[Declude.Virus] Scanner Parameters
The recommended setups for NOD32 and Trend do not have a REPORT line. Does anyone know the values to use for these in order to get a virus name reported. Thanks, George
[Declude.Virus] Heads up: something new is around
Block exe in zips (at least temporaly)! --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Heads up: something new is around
...seem's beeing a new varaint of Bagle.Virustotal says Antivirus Version Update Result AntiVir 6.33.0.81 02.02.2006 TR/Bagle.Gen.B Avast 4.6.695.0 02.01.2006 no virus found AVG 718 02.01.2006 I-Worm/Bagle Avira 6.33.0.81 02.02.2006 TR/Bagle.Gen.B BitDefender 7.2 02.02.2006 [EMAIL PROTECTED] CAT-QuickHeal 8.00 02.02.2006 (Suspicious) - DNAScan ClamAV devel-20060126 02.02.2006 no virus found DrWeb 4.33 02.02.2006 no virus found eTrust-InoculateIT 23.71.66 02.02.2006 Win32/Bagle.Variant!Worm eTrust-Vet 12.4.2063 02.02.2006 Win32/Baglelike Ewido 3.5 02.02.2006 no virus found Fortinet 2.54.0.0 02.02.2006 suspicious F-Prot 3.16c 02.02.2006 no virus found Ikarus 0.2.59.0 02.02.2006 no virus found Kaspersky 4.0.2.24 02.02.2006 no virus found McAfee 4687 02.01.2006 W32/Bagle.gen NOD32v2 1.1391 02.01.2006 a variant of Win32/Bagle Norman 5.70.10 02.02.2006 no virus found Panda 9.0.0.4 02.01.2006 Suspicious file Sophos 4.02.0 02.02.2006 no virus found Symantec 8.0 02.02.2006 Bloodhound.Beagle TheHacker 5.9.3.088 02.02.2006 W32/[EMAIL PROTECTED] UNA 1.83 02.01.2006 no virus found VBA32 3.10.5 02.02.2006 suspected of Email-Worm.Bagle.1 My Mcafee engine is on version 4687 and the definitions are up to date. However it hasn't catched this virus even if the same zip file was identified by virustotals mcafee engine.
RE: [Declude.Virus] Encoded viruses...worried
It's not the only thread remaining without comment from Declude even if there was replies to other threads in the meantime. Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott FisherSent: Thursday, February 02, 2006 7:32 PMTo: Declude.Virus@declude.comSubject: Re: [Declude.Virus] Encoded viruses...worried Am I the only one that is wondering why there wouldn't have been an official response to this from Declude? While I have added the extension listed to block attachments, (and FProt did detect on all of my instances), when a potential flaw is pointed out, it would be nice to have an official response to the message. - Original Message - From: Matt To: Declude.Virus@declude.com Sent: Tuesday, January 31, 2006 6:49 PM Subject: [Declude.Virus] Encoded viruses...worried Someone just reported to me that MyWife.d (McAfee)/Kapser.A (F-Prot)/Blackmal.E (Symantec)/etc., has a 3rd of the month payload that will overwrite a bunch of files. It's really nasty. More can be found at these links: http://isc.sans.org/diary.php?storyid=1067 http://vil.nai.com/vil/content/v_138027.htmThis started hitting my system on the 17th, possibly seeded through Yahoo! Groups. The problem is that it often sent encoded attachments in BinHex (BHX, HQX), Base64 (B64), Uuencode (UU, UUE), and MIME (MIM, MME), and I'm not sure that Declude is decoding all of these to see what is inside. For instance, I found that some BHX files that clearly contained an executable payload, showed up in my Virus logs like so: 01/16/2006 05:36:49 Q7741EFB6011C4F95 MIME file: [text/html][7bit; Length=1953 Checksum=154023]01/16/2006 05:36:50 Q7741EFB6011C4F95 MIME file: Attachments001.BHX [base64; Length=134042 Checksum=8624521]There was no mention about the payload inside of it, and there almost definitely was. The same attachment name with the same length was repeatedly detected as a virus later on that day. This likely was a PIF file inside, though it could also have been a JPG according the notes on this virus. I, like most of us here, don't allow PIF's to be sent