Dave:
Sorry but after calling Insight their search for the product I was
referred to Network Associates. (OH NO.. Not again!).
After explaining (Like I did last year) they told me that they no longer
sell the product on a single license and it only comes in a minimum of 5
licenses. Starting
Hi..
http://www.Declude.com/Virus/Manual.htm
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Mark Chadwick
Sent: Monday, May 20, 2002 7:28 AM
To: Declude. Virus@declude. com
Subject: [Declude.Virus] Upgrade link
Can someone point me to the
Title: Message
Hmmm
Interesting...
another one to be added to the block extensions in the Declude Virus. But
here is a statement from Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smorph.html
I think there is
no reason for this extension to be e-Mailed. Can
Here is another link:
http://office.microsoft.com/assistance/2000/Out2ksecFAQ.aspx
On extensions their use.
We block the following -- we feel if someone wants to send them they can
always zip them, otherwise we just don't want to take any chances.
BANEXT ASD
BANEXT ASP
http://office.microsoft.com/assistance/2000/Out2ksecFAQ.aspx
Is this what you are looking for?
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Sheldon Koehler
Sent: Friday, September 27, 2002 4:47 PM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus]
Just FYI.. In case those using f-prot have not received notification
yet.
Regards,
Kami
--
Version 3.12b of F-Prot Antivirus has been released and is
now ready for download. This version of F-Prot Antivirus has been
improved in many ways. The most obvious change for users is increased
speed
Hi Scott:
With the 1.62 beta is it safe to assume that the old
variable:%VIRUSNAME% is now replaced with %NOUNKNOWNVIRUSNAME%.
In our outgoing response to the sender we were using virusname variable.
From the definition it appears that the new variable would be a more
comprehensive variable.
Is
Title: Message
Hi;
Has anyone seen
this?
http://www.messagelabs.com/viewNewsPR.asp?id=109cmd=PR
MessageLabs is currently intercepting hackers who
are mass-mailing trojans to unsuspecting users. The spread of this new
threat suggests that infected machines could
Title: Message
Hi;
The following is
what we use and we got it from this list: - hope it helps.
http://support.microsoft.com/default.aspx?scid=KB;en-us;291369
Regards,
Kami
# Banned
Extensions
This is just one of the many IP4R tests that you have activated.
Take a look at this for detail:
http://www.declude.com/junkmail/support/ip4r.htm
They are all listed above.
MONKEYFORMMAIL
Lists servers running formmail, which can be used to send spam. Zone
transfers required for large
Hi;
Has anyone caught Sobig with any other eMail address than [EMAIL PROTECTED]?
We blocked that address at the Imail kill list and have not seen any
incidents anymore. First couple of days we were getting a lot of them but
all had the same email. So we decided to block it at the SMTP Kill
]] On Behalf Of Kami Razvan
Sent: Tuesday, January 14, 2003 9:34 AM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] [EMAIL PROTECTED]
Hi;
Has anyone caught Sobig with any other eMail address than [EMAIL PROTECTED]?
We blocked that address at the Imail kill list and have not seen any
incidents
Hi;
The virus appears to always come from: [EMAIL PROTECTED]
So simply add that to the kill list in Imail. That way any email comes with
that return address the server would not accept it.
This is what Symantec says about this:
The W32.Sobig.A@mm worm
Hi Jonathan:
Sobig is actually an easy virus to totally block...
We have simply added [EMAIL PROTECTED] to our Kill list in the SMTP tab.
Sobig only comes (apparently) from this address. Per Symantec:
==
The W32.Sobig.A@mm worm sends itself to all the addresses
Hi;
I guess one thing that has always confused me about this is simply why would
anyone want to use a free service such as Yahoo and send legitimate emails
with a different return address?
What I can see from those that use Yahoo, hotmail or other free services are
two fold:
1: People who don't
Hi Scott:
One thing I noticed when we were moving our servers. I made a mistake in
the file path for the virus scanners (2 of them) and did not realize it
until I received a virus.
