http://oss.netfarm.it/clamav/
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Gary
Steiner
Sent: Wednesday, November 24, 2010 12:32 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] ClamAv / ClamWin with Declude
What version or port of
I'm pretty small (125 employees), so encrypted zip files are rare and they
get blocked.
I'll manually reprocess them after getting an alert email.
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Todd
Richards
Sent: Tuesday, November 16, 2010
. How do you manually process them?
Do you go in and disable the block, reprocess the email, then put the block
back?
Todd
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Scott
Fisher
Sent: Tuesday, November 16, 2010 10:28 AM
To: declude.virus@declude.com
Subject: RE
Speaking of versions.
I'm running 4.10.42
I noticed there is a 4.10.48 available but no email notice or release notes.
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Wednesday, April 28, 2010 8:12 AM
To:
Can I replace the decludeproc.exe or is a upgrade install needed?
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Monday, June 01, 2009 2:38 PM
To: declude.junkm...@declude.com; declude.virus@declude.com
Subject: [Declude.Virus]
.
Scott Fisher
Director of IT
Farm Progress Companies
255 38th Avenue, Suite P
St. Charles IL 60174-5410
630/462-2323
fax 630/462-2957
sfis...@farmprogress.com
www.farmprogress.com http://www.farmprogress.com/
This email message, including any attachments, is for the sole use of the
intended
I use the runclamscan program to call clamav. Here's my virus.cfg lines
SCANFILE1 c:\clamav\runclamscan.exe log=1 C:\clamav\clamdscan.exe --quiet -l
report.txt
VIRUSCODE1 1
REPORT1 FOUND
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Dodell
,
What version of Declude ?
Are you using the directive AVAFTERJM ON?
David
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott
Fisher
Sent: Friday, July 27, 2007 3:06 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] exe in zip file why not blocked...
I
switching this OFF to see if it
resolves the issue.
David
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott
Fisher
Sent: Monday, July 30, 2007 10:27 AM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] exe in zip file why not blocked...
Declude 4.3.57
q18d4010e464c.smd Scanned: Error in virus
scanner. [MIME: 2 19668]
virus.cfg lines:
BANEXTexe
BANZIPEXTS ON
I believe this should have been blocked (regardless of the problem with
scanner 2).
Scott Fisher
Dir of IT
Farm Progress Companies
191 S Gary
The -mbox parameter died in .90.1 series.
I'm still using the other two:
SCANFILE1 d:\imail\declude\runclamscan.exe log=1
C:\clamav-devel\bin\clamdscan.exe --quiet --max-ratio 0 --max-space 1M -l
report.txt
- Original Message -
From: Mark Reimer
To: declude.virus@declude.com
being refused (111).
rsync error: error in socket IO (code 10) at clientserver.c(104)
[receiver=2.6.9]
any idea what I should do?
thanks
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott
Fisher
Sent: Monday, March 26, 2007 9:19 AM
To: Declude.Virus
SKIPIFVIRUSNAMEHAS Email.Malware
SKIPIFVIRUSNAMEHAS Html.Malware
-
Scott Fisher
Director of IT
Farm Progress Companies
191 S Gary Ave
Carol Stream, IL 60188
630-462-2323
This email message, including any attachments, is for the sole use
I definitely still getting them with Clam .90
They only happen here when I run clamav as a service. When I run it as a
non-service (which is CPU foolish), I don't get these.
I also use the clamscan wrapper (runclamscan.exe), so that might be in the
mix.
- Original Message -
From:
How about native Declude support for Clam AV like AVG?
That would be nice.
- Original Message -
From: Gary Steiner [EMAIL PROTECTED]
To: declude.virus@declude.com
Sent: Thursday, March 01, 2007 11:57 AM
Subject: Re: [Declude.Virus] Current Version of Clam AV
Does anyone want to
One drawback of spamdomains:
I believe the spamdomains compares the smtp sender with the revdns.
Many phish will come from a SMTP sender of [EMAIL PROTECTED] and
thus won't fail a spamdomains test.
I second the CLAMAV with sanesecurity phish addons.
- Original Message -
From: Darin
Maybe you love to hate them?
- Original Message -
From: Matt
To: declude.virus@declude.com
Sent: Thursday, January 04, 2007 3:23 PM
Subject: Re: [Declude.Virus] I'm currently on a business trip down south and
will be returning January 5th, 2007. If t
I hate
Does Declude check for banned extension in RAR files?
