that are the
challenge
-Nick Hayer
Sorry, I know Ive brought this up before but Im befuddled as to how plan old
Norton Antivirus
2003 on my XP desktop using outlook 2002 can pick up this virus within a passworded
file without
the password.
This was held in the virus
.
I am running fprot 3.14e latest defs
-Nick Hayer
03/18/2004 11:20:01 Qcc24005d0536a2e6 Error 128 in virus scanner 1.
03/18/2004 11:21:09 Qcc661aa8032aa581 Error 128 in virus scanner 1.
F-Prot doesn't define an exit code of 128 -- I would recommend reinstalling
F-Prot
.]
Is there a way to display different strings from reportt.txt?
Thanks!
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
.
http://www.mail-archive.com/[EMAIL PROTECTED]/msg08938.html
-Nick
I do not have anything setup at this point and am wondering what others
do.
Goran Jovanovic
The LAN Shoppe
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED
' and nothing in the declude log file.
This is with v180
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus
On 28 Sep 2004 at 10:43, Greg Little wrote:
Greg,
As I recall, IF a virus scanner calls it bad, there is no further
checking.
Is this for an individual scanner or multiple scanners?
All the scanners run (sic) even if the one before discovers a virus
on my system.
-Nick
.
---
[This E-mail
On 28 Sep 2004 at 13:18, Terry Fritts wrote:
Terry - Scott clarified it for me - I was scanning a zip - when the
regular jpeg comes through I do get a log entry like you do below.
Now I understand the thread about multiple report lines for a
scanner...
Regards,
-Nick
Date sent
like F-Prot versus
Mcafee.
Yes, I'd like that option!
I think we all would 'cept Scott :)
-Nick
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL
On 19 Oct 2004 at 19:29, R. Scott Perry wrote:
Can 'by design' mean a switch be addeded to allow deletion? I would
like to be able to make that decision - not declude.
Thanks
-Nick
It seems that DELETEVIRUSES ON isn't working in Declude Virus
1.81
I have it set to:
DELETEVIRUSES
Scott,
What other MTA's do you support or intend to support in the near
future with Declude like functionality?
Can you suggest one other than Imail?
-Nick
-
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus
On 3 Nov 2004 at 8:55, John Tolmachoff (Lists) wrote:
Hi John,
I use ClamAV without any issues at all.. Excellent product from what
I can tell -
-Nick
Has any tried using BitDefender with Declude Virus, or ClamAV for that
matter?
Does it work?
John Tolmachoff
Engineer/Consultant
On 10 Nov 2004 at 16:33, Matt wrote:
Matt -
Would you elaborate on the Passler app? Where from how much?
-Nick
Bill Landry wrote:
Matt, thanks for the analysis. I would very much like to know
what the additional load is on your server by setting PRESCAN to
OFF. Please do
or size. SO I left it to see if other changes helped -
# Close the connection if this limit is exceeded.
StreamMaxLength 3M
-Nick
From: John Carter [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:[Declude.Virus] ClamAV scan time
Date sent
Is anyone aware of a port of declude virus logs to mrtg?
Thanks!
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
.
The purpose here is to use mrtg to graph virus traffic - I can do it
with one value but when I try to combine both I am lost.
Thanks in advance -
-Nick
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list
and had to ask for help!
-Nick
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
if possible.]
-Nick
Bill
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
On 2 Dec 2004 at 14:57, Bill Landry wrote:
Very kool. I really tried to do this and figured there was no way!
Thanks!
-Nick
Well, here is a bit a trickery to make it a single liner:
egrep File\(|Scanned: (Virus|Error)|Skipping l:\virus\vir1201.log |
gawk {print $1,$4,$5,$6} | sed s/\/2004
For those that use ClamAV the latest ver appears to be Nov20 - I had
the Oct24 ver which would randomly crash - in this latest ver in the
release notes there is reference to fixing this
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E
date - ]
-Nick
###
WorkDir: E:\mrtg-graphs\Imail\grep_virus
Title[index]: Connections MRTG
PageTop[index]: hrbrh3Server: MX1.MADRIVERACCESS.COMbr
Viruses Detected / Total Email Scanned/h3
MaxBytes[index]: 100
AbsMax[index]: 100
Options[index]: gauge
I just received the folloing from the Clam list - there appears to be
an issue with UDP ports and cygwin
-Nick
On 6 Dec 2004 at 9:24, Brian Bruns wrote:
From: Brian Bruns [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date sent: Mon, 6 Dec 2004 09
Has anyone seen or heard of a virus/worm that uses this file? It
seems to be attacking several pc's at my day job..