The interesting thing that I noticed was the attachment (.scr) was with the
virus. The virus.cfg had it listed as
Title: Message
Scott:
We are not
constantly getting the Unknown virus as alerts.
Declude Virus [Ver: 1.70i1]
caught the Unknown Virus virus in Unknown Filefrom ???@hotmail.com to: [EMAIL PROTECTED]
is just
changed to cover the user.
almost 100% of all
alerts we get are like
here but as I recall it was virus code 8 that
was the one that could show unknown.-Josh
From: "Kami Razvan" [EMAIL PROTECTED]Organization:
ClickandPledge.comReply-To: [EMAIL PROTECTED]Date:
Tue, 3 Jun 2003 14:21:58 -0400To: "Virus List"
[EMAIL PROTECTED]Subject: [D
Title: Message
Hi;
We posted a
request to F-Prot for a problem we are having and this is the reply. Just
FYI:
Hello and thank you for your
mail.
We have not yet tested our product
on 2003
Server Standard. We will need some time to do so.
Best
regards,Kolbrun
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Kami Razvan
Sent: Wednesday, June 11, 2003 5:25 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Bugbear getting through
David:
We researched this and I reported those findings in other postings.
We are using now:
- F
Title: Message
Hi;
I have been
exchanging email with the Tech Support at Grisoft about the Auto-Update. I
thought it is good to know considering I have suggested this software recently
as a scanner.
Here is the
response:
==
I am sorry, but the update manager does not
Hi;
We had this problem with Windows NT 4.0. In 2003 we are not seeing this
behavior.
What version of Windows are you running?
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster
Sent: Thursday, June 12, 2003 11:37 AM
Title: Message
John..
I guess that is a
possibility. Have not tried it..
yes you are
right we don't want to leave the server logged on. The same issue also
exists with F-Prot as we know. The update does not work if you are not
logged on and have to run an update scheduled task.
Does
Hi Paul:
This has come up in the past under different topics.
We have a negative list that we add these type of emails. Our list is
called NegativeEmailList. We subtract 100 points from each of these emails.
I would not Whitelist them because at times you will get spam with faked
addresses
:)
John after I posted this I said OOPS.. He is talking about virus and not JM.
We were having airline and other lists caught for spam and that is what I
was talking about.
After I saw the message appear in the virus list.. I went .. Wrong answer!
Regards,
Kami
-Original Message-
Just in case Scott is taking a break for a change...
Try:
Scanfile1
Scanfile2
Name your scanfiles 1 and 2 and see if that makes a difference. I remember
a similar issue when we were starting and that is how we have ours setup.
Try it..
Regards,
Kami
-Original Message-
From: [EMAIL
Title: Message
Hi;
We have received
several... in all of them this is also in common..
===
X-Mailer: The Bat!
(v1.61)X-Priority: 2 (High)Subject: [47~]your
account
koikrairMIME-Version: 1.0Content-Type: multipart/mixed;
Title: Message
Hi;
Just in case you
have not researched this.. here are some links:
- http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
Apparently it is
attempting to exploit the IE bug..
http://www.microsoft.com/technet/treeview/default.asp?url="">
Regards,
Kami
Title: Message
Hi;
I just ran a test
on our system and it appears that the message is coming
from:
admin@
postmaster@
Has anyone seen
any of this virus coming from an email other than admin@ or
postmaster@
All the ones we
have seen come from this user @ a domain that the recipient
Hi;
We use F-PROT and AVG (Grisoft) and we are catching it. I am not sure which
one is catching it since I have not checked out logs but one of these is
catching it.
I highly recommend that you look into adding a 2nd scanner - if you have the
Pro version. It is quite scary to just rely on one
Hi Paul..
I am going h now... This is our email receipt.. Back when we got it:
Qty. Item Unit Price TAX % Total
==
1 x AVG Server Edition (up to 2 licenses) - English
How about a simple question?
-- have you ran Declude.exe in the new server?
If not simply double click the Declude.exe and test again.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ISPhuset Nordic AS
Sent: Tuesday, August 12, 2003 4:16
Title: Message
I have not seen
this virus.. but from the sound of what I read at Symantec I thought it is
coming via an email payload.