If not, please add this to the wish list. RAR files are becoming more popular
and it is difficult to ban RAR files.
I had an email come in with an .EXE file in a RAR file. So I believe it doesn't.
---
This E-mail came from the Declude.Virus
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Wednesday, December 06, 2006 7:40 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] EXE in RAR file
Does Declude check for banned extension in RAR files?
If not, please add this to the wish list. RAR
-David
Since it is out there,
I also have seen rare D* messages without Q* file stranded in the work
folder also.
For me about 2 a month. They tend to be spam (of course so does 80% of all
mail).
If it is a legit message, I'll just forge up a corresponding Q* message and
reprocess them.
It looks like the Stration worm is causing
backscatter today:
The W32/Stration.drvirus drops the mass
mailing worm W32/[EMAIL PROTECTED]. that uses its own SMTP
engine to send itself to the email addresses that it harvests on the infected
computer. The W32/Stration.dr is written
using
Here are mine:
declude\scanners\AVG\db\avi7.avg
2/21/2006 1:27 PM
declude\scanners\AVG\db\miniavi.avg 9/6/2006
9:40 AM
declude\scanners\AVG\db\microavi.avg 9/7/2006
3:42 PM
declude\scanners\AVG\db\incavi.avm 9/8/2006
10:43 AM
- Original Message -
From:
Mark
Reimer
I used (and probably posted the --max-ratio 0 ).
The max-ratio defines the maximum compression ratio for scanned files. I
kept getting legit text files that were zipped that were over ratio, so
that's why I why I went to the max-ration 0.
- Original Message -
From: Gary Steiner
like Gary's configuration is quarantining emails based on any
non-zero return code from ClamAV and that this is not the behaviour he
really wants.
Comments? Flames?
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Scott Fisher
Sent: Thursday
Just kind of curious which scam this is targeting?
Pump and Dump stock?
Work at home?
419/Lottery scams?
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: declude.junkmail@declude.com; declude.virus@declude.com
Sent: Monday, August 07, 2006 3:39 PM
Subject: [Declude.Virus]
Your command lines exactly matches my Clamav lines which are working.
I'm using Declude 3.x
- Original Message -
From: Gary Steiner [EMAIL PROTECTED]
To: declude.virus@declude.com
Sent: Friday, July 14, 2006 4:43 PM
Subject: [Declude.Virus] Declude error, not ClamAV error
Upon
as every instance we have seen of this has been invalid email.
I certainly regularly receive incorrectly formatted email. I'm pretty small
volumne, but looking over my logs (I have an external test for this
condition), it is 111 non-spam messages this month.
My email volume is pretty low.
I'm curious if there is a concensus out there on
which ALLOWVULNERABILITY are appropriate to use?
ALLOWVULNERABILITY
OBJECTDATA
HTML Object Data Vulnerability
ALLOWVULNERABILITY
OLCR
Outlook CR Vulnerability
ALLOWVULNERABILITY
OLSPACEGAP
I don't think Declude can do this.
This might be possible with your individual virus
scan engines:
Viruscan has a command line parameter
/MAXFILESIZE
so /MAXFILESIZE 5 would not scan files over 5
MB.
ClamAV has a limit of how much to check from
archives (I believe they mean zip files).
I originally had them banned, but then I got tired of reproecessing the
legit email that had the attachments, so they are allowed in here.
- Original Message -
From: Nick Hayer [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Tuesday, April 11, 2006 2:09 PM
Subject:
-Craig,
you can use runclamscan which is a wrapper program
that returns the virus name to Declude.
http://www.smartbusiness.net/imail/declude/
- Original Message -
From:
Craig
Edmonds
To: Declude.Virus@declude.com
Sent: Wednesday, March 08, 2006 3:27
AM
Remotehost Yes. Reciphost no.
Declude 3.06
.eml:
REMOTE HOST NAME: %REMOTEHOST%
RECIPIENT HOST: %RECIPHOST%
result:
REMOTE HOST NAME: farmprogress.com
RECIPIENT HOST:
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday, March 08,
Very similiar problem here.
I have a vir folder left over with a filename of 0.
Imail 8.22 , clamav 0.88-2 (SOSDB Cygwin version), Declude 3.06.