through our system, but when the PIF is encoded in at least BinHex format, it gets past this type of protection.Here's the conundrum. This mechanism could be exploited just like the Zip files were by the Sober writers and continually seeded, but instead of requiring some of us to at least temporarily block Zips with executables inside, an outbreak of continually seeded variants with executables within one of these standard encoding mechanisms would cause us to have to block all such encodings. I therefore think it would be prudent for Declude to support banned extensions within any of these encoding mechanisms if it doesn't already. I readily admit that this could be a lot of work, but it could be very bad if this mechanism becomes more common. This particular virus is so destructive that a single copy could cause severe damage to one's enterprise. I cross my fingers hoping that none of this would be necessary, but that's not enough to be safe.Matt
Re: [Declude.Virus] Scanner Parameters
Does anyone know the values to use for these in order to get a virus name reported. NOD32: /logrewrite /log+ /log=FILENAME --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Scanner Parameters
Sandy, Thanks as always. Do you happen to have the correct content for the REPORT entry? George -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Thursday, February 02, 2006 2:28 PM To: george kulman Subject: Re: [Declude.Virus] Scanner Parameters Does anyone know the values to use for these in order to get a virus name reported. NOD32: /logrewrite /log+ /log=FILENAME --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] AVAFTERJM
When scanning for viruses after JunkMail through use of the above directive, the following rule applies: All email will continue to be scanned for viruses EXCEPT those emails having a final JunkMail action of: HOLD DELETE David Franco-Rocha Declude Technical / Engineering --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] [IMail Forum] Realistic virus threat?
I reported this issue quite some time ago, when Scott was still running the show, and never got a satisfactory answer. You can scan the raw d*.smd file with f-prot and it will detect the virus, but run it through Declude Virus, and the virus goes though undetected. After pestering and prodding for several days, I finally gave up on getting a response that made sense. But it must have something to do with the way Declude Virus is stripping off the mime encapsulation before calling f-prot to scan the message. I have copied this to the Declude Virus list, as well, since it really belongs there rather than on the IMail list. Bill - Original Message - From: Michael Graveen To: Imail_Forum@list.ipswitch.com Sent: Thursday, February 02, 2006 1:15 PM Subject: RE: [IMail Forum] Realistic virus threat? I've had F-Prot miss this virus on the mail server (being called from Declude). But it's caught coming to my desktop, with the same virus scanner. Is anyone else seeing this?MikeAt 02:25 PM 2/2/2006, you wrote: I believe F-Prot calls it W32/[EMAIL PROTECTED] From: Stephen Guluk [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 02, 2006 2:19 PM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] Realistic virus threat? Off topic but still related to email... Had a couple clients that called concerned about this virus that is said to open and do it's damage tomorrow: [EMAIL PROTECTED] Win32.Nyxem.e I run F-prot on my mail server and their list of virus definitions shows nothing pertaining to this virus name. I wrote them but expect that they are sleeping since they are in Iceland. Anyone else running F-prot and know any more info on it this is a real threat? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
RE: [Declude.Virus] [IMail Forum] Realistic virus threat?