Thanks!
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list
On 14 Dec 2004 at 12:31, Nick wrote:
Has anyone seen or heard of a virus/worm that uses this file? It seems
to be attacking several pc's at my day job..
As a follow up - I just found this -
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_R
BOT.ADGVSect=T
Nothing on mcafee
On 14 Dec 2004 at 11:19, Colbeck, Andrew wrote:
Thanks Andrew!
You are sharp. I spent quite a bit of time on google and on the AV
sites without any results.
-Nick
Subject:RE: [Declude.Virus] wuaurlt.exe
Date sent: Tue, 14 Dec 2004 11:19:50 -0800
Priority
in the sample virus.cfg file -
I want to verify this option still exists [or not]
Thanks
-Nick
Barry
--- [This E-mail scanned for viruses by Findlay Internet] --- This E-
mail came from the Declude.Virus mailing list. To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and type unsubscribe
to be a support form from Declude but is
support now only on a per incident basis?
Thanks!
-Nick
I'm using:
SCANFILE3 D:\VIRUSSCAN\scan.exe /ALL /NOMEM /NOBEEP /NOBREAK /UNZIP
/SILENT /NODDA /MANALYZE /MIME /PANALYZE /PROGRAM /REPORT report.txt
Haven't seen any FPs with /MANALYZE
virus.cfg needs a different setup parameter or report.txt cannot
be found?
-Nick
04/28/2005 05:49:04 QB18D740700A83968 MIME file: document.scr
[base64; Length=52224 Checksum=6533396] 04/28/2005 05:49:04
QB18D740700A83968 Invalid SCR Vulnerability 04/28/2005 05:49:04
On 28 Apr 2005 at 13:50, Matt wrote:
Sorry about being wrong on both counts.. but I was trying to help!
-Nick
Nick,
Thanks for the reply, but I think you missed part of the
discussion.This is an F-Prot issue. Also, regardless of not finding a
parse string in report.txt, F-Prot isn't
string Infection in my logs today. The average delay was 4 seconds.
Is the answer to add the additl exit codes or is there a downside to
that?
-Nick
9 - At least one object was not scanned (encrypted file,
unsupported/unknown compression method, unsupported/unknown file
format
negativity lately]. They are
learning the new turf. And they have some good email admins
supporting them (for now)
If Declude misses the point competition will but thenm out of
business.
-Nick
Plus, if they actually integrate our feedback, we'll buy the support
agreement in order
for their command line scanner
[scan.exe] @ $11 but the real trick is finding a source to purchase
it from. I got mine through my day job via government purchasing.
-Nick
Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
---
This E-mail came from the Declude.Virus mailing list
On 4 May 2005 at 9:11, Ralph Krausse wrote:
Ralph -
Excellent!
Excellent for Declude list participation - I really appreciate it!
Thanks
-Nick
We are currently looking into a possible issue with this directive. We
will be shortly releasing a incremental version with some enhancements
just scanned my virus logs for the past week.
Today only I have 2 emails that are spam, claim to be virii that
originated from 127.0.0.1
So I cannot explain this - it may be normal but rare?
-Nick
05/05/2005 08:48:51 Q16324B9301BCB06D Outlook 'CR' vulnerability
[From: Tro] in line 7
05/05/2005
On 5 May 2005 at 14:15, [EMAIL PROTECTED] wrote:
For the foreseeable future Declude will be following a different
release strategy.
WOW!
Barry - you the man!
-Nick
Beginning today we will be issuing Incremental Releases on a regular
basis. These releases should be regarded as Beta Code
Does anyone know or have a list of the vulnerabilities that are a
real problem and should be blocked or conversely the vulnerabilities
that are not a virus/worm threat?
Thanks!
-Nick
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL
On 9 May 2005 at 9:27, Susan Duncan wrote:
Hi Susan -
2 things -
What do your logs show - eg Is Declude scanning the suspect email?
2- If it is I bet Symantec is giving a false positive - non virulent
positive.
-Nick
Not sure if I should be posting this here or sending something to
f-prot
this won't be effective becase folks now rename extensions as a
matter of course to get clean files through eg - .exe .e_x_e :)
Leave it up to your antivirus scanner.
Perfect and thanks for the insight.
-Nick
I am not real clear on this thread - but if it has to do with clamd -
it w/Declude no question has a problem in Windows. I have stopped using
it - it may take a week or even a month but it will crash...
-Nick
Terry Fritts wrote:
I can't find anything in the event or application logs
Vulnerability flags = 76
Thanks!
-Nick
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
Thanks David!