Using runclamd and runclamscan wrapper
- Original Message -
From: Ken Weise [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday,
Here's my clam command line:
SCANFILE2 d:\imail\declude\runclamscan.exe log=1
C:\clamav-devel\bin\clamdscan.exe --quiet --mbox --max-ratio 0 --max-space 1M -l
report.txt
I call clamdscan.exe not clamscan.exe
I use the runclamscam wrapperL
This program is just a wrapper calling clamscan or
Here's a couple of parameters I personally
use for Clam-AV:
--max-ratio 0 --max-space 1M
max ratio sets a maximum ratio for compressed
files. I've had zip files that contained txt files get false positives. Setting
it to 0 disables this test.
max space sets the maximum amount of
My guess is they refer to different builds of
clamav.
- Original Message -
From:
Goran Jovanovic
To: Declude.Virus@declude.com
Sent: Monday, March 06, 2006 9:44
AM
Subject: [Declude.Virus] CLAMSCAN Scanner
Command Line
Hi,
I have just added the
I use runclamd and run it as a service.
clamscan is pretty CPU intensive.
Using clamdscan with the clamd service really cuts down on the CPU time.
- Original Message -
From: Goran Jovanovic [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, March 06, 2006 3:38 PM
Subject:
As a followupon last week's discussions on
the SaneSecurity phish definitions for ClamAv.
ClamAv (without SaneSecurity) caught 273 phish for
me in February (all 28 days).
SaneSecurity definitions caught 178 phish for me in
the last 8 days of February.
McAfee caught 118 and none after I
I running clamav as one of my scanners. The
SaneSecurity is an additional defintion database named phish.ndb.
I put the phish.ndb into my
c:\clamav-devel\share\clamav folder and it does all of the rest.
- Original Message -
From:
Colbeck,
Andrew
To:
Personally I haven't seen any false positives. I
spot checked a few messages, and they were phish. All of the subject lines are
definitely phishy.
I whitelisted the Declude support lists, so I don't
have any concerns about blocking the support lists.
What I also liked was that it only took
If your Imail, I'd go to 3.0.5.23... That had a licensing fix.
This release fixes a bug in the IMail version of Declude whereby the wrong
service level (Pro, Standard, Lite) was being reported. This issue affected
IMail users only.
- Original Message -
From: John Pearson [EMAIL
-Barry,
I did not receive the email sent to every customer
(and I have Declude whitelisted). That irks me even more.
Not having received the email, this all comes
straight out of left field for me. If I had received the email, perhaps it
wouldn't be such an unpleasant shock.
It certainly
I upgraded to clamav 0.88-1 yesterday (and 0.88-2
today) and since the upgrades,
I'm seeing sporadic .vir folders left behind. These
all have a file name 0 in them
02/03/2006 10:04:08.258 q7eb10620bac6.smd
WARNING: Couldn't remove .vir directory
COPYFILE does not add any Declude
headers.
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Friday, January 27, 2006 1:28
PM
Subject: Re: [Declude.Virus] Feature
request: DELETEVIRUSNAME
Dan,You might try COPYFILE which is essentially HOLD,
Thanks, Matt that'll be helpful.
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Friday, January 27, 2006 2:32
PM
Subject: Re: [Declude.Virus] Feature
request: DELETEVIRUSNAME
Sorry. If you add the following directive to your
Global.cfg it
Excellent idea!
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday, January 25, 2006 4:37 PM
Subject: [Declude.Virus] Feature request: DELETEVIRUSNAME
Maybe someone has already requested it:
Why not allow commands like
When I used AVG it was consistantly in the back of
the pack for virus detections.
It lagged so badly at the beginning of the
encrypted zip days, that I had to swap it out with Clam.
It had pretty good scanning times.
I use FProt, Clam AV as a service and Mcafee
VirusScan.
From a cost
I use a customized version of Mailpure's antiav filter. I then combo this
with a mailfrom-postmaster filter to add points when the bounce comes from a
postmaster.
- Original Message -
From: Marc Catuogno [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday, November 23,
I use F-Prot 1, McAfee 2, Clam 3
I use the Cygwin version of clam with runclamd and runclamscan. You'll find
those at http://www.smartbusiness.net/imail/declude/
runclamd runs clam as a service. much faster.
runclamscan returns a virus name to Declude
Don't forget this is allowable:
#
#
I would consider 3.0.5.10/11 interim releases... Scott would never have
documented them.