My raw speculation: 1) It is missed because the virus.cfg is using the "PRESCANON" switch (the default, I believe) and the declude.exe application does not decode the MIME or other coding as flexibly as a mail client would, or makes an uninformed decision about what is an object worth scanning. ANSWER: use PRESCAN OFF instead. This will incur more CPU time as the selected antivirus scanner(s) will be scanning all objects. 2) For F-Prot specifically, the /server switch is not being used and therefore F-Prot is not doing the message format decoding. If Declude did a perfect job, this setting would be irrelevant. ANSWER: use the /server switch in your SCANFILE definition. This would cause more CPU time on the few messages that appear as nested message encoding; it is intended for scanning servers with multiple mailbox formats and nested messages. I follow my own advice on these two points and do not have a problem with F-Prot under Declude EVA missing known viruses. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill LandrySent: Thursday, February 02, 2006 1:47 PMTo: Imail_Forum@list.ipswitch.com; Declude.Virus@declude.comSubject: Re: [Declude.Virus] [IMail Forum] Realistic virus threat? I reported this issue quite some time ago, when Scott was still running the show, and never got a satisfactory answer. You can scan the raw d*.smd file with f-prot and it will detect the virus, but run it through Declude Virus, and the virus goes though undetected. After pestering and prodding for several days, I finally gave up on getting a response that made sense. But it must have something to do with the way Declude Virus is stripping off the mime encapsulation before calling f-prot to scan the message. I have copied this to the Declude Virus list, as well, since it really belongs there rather than on the IMail list. Bill - Original Message - From: Michael Graveen To: Imail_Forum@list.ipswitch.com Sent: Thursday, February 02, 2006 1:15 PM Subject: RE: [IMail Forum] Realistic virus threat? I've had F-Prot miss this virus on the mail server (being called from Declude). But it's caught coming to my desktop, with the same virus scanner. Is anyone else seeing this?MikeAt 02:25 PM 2/2/2006, you wrote: I believe F-Prot calls it W32/[EMAIL PROTECTED] From: Stephen Guluk [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 02, 2006 2:19 PM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] Realistic virus threat? Off topic but still related to email... Had a couple clients that called concerned about this virus that is said to open and do it's damage tomorrow: [EMAIL PROTECTED] Win32.Nyxem.e I run F-prot on my mail server and their list of virus definitions shows nothing pertaining to this virus name. I wrote them but expect that they are sleeping since they are in Iceland. Anyone else running F-prot and know any more info on it this is a real threat? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
Re: [Declude.Virus] [IMail Forum] Realistic virus threat?
Andrew, I already have PRESCAN set to off and use the /server switch with F-Prot, so those were not the issue that was causing this behavior for me. From my virus.cfg: # F-ProtSCANFILE1C:\Progra~1\FSI\F-Prot\fpcmd.exe -AI -ARCHIVE=5 -DUMB -NOBOOT -NOBREAK -NOMEM -PACKED -SAFEREMOVE -SERVER -SILENT -REPORT=report.txtVIRUSCODE13VIRUSCODE16VIRUSCODE18VIRUSCODE19VIRUSCODE110REPORT1Infection: PRESCANOFF Bill - Original Message - From: Colbeck, Andrew To: Declude.Virus@declude.com Cc: [EMAIL PROTECTED] Sent: Thursday, February 02, 2006 2:09 PM Subject: RE: [Declude.Virus] [IMail Forum] Realistic virus threat? My raw speculation: 1) It is missed because the virus.cfg is using the "PRESCANON" switch (the default, I believe) and the declude.exe application does not decode the MIME or other coding as flexibly as a mail client would, or makes an uninformed decision about what is an object worth scanning. ANSWER: use PRESCAN OFF instead. This will incur more CPU time as the selected antivirus scanner(s) will be scanning all objects. 2) For F-Prot specifically, the /server switch is not being used and therefore F-Prot is not doing the message format decoding. If Declude did a perfect job, this setting would be irrelevant. ANSWER: use the /server switch in your SCANFILE definition. This would cause more CPU time on the few messages that appear as nested message encoding; it is intended for scanning servers with multiple mailbox formats and nested messages. I follow my own advice on these two points and do not have a problem with F-Prot under Declude EVA missing known viruses. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill LandrySent: Thursday, February 02, 2006 1:47 PMTo: Imail_Forum@list.ipswitch.com; Declude.Virus@declude.comSubject: Re: [Declude.Virus] [IMail Forum] Realistic virus threat? I reported this issue quite some time ago, when Scott was still running the show, and never got a satisfactory answer. You can scan the raw d*.smd file with f-prot and it will detect the virus, but run it through Declude Virus, and the virus goes though undetected. After pestering and prodding for several days, I finally gave up on getting a response that made sense. But it must have something to do with the way Declude Virus is stripping off the mime encapsulation before calling f-prot to scan the message. I have copied this to the Declude Virus list, as well, since it really belongs there rather than on the IMail list. Bill - Original Message - From: Michael Graveen To: Imail_Forum@list.ipswitch.com Sent: Thursday, February 02, 2006 1:15 PM Subject: RE: [IMail Forum] Realistic virus threat? I've had F-Prot miss this virus on the mail server (being called from Declude). But it's caught coming to my desktop, with the same virus scanner. Is anyone else seeing this?MikeAt 02:25 PM 2/2/2006, you wrote: I believe F-Prot calls it W32/[EMAIL PROTECTED] From: Stephen Guluk [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 02, 2006 2:19 PM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] Realistic virus threat? Off topic but still related to email... Had a couple clients that called concerned about this virus that is said to open and do it's damage tomorrow: [EMAIL PROTECTED] Win32.Nyxem.e I run F-prot on my mail server and their list of virus definitions shows nothing pertaining to this virus name. I wrote them but expect that they are sleeping since they are in Iceland. Anyone else running F-prot and know any more info on it this is a real threat? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
RE: [Declude.Virus] [IMail Forum] Realistic virus threat?