I was wrong
then...
Oh well... two
wrongs for one day.. it has to be Monday.
Kami
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL
Title: Message
Hi;
Interesting...
"... Sobig is
unusual in that it has the ability to go onto the Internet from its host PC and
update itself with new capabilities, Huger said.
Those capabilities could include tools for
denial-of-service attacks or relaying spam. "It's entirely up to the
Title: Message
Hi;
I just got a
notice from AVG (Grisoft) that is disturbing.. their new upgrade is based on
number of mailboxes.
===
With the launch of AVG Anti-Virus 7.0, we have introduced a broader product
line, a new naming convention as well as a new license
Hi Scott:
I was under the impression that if I put:
SKIPIFVIRUSNAMEHAS Sobig
In the recip.eml then the recipient of the virus will not be alerted if
Sobig is the virus.
This works fine for Sobig but I noticed that I am not receiving a virus
notification for other viruses as well. So I
We have blocked .exe since the day we could block it.
If anyone wants to send a .exe he/she is intelligent enough to be able to
zip it. Accepting .exe is asking for trouble.
Outlook Express by default will block .exe .. I am not sure about Outlook
but I don't think it does.
We have an
Title: Message
http://www.eweek.com/article2/0,4149,1258034,00.asp
Hi;
Not that I wish to
start a debate on this.. but just wondering.
Imagine if the
responsibility is dumped on the ISP's .. I think Scott would be a happy
man!
Regards,
Kami
Title: Message
I have not seen
this discussed..
Is this virus
forging itself?
We just got our
first incident..
===
Declude Virus [Ver: 1.75i6] caught
the W32/[EMAIL PROTECTED] virus in
Q287581.exefrom [EMAIL PROTECTED] to: [EMAIL PROTECTED].Date:
09/18/2003
Hi;
I am just curious if anyone else is seeing this in their log files:
Couldn't open header datafile
I noticed that today and in tracing it back it appears that this is showing
up in logs after 9/13
No incident of this is in any of the logs before 9/13 and after 9/13 it is
there in every
Title: Swen... Incredible..
Hi;
I am just amazed as to how this Swen is working.
In the last 10 days I have received over 500 Swen viruses. An analysis of all viruses.. Incredibly no 2 viruses have come from the same IP. In other words these 500 viruses have come from 500 different IP's.
Hi;
We have never had any problem with F-Prot. It has always been working
perfectly.. In all these years the Message.zip was the only incident that
they were late in releasing the signature but that was because of the nature
of the virus that required them to fix something in their code.
F-Prot:
Chad:
This is what we have in our virus.cfg file. No regrets and no apologies for
blocking them. We think of this as a fact of life...
BANEXT asp
BANEXT bas
BANEXT bat
BANEXT CEO
BANEXT chm
BANEXT cmd
BANEXT com
BANEXT
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan
Sent: Thursday, October 02, 2003 4:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] MS Security Patch Emails
Chad:
This is what we have in our virus.cfg file. No regrets and no apologies for
blocking them. We think
Does anyone know if Symantec actually uses this email:
[EMAIL PROTECTED]
Perhaps we should block that email at Imail level for now until the patches
catch up.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of William Baumbach
Sent:
Title: Swen... 200+ daily
Hi..
I have never seen a worst virus I (my email) am receiving 200+ viruses daily. We stopped notifying the receipient but report it to the sender.
This is just out of this world I think it is not receiving much attention since it only targets the UseNet users
Hi;
We have DNS issues...
- Windows 2003 Standard
- Declude JM, Virus
- IMail 8.03
Every 2-3 days the DNS server can not be located and the outgoing mail gets
stuck.. If you try to go to an internet site it can't find it.. We have
searched all over MSDN for KB articles or IPSwitch site but
John..
We have two DNS servers both 2003.
IMail is on its own server
it still has that problem.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Friday, October 31, 2003 4:22 PM
To: [EMAIL PROTECTED]
using? Is it located on the same server or
elsewhere?