I too would like to see the release notes updated with each and every
version...
but it's a long long standing issue.
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To:
So I though with Declude 3 running ok, I'm going to
try the clam av service again.
I'm running into a problem with
runclamd
when I issue a runclamd -start, these log messages
are produced
10-20-2005 11:42:39
SERVICE_START_PENDING10-20-2005 11:42:39 Status:
410-20-2005 11:42:41
I block all encrypted zips based on the fact that I can't virus scan them.
But then again I'm slightly paranoid and should not be trusted with sharp
objects.
- Original Message -
From: Kevin Rogers [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Tuesday, October 11, 2005 3:08
I've caught 76 conflicting encoding messages with
EVA this month all 3 days. All spam messages.
What's odd is I've I had 53 conflicting encoding
messages the whole last month.
Is this a change in Declude 3.05 or a shift in my
spammers?
Arrrggg.
Mr. Obvious says if you rename the
win_netware_betadat.zip, wget will never find a file to compare it to and will
always download the update.
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 5:34
PM
Subject:
Great catch Matt.
Mine's gone too since August 2
Thank you Declude for multiple virus scanner
option.
Try:
http://download.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip
From:
Here's the Mcafee page:
http://vil.mcafeesecurity.com/vil/virus-4d.asp
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 2:26
PM
Subject: Re: [Declude.Virus] Seemingly
bad virus this morning
This is a new Bagel
-Matt,
Does the wget -N command work for you with
Mcafee.
I also use the -N and get the full download every
time.
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 4:13
PM
Subject: Re: [Declude.Virus] Seemingly
bad
You can't do an internet reboot on a Friday. You need to wait until the
weekend.
- Original Message -
From: Matt [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, September 09, 2005 10:48 AM
Subject: Re: [Declude.Virus] Sudden Internet Slowdown
Maybe someone should
http://www.mail-archive.com/declude.virus@declude.com/msg12070.html
This vulnerability is triggered if the file format diverges from the
official ZIP format specification.
- Original Message -
From: Grant Griffith [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Tuesday, August
not put things in the correct format.
Thanks,
Grant Griffith
EI8HTLEGS, A Division of ETC
(812)932-1000
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Tuesday, August 09, 2005 2:09 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus
...and hope that Declude or the AV-Engine will catch this vulnerability as
soon as possible.
I completely agree. As a publishing company we receive lots of large jpeg
files and the thought of having to virus scan all those, makes my mail
server want to run and hide.
I'd like to see a
I use skipext to bypass some of my larger file
types:
SKIPEXTEPSSKIPEXTGIFSKIPEXTinddSKIPEXTJPGSKIPEXTJPEGSKIPEXTMPGSKIPEXTMPEGSKIPEXTMOVSKIPEXTP65SKIPEXTPMDSKIPEXTPDFSKIPEXT
PSDSKIPEXT QXDSKIPEXT TIFSKIPEXT
TIFF
Of course by skipping these extensions (especially
the jpeg and PDF) I do run
Yes I have seen them too:
email starts with:
Dear Valued Member, According to our site policy
you will have to confirm your account by the following link or else your account
will be suspended within 24 hours for security reasons.
- Original Message -
From:
Jim Matuska
I also use Terry's runclamscan with no issues.
I have had rare email melt downs when I was running runclamd. I could never
pin it firmly on anything. So I stopped the runclamd to see how it handles.
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To:
P.S. You can schedule freshclam often because it makes a DNS call to
determine if there is a new version of the database, it will only download
if that DNS result tells it to.
Very efficient. I schedule freshclam every 15 minutes.
- Original Message -
From: David Sullivan [EMAIL
One other ClamAV tip.
If you can afford the performance hit and can use PRESCAN OFF, clamav will
be a very effective Phish blocker.
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, June 03, 2005 3:20 PM
Subject: Re[2]:
was sent from 206-72-95-86.wi.skypipeline.com ([206.72.95.86]) or
in the X-Declude-Sender field?
Maybe I should just use the HEADERS 0 CONTAINS instead.
Thanks again.
Scott Fisher wrote:
One caveat. The MAILFROM uses the envelope mailfrom, which is different
than the ones displayed
I'm running 2.0.6.16 and would consider it as stable as 1.82
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: John Carter Declude.Virus@declude.com
Sent: Friday, June 03, 2005 2:02 PM
Subject: Re[4]: [Declude.Virus] Second Scanner
Looks like I have clam up and
One last ClamAV comment...