3) On a very busy server, Declude may be aborting the scan because it is taking too long. The default is 60 seconds. ANSWER: Use SCANNERTIMEOUT90 in the virus.cfg or some other time value of your choosing. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, AndrewSent: Thursday, February 02, 2006 2:10 PMTo: Declude.Virus@declude.comCc: [EMAIL PROTECTED]Subject: RE: [Declude.Virus] [IMail Forum] Realistic virus threat? My raw speculation: 1) It is missed because the virus.cfg is using the "PRESCANON" switch (the default, I believe) and the declude.exe application does not decode the MIME or other coding as flexibly as a mail client would, or makes an uninformed decision about what is an object worth scanning. ANSWER: use PRESCAN OFF instead. This will incur more CPU time as the selected antivirus scanner(s) will be scanning all objects. 2) For F-Prot specifically, the /server switch is not being used and therefore F-Prot is not doing the message format decoding. If Declude did a perfect job, this setting would be irrelevant. ANSWER: use the /server switch in your SCANFILE definition. This would cause more CPU time on the few messages that appear as nested message encoding; it is intended for scanning servers with multiple mailbox formats and nested messages. I follow my own advice on these two points and do not have a problem with F-Prot under Declude EVA missing known viruses. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill LandrySent: Thursday, February 02, 2006 1:47 PMTo: Imail_Forum@list.ipswitch.com; Declude.Virus@declude.comSubject: Re: [Declude.Virus] [IMail Forum] Realistic virus threat? I reported this issue quite some time ago, when Scott was still running the show, and never got a satisfactory answer. You can scan the raw d*.smd file with f-prot and it will detect the virus, but run it through Declude Virus, and the virus goes though undetected. After pestering and prodding for several days, I finally gave up on getting a response that made sense. But it must have something to do with the way Declude Virus is stripping off the mime encapsulation before calling f-prot to scan the message. I have copied this to the Declude Virus list, as well, since it really belongs there rather than on the IMail list. Bill - Original Message - From: Michael Graveen To: Imail_Forum@list.ipswitch.com Sent: Thursday, February 02, 2006 1:15 PM Subject: RE: [IMail Forum] Realistic virus threat? I've had F-Prot miss this virus on the mail server (being called from Declude). But it's caught coming to my desktop, with the same virus scanner. Is anyone else seeing this?MikeAt 02:25 PM 2/2/2006, you wrote: I believe F-Prot calls it W32/[EMAIL PROTECTED] From: Stephen Guluk [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 02, 2006 2:19 PM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] Realistic virus threat? Off topic but still related to email... Had a couple clients that called concerned about this virus that is said to open and do it's damage tomorrow: [EMAIL PROTECTED] Win32.Nyxem.e I run F-prot on my mail server and their list of virus definitions shows nothing pertaining to this virus name. I wrote them but expect that they are sleeping since they are in Iceland. Anyone else running F-prot and know any more info on it this is a real threat? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
Re: [Declude.Virus] [IMail Forum] Realistic virus threat?