David Franco-Rocha [ Declude ] wrote:
Nick,
With the enhancement of turning off checking for individual
vulnerabilities, this information indicates for Declude which
vulnerabilities are being checked and which ones are not.
David Franco-Rocha
Declude Technical Support
Thanks Andrew!
-Nick
Colbeck, Andrew wrote:
Today is Microsoft Patch Tuesday for July 2005.
One of the bulletins is:
http://www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
Which fails to indicate which graphics formats are affected by this
vulnerability. It does mention
.
This link works -
ftp.nai.com
/pub/antivirus/datfiles/4.x
-Nick
Thanks,
Matt
John Tolmachoff (Lists) wrote:
OK, so it is cpl file, which we should all have in our list of banned
extensions including banned if within a zip file, so we should all be safe,
correct?
John T
eServices
do not know what I should be looking for :)
I have 3.0.4.4 running on my quad processor [with hyper threading] box
without ant problems - at least as far as I can tell. If I'm I missing
something I will revert back to 2.0.6.16 in a heartbeat!
-Nick
---
This E-mail came from
Andy Schmidt wrote:
Hi Nick:
I'm only repeating what I'm told - I don't have factual information on my
own.
chuckle chuckle chuckle. you are very funny at times!
Declude is supposed to check the /proc folder and ONLY go to sleep (for 30
seconds), if the folder contains no messages
Hi -
would anyone know what Couldn't create map1 would mean in the Declude
virus log file?
Thanks!
-Nick
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
Thanks David!
-Nick
David Barker wrote:
3.0.5.10 - Change was made to reset the winsock when the \proc directory
reached 0 messages
3.0.5.11 - Change was made to reset the winsock when the \proc directory
reached 0 messages and threads in the \work had completed processing
I will update
Hi David,
Mcafee is one - the command line scanner is only $11 - if you can find a
vendor to sell it to you.
ClamAV is another choice and its free. I use it w/clamd.
http://www.sosdg.org/clamav-win32/index.php
I use all three..
-Nick
David Dodell wrote:
After many years of using Virus
Thanks for the info David!
-Nick
David Barker wrote:
Declude 3.0.5.18
ALL - Fixed un-defined variables causing intermittent stop/start with the
decludeproc service.
JM - Fixed SmarterMail incoming email recipient domain aliases.
AV - Fixed un-defined variables, causing incorrect Virus
installed user base?
Thanks!
-Nick
David Franco-Rocha wrote:
Due to the long holiday weekend, we
have been away from the office for a few days. Unfortunately it has
come to our attention that there could be a problem with key validation
on the server there. After some testing, we have
David,
David Franco-Rocha wrote:
B) Your software is NEVER downgraded
for any reason, either automatically or otherwise
hmm - would you kindly shut down your key server for awhile and monitor
the list in the meantime?
-Nick
We have had a few reports from
customers who
delete any junkmail then there is no benefit
-Nick
So, with or without AVAFTERJM, it looks like each message is scanned by the virus
scanner (which makes sense to me). If that is so, then how does it
cut down on machine resources?
Friday, January 27, 2006, 9:43:19 AM, Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTE
much
and I have such hard time getting the results I want!
Bill,
As I recall you were putting together a group of neat scripts to run
against our logs - did that ever happen and I missed it? It sure would
be helpful... !
Thanks
-Nick
I did some speed tests a long time ago, and found
Excellent.
Thanks Bill -
-Nick
Bill Landry wrote:
Nick, I put this together quite some
time ago and have sent it to people upon request. Hopefully posting it
here will make it more widely accessible. At least it can point you to
some tutorials and give you a sampling of how
David Barker wrote:
The next release of Declude
which is currently being tested and soon to be released
ahh David - wanna share? What will the new ver have to offer? :)
-Nick
David B
www.declude.com
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf
\bin\clamdscan.exe --quiet --log-verbose
--no-summary --max-ratio 0 -l report.txt
VIRUSCODE31
-Nick
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
I been asked to remove the block I have on these - and since I have
forgotten why I am blocking them Is there a valid reason to block
these?
Thanks in advance
-Nick
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED
Hi John,
I was referring to file attachments that had a .url extension - I have
that extension banned in my virus.cfg and wondered why -
-Nick
John T (Lists) wrote:
You nor I nor Declude nor any one knows where that leads too. You can not
scan the destination for a url.
John T
Bill,
Will you kindly elaborate? :)
I see in clamd.conf the MailFollowURLs but the advice is not to use it -
-Nick
Bill Landry wrote:
ClamAV can be configured to scan URLs, if so desired.
Bill
- Original Message - From: John T (Lists)
[EMAIL PROTECTED]
To: Declude.Virus
Thanks!
