Well, there's always the Declude.Releases mailing list. Not sure that I've
ever received anything on that one. Maybe they need to make another one and
call it Declude.News.
I'd refer people to Declude's User Forums, but they seem to be extremely under
utilized by both Declude users and
I've been running with 3.x for over a month, but I just now realized that since
I upgraded I am no longer receiving the Declude Virus caught a virus
messages. Declude is catching viruses, I'm just not receiving email
notification. I don't believe I changed anything in the virus.cfg file that
, but you might request the
pre-release if you need to have the notifications.
Bill
- Original Message -
From: Gary Steiner [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Tuesday, November 22, 2005 2:14 PM
Subject: [Declude.Virus] Declude virus notification
I've been
Does this mean that vulnerability notifications are not available for
SmarterMail?
Gary Steiner
Original Message
From: David Barker [EMAIL PROTECTED]
Sent: Wednesday, November 30, 2005 11:13 AM
To: Declude.JunkMail@declude.com, Declude.Virus@declude.com
Subject
I was told the 3.0.5.21 version fixes the problem in IMail but not in
SmarterMail.
Since I'm using SmarterMail, I'm waiting for version 3.0.5.22.
Gary Steiner
Original Message
From: John Carter [EMAIL PROTECTED]
Sent: Monday, December 05, 2005 3:22 PM
To: Declude.Virus
Is this a Declude issue or an IMail issue? I'm using Declude 3.0.5.22 with the
latest version of SmarterMail, and I haven't seen this behavior at all. Have
any other SmarterMail users out there seen this behavior?
Gary
Original Message
From: marc [EMAIL PROTECTED]
Just looking at my server stats for yesterday, there were only two Sobers
caught by EVA as viruses. All the rest were caught by Junkmail as spam.
Original Message
From: Colbeck, Andrew [EMAIL PROTECTED]
Sent: Saturday, January 07, 2006 12:11 AM
To:
settings?
I see in the EVA manual that I can turn this off using
ALLOWVULNERABILITY OLSPACEGAP
but do I really want to do that?
Thanks,
Gary Steiner
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list
Is anyone using one of the various Windows ports for ClamAV under W2K3? If so,
which one is best?
Thanks,
Gary Steiner
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail
domains depending on the language of the customer
(recip-en.eml and recip-es.eml). I believe this can be done in Junkmail, but
can it be done in EVA?
Thanks,
Gary Steiner
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus
If you take a look at the DOS version of F-Prot
ftp://ftp.f-prot.com/pub/dos/fp-316b.zip
you will find that it contains a file called COMMAND.TXT that seems to explain
everything. I've attached it below:
The command-line options
F-PROT.EXE is usually run without any
What is the value of the AI switch? I see it (and others related) explained
on the F-Prot web site, but I don't understand why one would use it or not use
it. Nor does it tell you what the default is.
/HEUR - Uses heuristic scanning of files.
/NOHEUR - Doesn't use heuristic scanning of
Wnen Declude uses a virus scanner to detect a virus, you are able to place a
message in the header of the held file such as:
X-Declude-Virus: Detected W32/[EMAIL PROTECTED] [from IP 200.52.83.152
(152.83.52.200.in-addr.arpa)].
However, when a banned file (such as a .exe in a .zip) is held, no
Original Message
From: Gary Steiner [EMAIL PROTECTED]
Sent: Monday, April 24, 2006 8:46 PM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] banned file mentioned in header?
Wnen Declude uses a virus scanner to detect a virus, you are able to place a
message
viruses slipped through? Unfortunately the eicar tests don't have an hta to
use, so the only way I have to test this is with a live virus. The Feebs virus
isn't one of the more common ones, but all it takes is one to get through to
spoil the day of one of my customers.
Gary Steiner
?
Gary,
I do believe that messages that have been re-queued do not get scanned
a second time. If they did, you would never be able to re-queue
anything since it would be continually caught.
Dean
On 5/18/06, Gary Steiner [EMAIL PROTECTED] wrote:
Back on May 9 my server was hit
I asked about the possibility of per domain replies several months ago. I
would hope that it has already been placed on the wish list.
It is especially useful when you have users speaking different languages and
you want to have language specific messages linked to each domain.