I've added the command line switch --max-ratio 0
I've had some false positives on some .zip files that forced me to add the
switch.
- Original Message -
From: Terry Fritts [EMAIL PROTECTED]
To: David Sullivan Declude.Virus@declude.com
Sent: Thursday, June
Matt posted speed comparison's I'd say about a year ago.
I use F-Prot
ClamAV
and McAfee
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Thursday, June 02, 2005 4:50 PM
Subject: [Declude.Virus] Second Scanner
I know this comes up every
If you've got pro, you could add a filter:
MAILFROM10 CONTAINS [EMAIL PROTECTED]
that will check the envelope mailfrom.
To check for those addresses in the headers:
HEADERS 10 CONTAINS [EMAIL PROTECTED]
Another option is to update your virus software more often to minimize the
opportunity
for outgoing messages, and add it to your $default$.junkmail as
well.
Lastly, make sure you have a carriage return at the end of the
fromblacklist.txt to avoid the last line being ignored..
Darin.
- Original Message -
From: Scott Fisher [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent
MAILFROM10 CONTAINS [EMAIL PROTECTED] in
virus.cfg or global.cfg? Do I need to use another file?
If I use the HEADERS option HEADERS 10 CONTAINS [EMAIL PROTECTED]
- where would I put that?
Sorry for the newbie questions.
Kevin
Scott Fisher wrote:
If you've got pro, you could add a filter
I'll second the EXITSCANONVULNERABILITY option.
There is an occasional need to requeue a message
that false positived on a vulnerability, so I would myself prefer that all those
messages would be checked for viruses.
I'd run:
EXITSCANONVIRUS ON
EXITSCANONVULNERABILITY OFF
I think it would
I've seen it here rarely also.
Not positive here but here is a theory:
The zip file may gave been created on a Mac and contain some Mac specific
size 0 files?
- Original Message -
From: Paul Navarre [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, May 27, 2005 12:54 AM
Mcafee command line.
If you can find a license it should run about $25 a year.
- Original Message -
From: Chuck Schick [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, May 02, 2005 4:02 PM
Subject: [Declude.Virus] F-Prot Alternative
We have been running F-prot as the virus
I haven't seen anything obvious in a quick glance through today's logs.
Do you have an example?
Usually, I just force another download of the dats.
- Original Message -
From: Matt [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, April 25, 2005 3:42 PM
Subject: [Declude.Virus]
I also had to add the SKIPIFVIRUSNAMEHAS Mytob to my eml files.
- Original Message -
From: John Carter [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, April 15, 2005 2:53 PM
Subject: RE: [Declude.Virus] Skipifforging not working on Mytob
Shayne:
I haven't heard anything
I had some today that fit this description.
Mcafee found them as: the W32/[EMAIL PROTECTED]
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Thursday, April 14, 2005 4:19 PM
Subject: [Declude.Virus] Possible new virus?
I have
Cox wrote:
Yep. I just added
SKIPIFEXTCOM to my bannotify.eml
yesterday.
Darin.
- Original Message -
From: Scott
Fisher
To: Declude.Virus@declude.com
Sent: Tuesday,
March 15, 2005 3:31 PM
Subject:
[Declude.Virus] Spam
Title: Message
1.82 is what I am running.
I get an IP address with vulnerabilities and with
viruses but not withBanned file extensions.
- Original Message -
From:
Andy Schmidt
To: Declude.Virus@declude.com
Sent: Wednesday, March 16, 2005 11:38
AM
Subject: RE:
F-Prot was catching some price...zips
Mcafee caught one at 6:30
But then this appears:
03/01/2005 09:09:30 Q8599093a02820e36 MIME file: price.zip [base64;
Length=15789 Checksum=2053241]
03/01/2005 09:09:30 Q8599093a02820e36 Banning .ZIP file with exe extension.
03/01/2005 09:09:33
Try adding this to your command line:
--max-ratio 0
The support compression ratio feature (--max-ratio). Overly compressed files
may get falsely detected. I believe the 0 turns it off.
it worked for me.
- Original Message -
From: Hirthe, Alexander [EMAIL PROTECTED]
To:
I'd like to submit this for a Declude Virus feature
change:
I like having Prescan OFF to provide the maximum
amount of protection that I can.