-Nick
John T (Lists) wrote:
Yep,
exactly what I meant. I ban them as
there is no way to scan them (Although Bill says ClamAV can do it) to
know what
they are going to lead to.
John T
eServices
For You
"Seek,
and ye shall
find!"
---
I enabled it on one of the windows clamav boxes. I'll see what happens.
Thanks
-Nick
Bill Landry wrote:
Nick, it's advised not to use it because it take additional time to
process e-mails with embedded or attached URLs, since it has to
simulate a user and access the URL in order to scan
response time for AVG
-
-Nick
John Shacklett wrote:
Sorry for the tardy response, I've been traveling.
I used mcafee on my old system in combination with f-prot, and never had any
problems there either. On my new box [new since May], I started out with a
different program from eTrust because
I have noticed now with 4x that if ClamAv is the first scanner it fails
- it cannot find the file to scan. However it it is moved to the 2
'hole' or 3 'hole' - identical config otherwise - it works like a charm.
Does any one else see this anomolie?
-Nick
---
This E-mail came from
Mine is 9/8.
-Nick
Mark Reimer wrote:
What are the latest AVG
updates that everyone has? Im
worried that my AVG stopped updating for some reason. Or is it from
Declude
moving all their stuff around?
Mark Reimer
IT Project Manager
American CareSource
214-596-2464
26
REVDNS END ENDSWITH 1001.com
BODY END NOTCONTAINS postcards.org
HEADERS 5 CONTAINS @postcards1001.com
BODY 5 CONTAINS .exe
-Nick
The link actually takes you to
http://www.lkkm.cz/help/postcard.gif.exe
Failure I do believe, probably ClamD is not running?
-Nick
Markus Gufler wrote:
Does anyone know what exit codes ClamAV has and what they mean?
From 2006-09-27 06:50PM on I can see a huge number of
Virus scanner 2 reports exit code of 2
...in the virus-logfile.
Markus
---
This E-mail
Darrell ([EMAIL PROTECTED]) wrote:
Also, for me to get the virus name I had to use the wrapper.
fyi - The names are otherwise recorded in the clamd.log
-Nick
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
Hi David,
What will this release contain?
-Nick
David Barker wrote:
We had scheduled a release for 31 January 2007, which we are delaying for
some changes next date is Monday 5 February 2007
Thanks
David Barker
Director of Product Management
Your Email security is our business
978.499.2933
Thanks David
-Nick
David Barker wrote:
FIX ZEROHOUR passing weight to SM when email WHITELISTED
FIX Ignore Case checking in Imail Address book 2006
FIX Improved performance when OUTBOUNDSPAMSCANNING OFF
FIX Updated CommTouch ZEROHOUR Dll
FIX EXITSCANONVIRUSDETECT ON works
Exit code of 2 means ClamAV had an error - Is clamd running? will
clamdscan.exe file to be scanned work? eg no parameters?
-Nick
Gary Steiner wrote:
Ever since I upgraded to ClamAV 0.90.1-2 (the SOSDG windows port), I've been
unable to get it to work. The Declude log files show an error
fyi -
Original Message
Subject: [clamav-announce] Problems with ClamAV/SOSDG For WIndows
0.90.1-1 and -2
Date: Tue, 13 Mar 2007 14:20:20 -0400
From: Bri Bruns [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Okay, been getting reports of people having problems with the
fyi -
Original Message
Subject: [clamav-announce] ClamAV/SOSDG For Windows 0.90.1-3 Is Now
Available
Date: Wed, 14 Mar 2007 16:02:48 -0400
From: Bri Bruns [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Hello all,
With help from various people, I've got a new build of
fyi -
Original Message
Subject: [clamav-announce] ClamAV/SOSDG 0.90.2-1 has been released!
(Security Fix)
Date: Fri, 13 Apr 2007 17:05:54 -0400
From: Brie Bruns [EMAIL PROTECTED]
Organization: The Summit Open Source Development Group
To: [EMAIL PROTECTED]
Hello
David -
At times like this its OK to sigh these emails: David your pinata Barker
:)
-Nick
From: David Barker dbar...@declude.com
Sent: Wednesday, June 03, 2009 4:14 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Declude Virus
Thanks Michael for the effort to 'splain! I appreciated it. Make sure you are
using the sanesecurity sigs as well as the MSRBL's
-Nick
MadRiverAccess.com|Skywaves.com Tech Support
US/Canada 877-873-6482 or International +1-802-229-6574
Emergency Support 24/7: supp...@skywaves.net
General
74 matches
Mail list logo