Gary
I just started receiving copies of a new virus that F-Prot flags, but with the descriptive label of "Unknown" (at least out of Declude). The messages are all around 86k in size, and contain a gif and an encrypted zip file. It pretends to be sending you a password for some unnamed
In your virus.cfg, make sure you have this:
BANCRVIRUSESON
and do not have this:
ALLOWVULNERABILITY OLCR
That should do it.
Original Message
From: Rick O'Connor [EMAIL PROTECTED]
Sent: Saturday, July 01, 2006 1:19 PM
To: declude.virus@declude.com
Subject:
I recently installed ClamAv as my third scanner after AVG and F-Prot. For some
reason it indicates an error related to the attachment when it detects a virus
(Attachment=[Unknown: Err]). Here is an example from the Declude virus log
file:
07/13/2006 19:32:18.843 366626185 Vulnerability flags
help
Goran Jovanovic
Omega Network Solutions
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
Steiner
Sent: Friday, July 14, 2006 1:16 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] ClamAV error
I recently installed ClamAv
Upon further research, the statement Attachment=[Unknown: Err] is generated
by Declude, not ClamAV. So does Declude have a problem with ClamAV?
Original Message
From: Gary Steiner [EMAIL PROTECTED]
Sent: Friday, July 14, 2006 1:32 PM
To: declude.virus@declude.com
Subject
: [Declude.Virus] Declude error, not ClamAV error
In other log lines Declude states it is an invalid/bogus pif file. That
might explain it.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
Steiner
For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
Steiner
Sent: Friday, July 14, 2006 7:08 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Declude error, not ClamAV error
I get the error
will we be seeing this new feature next week? :)
Goran Jovanovic
Omega Network Solutions
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Gary
Steiner
Sent: Tuesday, June 20, 2006 3:24 PM
To: declude.virus@declude.com
Subject: re
a virus is detected, it uses any and all .eml files except for
vulnerability.eml.
So yes, you could do that.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
Steiner
Sent: Thursday
for if the infected email
is incoming and one for if the infected email is outgoing.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
Steiner
Sent: Thursday, August 10, 2006 9:05 PM
I have an email that was held as a virus after ClamAV was triggered with the
result Oversized.RAR FOUND. I looked for an explanation but couldn't find
anything detailed. Apparently this is due to some type of bug in ClamAV that
shows up with certain RAR or ZIP files.
I found one posting that
If you want to submit a virus, don't forget about ClamAV:
http://www.clamav.net/sendvirus.html
The nice thing about them is when they've used your sample to update their
definitions, they will actually send you an email telling you this.
Original Message
From: Colbeck,
Is the command FORGINGVIRUS still used? It doesn't seem to be mentioned in the
new manuals on the Declude web site, or in the knowledgebase either.
My main question is how does FORGINGVIRUS work? Is it looking for any string
within the virus name? For example, will the statement
I think you meant to say SKIPIFFORGING not SKIPIFFORGINGVIRUS.
Original Message
From: John T \(Lists\) [EMAIL PROTECTED]
Sent: Friday, October 27, 2006 7:52 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] AUTOFORGE
Also, how is FORGINGVIRUS different from
Looks like the web page for runclamd and runclamscan
http://www.smartbusiness.com/imail/declude/
has been removed. Hopefully it will continue to be included in future releases
of ClamAv for Windows.
Gary
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just
Good question. David?
Original Message
From: Stephan [EMAIL PROTECTED]
Sent: Friday, December 08, 2006 12:21 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] Re: [Declude.Virus] Declude Security Suite 4.3.23
Released / AVG Vulnerability?
Is the built-in avg
I've seen similar behavior with viruses found by AVG.
Original Message
From: Andy Schmidt [EMAIL PROTECTED]
Sent: Wednesday, December 13, 2006 12:42 PM
To: 'Declude Virus List' declude.virus@declude.com
Subject: [Declude.Virus] Sender.eml was sent even though forging virus?
I was receiving copies of it yesterday (Thursday), but nothing today. All
messages contained a .exe attachment. Since I'm running AVAFTERJM, all the
messages were caught as spam. I did not receive any that were not caught as
spam.
Original Message
From: Heimir Eidskrem
ClamAV catches a lot of them.