I also run 3 virus scanners.
I'm wondering if it would possible to migrate the
Prescan parameter into the virus engines definitions to turn it on
If you wish the banned file extensions to apply to files with .ZIP files,
you can add a line BANZIPEXTS ON to your \{MAILSERVER}\Declude\virus.cfg
file. For example, if you have a line BANEXT EXE and BANZIPEXTS ON, then
.EXE files within .ZIP files will be blocked. You can also use BANEZIPEXTS
ON
the BANZIPEXTS ON is for non encypted zips
the BANEZIPEXTS ON is for encrypted zips
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, January 31, 2005 2:30 PM
Subject: Re[5]: [Declude.Virus] RAR Support - why not?
Hello Scott,
These seem to be the changes I have
made:
Looking at my config:
Change the BANEXT to ban what extensions you want
to ban.
Decide what to do with Zip files:
BANEXT EZIP to ban encrypted zip files if you can
get away with it
BANZIPEXTSON to apply Banned Extensions to
contents of Zip files
A plus to Symantec for me is that since I can't use Symantec for my Declude
e-mail protection, and I do use it on workstations and servers, any e-mail
virus needs to make it through an additional and different A/V program on
the desktop. The higher the hurdle, the less that can make the leap.
I have noticed this problem with large files, usually TIFFs.
No solutions though...
-- Original Message --
From: John Carter [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 15 Nov 2004 16:44:35 -0600
Has anyone using ClamAV had problems with it
I use this version of clamav: http://www.sosdg.org/clamav-win32/index.php
with this wrapper to get virus names:
http://www.smartbusiness.com/imail/declude/
My global.cfg lines:
SCANFILE2 d:\imail\declude\runclamscan.exe log=0
C:\clamav-devel\bin\clamdscan.exe --quiet --mbox -l report.txt
Since these are HTML segments, my guess this is
another case of where Declude Virus Pro's Prescan would need to be turned off
for these to be scanned.
I am catching these segments with Prescan off with
Clam and Mcafee.
- Original Message -
From:
Greg Little
To: [EMAIL
I've been getting some infrequent Declude bans of
EXE files with little or no size that the sender's system must have stripped out
the virus portion.
Looking through my reports, I note I have never
seen an Invalid EXE vulnerability. I see Invalid BAT, COM, CPL, PIF and
SCR.
Is there such a
That's good news.
Thanks!
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, November 08, 2004 11:50 AM
Subject: Re: [Declude.Virus] Invalid EXE vulnerability question
I've been getting some infrequent Declude bans of EXE files with
I use ClamAV.
Overall it is very effective. More effective than FProt and AVG. About the
same as Mcafee.
If you are willing to turn Prescan OFF, it is good at catching Phish too.
It did have some bad defs last month that caused about 15 emails to be
mis-flagged.
- Original Message -
And the link to that helper/wrapper is here:
http://www.smartbusiness.com/imail/declude/
- Original Message -
From: Brad Morgan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 03, 2004 11:14 AM
Subject: RE: [Declude.Virus] BitDefender
I'm using both at the moment.
Looking at today and yesterday's logs, F-Prot has been catching these here.
It was just two viruses shy of Clam/AV in yesterday's results.
Virus updates current?
- Original Message -
From: Chuck Schick [EMAIL PROTECTED]
To: Declude. Virus [EMAIL PROTECTED]
Sent: Tuesday, November 02,
It's Friday afternoon and I've cleared out my 1000
messages from the Imail Forum, so I can't resist...
Isn't Declude for Exchange part of the
soon-to-be-announced Declude Collaboration Suite (DCS)? ;) or is it :(
?
- Original Message -
From:
Jim Matuska
To: [EMAIL
Also make sure your F-prot is current and your command line switches have
been updated to work with the more current version. About 2 or so months ago
a command line switch was changed regarding scanning zip files.
you could add a BANNAME RAPIDSYS.COM.ZIP line in the virus.cfg. Odds are you
won't
]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Thursday, October 07, 2004 2:41 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Recommended Scanner
My personal scores from best to worst:
Clamav (been only a week, but it hasn't missed one) and free (Also
catches
some phish
I installed it I couldn't figure out if it was in and
Declude kept throwing me an error. What is your Declude config line ?
Thanks -
Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Thursday, October 07, 2004 2:41 PM
1 - 100 of 132 matches
Mail list logo