning messages by looking for strings like
found, identified, removed...
The second one looks for items like virus, worm, attach, file ...
The last one
virus.cfg:
BANEXT PIF
If you also want to block them in zips and encrypted zip:
BANZIPEXTS ON
BANEZIPEXTS ON
Uwe
- Original Message -
From: Dan Geiser [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday, November 23, 2005 3:26 PM
Subject: [Declude.Virus] Blocking PIF
Thanks, Uwe. Do you know if both of the below techniques work in with
Declude Virus Standard?
Thanks,
Dan
- Original Message -
From: Info Wind [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday, November 23, 2005 9:47 AM
Subject: Re: [Declude.Virus] Blocking PIF Files
If you also want to block them in zips and encrypted zip:
BANZIPEXTS ON
BANEZIPEXTS ON
Only works in Virus Pro. He said he has Virus Standard.
Darin.
- Original Message -
From: Info Wind [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday, November 23, 2005 9:47 AM
Here's a list compiled over the years of extensions we ban. The top two you
will want to consider your userbase before banning, the rest should be fine.
Note that we couple this with a banned file notification to the intended
recipient, which includes a link to requeue the file for delivery if it
Dan,
sorry, my information was perhaps not correct.
BANEXT PIF should run in Standard and Pro version.
Darin is more experient with this and he mailed that the
BANZIPEXTS/BANEZIPEXTS only run in the pro version.
Uwe
- Original Message -
From: Dan Geiser [EMAIL PROTECTED]
To:
Gary:
I got to looking and I don't see notices going out (with 3.0.5.20). Testing
by sending EICAR to myself, I found if I removed the SKIPIFFORGING line in
the recip.eml, the notice would go out -- but wouldn't if it was in place.
I don't think EICAR, being a test virus, is considered a forging
Actually I was talking about the notices from other postmasters - I have almost
no bounce messages, I don't notify on banned files and so on for just that very
reason.
-- Original Message --
From: Darin Cox [EMAIL PROTECTED]
Reply-To:
In the last 2 hours I can see something new.F-Prot is
catching it with result code 8 as unknown virusLooking
at the first examples:Subject: a random name like Alice, Emanuel,
Martha, Cybil, Ester, Body: empty htmlAttachment: ZIP-file with
another random name like them in the subject
There seems to be
another Variant with the same desciption as in my message before but the exe in
the zip-file is named 12.exe
This is not detected
by F-Prot and Mcafee. Virustotal says:
Antivirus
Version
Update
Result
AntiVir
6.32.0.6
11.23.2005
Darin,
Would you add these to virus.cfg? Similir to BANEXT?
Thanks,
Dan
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, November 21, 2005 5:04 PM
Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems
For those of us
So the implication is that Declude knows about this and it will be fixed in the
next release, whenever that may be.
Original Message
From: Bill Landry [EMAIL PROTECTED]
Sent: Tuesday, November 22, 2005 5:36 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus]
1. I have noticed that a new virus exit code being reported on AVG
Exit Code 9 - Double extension
If you are running AVG and want to block double extensions eg. Password.doc
.exe
Add the following line to your virus.cfg
VIRUSCODE 9
Other additional codes are:
4 - suspicion detected by
Yep.
I've added several more today, but haven't had time to research all of the
Bagle, MyTob, and Sober variants to see if this is an exhaustive list of
attachments.
BANNAME accept-terms.zip
BANNAME accepted-password.zip
BANNAME account-details.zip
BANNAME account-info.zip
BANNAME
Sorry... didn't realize that's what you were asking...
Darin.
- Original Message -
From: marc catuogno [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday, November 23, 2005 11:27 AM
Subject: Re: [Declude.Virus] OT: Virus Backscatter
Actually I was talking about the
The second part of that list has been updated
BANNAME Alice.zip
BANNAME Androw.zip
BANNAME Ann.zip
BANNAME Christian.zip
BANNAME Cybil.zip
BANNAME Edmund.zip
BANNAME Ellen.zip
BANNAME Elizabeth.zip
BANNAME Emanuel.zip
BANNAME Ester.zip
BANNAME Isabell.zip
BANNAME James.zip
BANNAME Josias.zip
Wednesday, November 23, 2005, 2:55:34 PM, David Barker [EMAIL PROTECTED]
wrote:
Snip
DB The complete SCANFILE config would be something like this:
DB SCANFILEC:\Progra~1\Grisoft\AVG7\avg.exe /NOBOOT /NOMEM /NOSELF /ARC
Is it avgscan.exe or avg.exe in the above for the 32 bit
19 matches
Mail list logo