Scan timeouts were not the issue either, since my secondary Declude Virus scanner (TrendMicro) would catch the virus fine, and the logs would show the scanning to be taking a mere second or two. Bill - Original Message - From: Colbeck, Andrew To: Declude.Virus@declude.com Sent: Thursday, February 02, 2006 2:34 PM Subject: RE: [Declude.Virus] [IMail Forum] Realistic virus threat? 3) On a very busy server, Declude may be aborting the scan because it is taking too long. The default is 60 seconds. ANSWER: Use SCANNERTIMEOUT90 in the virus.cfg or some other time value of your choosing. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, AndrewSent: Thursday, February 02, 2006 2:10 PMTo: Declude.Virus@declude.comCc: [EMAIL PROTECTED]Subject: RE: [Declude.Virus] [IMail Forum] Realistic virus threat? My raw speculation: 1) It is missed because the virus.cfg is using the "PRESCANON" switch (the default, I believe) and the declude.exe application does not decode the MIME or other coding as flexibly as a mail client would, or makes an uninformed decision about what is an object worth scanning. ANSWER: use PRESCAN OFF instead. This will incur more CPU time as the selected antivirus scanner(s) will be scanning all objects. 2) For F-Prot specifically, the /server switch is not being used and therefore F-Prot is not doing the message format decoding. If Declude did a perfect job, this setting would be irrelevant. ANSWER: use the /server switch in your SCANFILE definition. This would cause more CPU time on the few messages that appear as nested message encoding; it is intended for scanning servers with multiple mailbox formats and nested messages. I follow my own advice on these two points and do not have a problem with F-Prot under Declude EVA missing known viruses. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill LandrySent: Thursday, February 02, 2006 1:47 PMTo: Imail_Forum@list.ipswitch.com; Declude.Virus@declude.comSubject: Re: [Declude.Virus] [IMail Forum] Realistic virus threat? I reported this issue quite some time ago, when Scott was still running the show, and never got a satisfactory answer. You can scan the raw d*.smd file with f-prot and it will detect the virus, but run it through Declude Virus, and the virus goes though undetected. After pestering and prodding for several days, I finally gave up on getting a response that made sense. But it must have something to do with the way Declude Virus is stripping off the mime encapsulation before calling f-prot to scan the message. I have copied this to the Declude Virus list, as well, since it really belongs there rather than on the IMail list. Bill - Original Message - From: Michael Graveen To: Imail_Forum@list.ipswitch.com Sent: Thursday, February 02, 2006 1:15 PM Subject: RE: [IMail Forum] Realistic virus threat? I've had F-Prot miss this virus on the mail server (being called from Declude). But it's caught coming to my desktop, with the same virus scanner. Is anyone else seeing this?MikeAt 02:25 PM 2/2/2006, you wrote: I believe F-Prot calls it W32/[EMAIL PROTECTED] From: Stephen Guluk [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 02, 2006 2:19 PM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] Realistic virus threat? Off topic but still related to email... Had a couple clients that called concerned about this virus that is said to open and do it's damage tomorrow: [EMAIL PROTECTED] Win32.Nyxem.e I run F-prot on my mail server and their list of virus definitions shows nothing pertaining to this virus name. I wrote them but expect that they are sleeping since they are in Iceland. Anyone else running F-prot and know any more info on it this is a real threat? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
Re: [Declude.Virus] AVAFTERJM
Thanks for the clarificaiton. Matt David Franco-Rocha [ Declude ] wrote: When scanning for viruses after JunkMail through use of the above directive, the following rule applies: All email will continue to be scanned for viruses EXCEPT those emails having a final JunkMail action of: HOLD DELETE David Franco-Rocha Declude Technical / Engineering --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.Virus] Scanner Parameters
Thanks as always. Do you happen to have the correct content for the REPORT entry? Good question. I _think_ you want REPORT - With two spaces after the keyword REPORT. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.Virus] Scanner Parameters
Sandy, Thanks again. I've put it in place but it'll take a while to test. I don't see many viruses in e-mail since they're mainly caught by my IPS. When the Blackworm furor dies down I'll run a Eicar test with the IPS on bypass and let you know. George -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Thursday, February 02, 2006 8:38 PM To: george kulman Subject: Re[2]: [Declude.Virus] Scanner Parameters Thanks as always. Do you happen to have the correct content for the REPORT entry? Good question. I _think_ you want REPORT - With two spaces after the keyword REPORT. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Stuck as GSC Files
All of my email virus notifications are all of a sudden stuck in the Imail queue as GSC files ... I'm using the latest declude with Imail 9.01 No changes to the server and till last night was working fine ... how do I unstick GSC files? - Internet Dental Forum www.internetdentalforum.org Dentalcast Podcast www.dentalcast.net --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.