- Original Message -
From: Kami Razvan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, October 31, 2003 4:09 PM
Subject: RE: [Declude.Virus] Declude and win 2003 server
Hi;
We have DNS issues...
- Windows 2003 Standard
://www.creativedata.net
850-434-7645
800-607-6168
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan
Sent: Friday, October 31, 2003 3:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Declude and win 2003 server
John..
We have two DNS
Oh Oh...
I'm debating backing up all my info and running the exe just to see
if
anything happens.
Remind me not to ever give you a loaded gun... :)
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt
Sent: Friday, November
We have been swamped by this too.. on a daily basis the volume is
increasing rather than decreasing.
Since this virus targets few people, namely those that participate in lists,
we stopped notifying the recipient since the alert was becoming an issue
too... Imagine getting 200+ alerts daily that
http://www.eweek.com/article2/0,4149,1383346,00.asp?kc=EWNWS111703DTX1K599
Just in case you
have not heard...
May be a good
added security could be:
BANNAME www.paypal.com.scr
even though we
block .scr but why not a double safety..
Regards,
Kami
Scott:
Are you treating
Sobig.C as a forging virus?
http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
Note:
[EMAIL PROTECTED] may spoof the return address.
In our alerts I
don't see that you do considering the forging virus auto-detection done by
Declude.
Scott:
I am confused as
to how add this to JM.
Lets say we want
to send a copy of the email to a certain mailbox and also CC the spam address
for the domain.
Rule1 mailbox spam
Rule1 COPYTO[EMAIL PROTECTED]
can these be done
with one rule or is mailbox a final action?
Regards,
Kami
Rick:
It seems like you want to skip mailing the email if the sender is forged.
With the latest release you can do the following. This is our sender.eml
file. Using skipifforging you don't have to keep tarck of the forging
viruses.
Regards,
kami
===
SKIPIFFORGING
From: [EMAIL
Hi;
Just received a
new virus that apparently has been around since November 24.
It seems like this
virus is forging but Declude does not mark it as forging..
From: [EMAIL PROTECTED]Containing:
the W32/Valla.a virus !!! virusIn: dotoo.exe attachmentSubject: "Failure
Message"
The
Scott:
here is the alert
for the virus:
Regards,
Kami
=
The Declude
Virus software [Ver: 1.77i30] on durability.com has reported that you were sent
an E-mail:
From: [EMAIL PROTECTED]Containing: the W32/Valla.a virus !!! virusIn: dotoo.exe attachmentSubject:
Thanks Scott:
I guess I was fooled by:
Tue, 17 Feb 2004 20:09:49 +0100
FROM: Administrator [EMAIL PROTECTED]
TO: Inet Client [EMAIL PROTECTED]
SUBJECT: Failure Message
X-ID: 798895329822232376
The from address in the header shows as @microsoft.com and that made me
think it is forged.. The
Gene:
If you review the archives you will see a great discussion on this topic.
We did this research a while back and finally gave up.. The final word was
McAfee requires you to buy a license for every mailbox you have. If you are
an ISP then this makes no sense. There is no such thing as a
Scott:
We are seeing
errors in our other scanners. At first I thought Error 5 was because of
F-Prot's new C release. But now we are seeing Error 9 in AVG as
well.
I just saw a virus
get through and that is how I realized what is going on.
could this be with
the i4 release of Declude
Hi;
We had a similar issue..
Make sure you exclude C:\temp as well.
McAfee moves a copy of the virus to that directory and then that causes
issues.. Add C:\temp to the exclusion list.
See if that helps.
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
If you use McAfee.. Then Exclude C:\Temp - if you are not doing it then you
will have other errors.
McAfee moves a copy of the virus to that directory before dealing with it.
We proved it and added it.
We exclude:
User mailbox drive
Spool drive
C:\temp
Regards,
Kami
-Original
One question .. Do you only have one scanner?
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Serge
Sent: Thursday, February 26, 2004 2:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Another error
excluded c:\temp
in more than one hour i
Scott:
Have you
considered adding the ClamAV to the list of scanners on your
site?
If you can put the
configuration entries it would be a great help.
Just a
thought..
Kami
Hi;
Just to update my last email.
The new virus is still not being caught by scanners:
Norton AV
McAfee
F-Prot
AVG
None are catching this. I just updated all the AV definitions and emialed
me the same virus that arrived this morning..
As of 8:31 EST
We are now blocking it with the
: [Declude.Virus] Update- New virus
Kami,
What verison of Declude are you running (1.78i7 or 1.78i8)?
Thanks,
Keith
-Original Message-
From: [EMAIL PROTECTED] on behalf of Kami Razvan
Sent: Wed 3/3/2004 8:32 AM
To: [EMAIL PROTECTED]
Cc:
Subject: [Declude.Virus] Update- New
Erminio:
I have a copy of this virus.. I don't think it is J. We have virus that is
caught as J but this one that I have is not being caught.
I can gladly send it to you off list to test..
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of E.
Scott:
I guess considering the concept is forging does not apply to blocking the
zip files we should STOP sending banned extension notifications.
True?
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, March
Scott:
Just an idea...
What if you extend the idea of Whitelist password to Declude Virus- for
password protected zip files.
If the subject has a code then the attachment with password protected will
be skipped. If you can take the subject and delete the password before
passing it on it can
Thought it could
be of interest.
Kami
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci958574,00.html?track=NL-102ad=479694
F-Secure antivirus software vulnerable to Sober-D
worm
By Edmund X. DeJesus, Contributing
Hi;
For the past 2+
weeks I seeAVG returning error in Declude log file.
This is our
settings:
# AVG - 3rd
ScannerSCANFILE3 C:\Progra~1\Grisoft\AVG7\avgscan.exe
/NOMEM /NOBOOT /NOHIMEM /NOEXPORT /NOSELF /ARC /RT /ARCW /RTW /MACROW
/REPORT=report.txtVIRUSCODE3
6REPORT3 identified
The
Bennie:
Look at Scott's email:
Yes. v1.80 has basic (Microsoft method) detection of the GDIPlus.dll
JPEG Exploit, but their way has false positives. The v1.80i1 interim at
http://www.declude.com/version/interim (and likely tomorrow a 1.81 release)
has full (Declude method) detection of the
We have been on B version for 2 weeks or so- no problems here.
We use 3 scanners: F-Prot, AVG, and McAfee- all are working like one big
happy family.
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, October 01, 2004
Mario:
What virus software are you using?
Are you using only one scanner?
If you are using only one scanner I highly recommend you add another
scanner. I have seen F-Prot for example not catch a virus and ClamAV does.
We use AVG, F-Prot, ClamAV, and McAfee- but we don't have a heavy traffic on
Hi;
Just an FYI- it
seems like installation of Beta 2.0 will replace your postmaster and receipt.eml
files. After updating to Beta 2.0 we started getting alerts from forging
viruses and I had to copy the old files back from our backup
copies.
If you update you
may want to make backup
Hi Serge:
We had a similar issue but I think I know what happens. If Declude is in
use then it can not copy the Declude.exe file in the install directory. We
used to have the same issue when copying the Declude.exe file and IMail was
processing email.. Since Declude.exe was in use you could not
Hi John..
I had never of it but.. Here is a Google search result..
http://www.uts.edu.au/email/advanced/executable.html
http://office.microsoft.com/en-us/assistance/HA011402971033.aspx
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Hi;
Is this a forging
virus?
Containing: the W32/[EMAIL PROTECTED] virus
In: Unknown File attachment
Subject: "03 Alai Alai Alaiyay"
We are starting to
get a lot of them and alerts are being received so that tells me Declude doe
snot consider it forging.
Regards,
Kami
Hi;
In the past hour I
have seen several emails caught as spam but the weight still not high enough to
be deleted with subject: Urgent Windows Update.
As everyone (?)
knows this is the recent attempt to install a worm on the visitor's computer-
there is a link to the Express install and
Title: Message
Hi Andrew:
We have Microsoft in our spam domains- but the problem is Microsoft sends
email from so many different reverse DNS.
ISV, MSDN, MSN, Office Newsletter-- all are sent from different
providers. For example:
Here is our MS filter:
MINWEIGHTTOFAIL 2
Title: Message
Hi Goran:
We have a set of Whitelist filters. As a matter of
format:
[Whitelist.Vendor.Microsoft]
[Whitelist.List.Something]
Then I have a combo filter that simply does:
TESTSFAILED WHITELIST
CONTAINS [Whitelist.
This way I can do combo tests depending on the category and
Hi
..
I thought this could
be of interest to the group- if you are using ClamAV -0.86.1. Saw this in
a security newsletter.
Regards,_
Kami
*
Widely Deployed Software
*
(1) HIGH: ClamAV Multiple Buffer
Overflows
Affected: ClamAV version 0.86.1
Hi Markus:
I just updated F-Prot and scanned the one I received called Katherine.zip.
It shows it as Suspicious file. McAfee is not detecting it.
As suggested the best path at the moment could be:
BANZIPEXTS ON
We have:
- Grisoft AVG
- F-Prot
- Clam AV
- McAfee
Only F-Prot with the
Hi;
Considering the
latest discussion.. I thought if it has not been posted this article could be of
interest..
-
http://www.informationweek.com/story/showArticle.jhtml?articleID=175007150cid=RSSfeed_IWK_winsecurity
Symantec Anti-Virus Software Open To AttackThe bug, which
Hi;
Does anyone know
whya lot of HTML emails are being caught with the following
warning:
Declude
Virus [Ver: 4.0.9] caught:
-Virus:
Possibly a new variant of JS/-In: [HTML segment]-From: [EMAIL PROTECTED]-To:
-Direction: incoming
-Date: 26 Feb 2006
18:23:44-Subject: Don't
Andrew:
After the post I did the same and it is working great. I have done
as Scott has stated.
I review all the messages and none of our Declude filters are being
triggered anymore. All the phishing attempts used to get caught by our
filters.. with ClamAV and the phish.ndb all are being
John..
I am seeing a lot of notices go out for forged viruses .. I think Scott
was updating a list that Declude was checking against.. perhaps that list is not
being updated by Barry company..
Kami
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
CarterSent: Friday,
Hi Grant..
The problem is an issue we faced with as well.
If you are sending HTML with fancy tags your emails are getting tagged as:
-Virus: Possibly a new variant of JS/
-In: [HTML segment]
We had all of our web messaging emails get caught as that virus. I changed
the program to simply send
Hi;
We are having a
major problem. A large number of emails are getting caught with the
following message:
Containing: Possibly a new variant of JS/
virus
In: [HTML segment] attachment
I have
added:
ALLOWVULNERABILITYJS
but it is not
working. Almost every HTML email and newsletter is
Hi Matt..
thanks for your quick reply. Here is the virus log
entries:
03/24/2006 14:34:08.042 q49aa01741b4f.smd Vulnerability flags =
003/24/2006 14:34:10.777 q49aa01741b4f.smd Virus scanner 1 reports exit
code of 003/24/2006 14:34:11.871 q49aa01741b4f.smd Virus scanner 2
Hi Matt Marcus..
Many thanks for your response.. I changed my config
file to see if that resolves the problem.
This problem comes and goes.. a lot of web forms
appear to be having this issue.
I added Matt's config file to see if that
helps..
thanks
Kami
From: [EMAIL PROTECTED]
Hi John:
I have received 3 of these that are not in zip files.
My_new_comp.doc
About_me.doc
Hp_laptops.doc
All are similar in concept:
With the following in the body and different subjects. Name after hello is
also different.
---
Hello Cristian Asanachescu
Andrew..
Why not block any .exe attachments?
In our system AVG is detecting it.
Kami
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck,
Andrew
Sent: Saturday, December 30, 2006 12:11 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] New
, April 17, 2007 1:58 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Temp files ClamAV Windows not deleting
You need to take ownership of the files as the administrator and then you
can delete them.
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami
95 matches
Mail list logo