Original Message
From: Darin Cox [EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 5:58 PM
To: declude.virus@declude.com
Subject: Re: [Declude.Virus] pay-pal phishing
Message Sniffer does a pretty good job. You can also use the
Here's a strange one. Declude reports that it is detecting a virus in a file
attachment that is a Word document.
AVG Reports VIRUS: Exploit-Dropper.1Table
Yet when I send that same email to VirsuTotal.com, AVG states no virus
detected. And none of the other programs listed on VirusTotal.com
I see that SOSDG released a new version (0.90-1) of their Windows port of
ClamAV on 02-22-2007.
http://www.sosdg.org/clamav-win32/
Has anyone upgraded to it yet? Any problems?
Gary Steiner
Original Message
From: Mark Reimer [EMAIL PROTECTED]
Sent: Friday, February 16
, SURBL/URI integration, MRTG
Integration, and Log Parsers.
- Original Message -
From: Gary Steiner [EMAIL PROTECTED]
To: declude.virus@declude.com
Sent: Monday, February 26, 2007 1:01 PM
Subject: RE: [Declude.Virus] Current Version of Clam AV
I see that SOSDG released a new
62376245.eml
/cygdrive/c/clamav-devel/bin/clamdscan: unrecognized option `--mbox'
ERROR: Unknown option passed.
ERROR: Can't parse the command line
Anyone else seeing anything like this? Did something change in 0.90 to make
these paramenters invalid?
Thanks,
Gary Steiner
---
This E-mail
? will
clamdscan.exe file to be scanned work? eg no parameters?
-Nick
Gary Steiner wrote:
Ever since I upgraded to ClamAV 0.90.1-2 (the SOSDG windows port), I've
been unable to get it to work. The Declude log files show an error like
this:
03/12/2007 19:17:29.359 62376245 Vulnerability flags
The following was just posted to clamav-announce:
Original Message
From: Bri Bruns [EMAIL PROTECTED]
Sent: Tuesday, March 13, 2007 2:43 PM
To: [EMAIL PROTECTED]
Subject: [clamav-announce] Problems with ClamAV/SOSDG For WIndows 0.90.1-1
and -2
Okay, been getting
A new version (0.90.1-3) was posted on the SOSDG web site.
Bri Bruns told me that the --mbox parameter no longer works, so you should
remove it from the line in your virus.cfg file before installing 0.90.1-3.
Gary
Original Message
From: Gary Steiner [EMAIL PROTECTED]
Sent
What do you mean by virus notifications? Email from some mailing list?
Updates to your anti-virus definitions?
Gary
Original Message
From: Dan Shadix [EMAIL PROTECTED]
Sent: Wednesday, March 28, 2007 6:55 PM
To: declude.virus@declude.com declude.virus@declude.com
We've always used the SOSDG port of ClamAV with little problem. The current
version is quite stable. We have it on a W2K3 server using runclamd and
runclamscan.
http://www.sosdg.org/clamav-win32
This is also the same version that SmarterMail has incorporated into their 4.x
release.
I don't
I started getting some messages today that were picked up as spam, but were not
being identified as viruses. They looked suspicious, having subject lines of
Virus Activity Detected!
Spyware Alert!
It containes a .gif message that tells the user to open the .rar file and run
the patch there to
As a followup to this, in my virus.cfg I have BANEXT EZIP. Shouldn't this have
caught the password-protected .rar file? Declude passed the message to
SmarterMail without holding it. I'm running Declude 4.3.46.
Original Message
From: Gary Steiner [EMAIL PROTECTED]
Sent
ClamAV is now picking this up as Email.Phishing.RB-686
Original Message
From: Gary Steiner [EMAIL PROTECTED]
Sent: Wednesday, April 25, 2007 1:48 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] new virus with .rar attachment
I started getting some messages
?
Any suggestions you might have are greatly appreciated.
Gary Steiner
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
to share your virus.cfg
configuration so that we understand the context.
Best Regards,
Andy
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
Steiner
Sent: Wednesday, April 25, 2007 6:39 PM
To: declude.virus@declude.com
Subject: [Declude.Virus
of the message as spam.
Andrew.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Gary Steiner
Sent: Wednesday, April 25, 2007 10:31 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] new virus with .rar attachment
I started getting
It's not that difficult. The legitimate messages with rar attachments are big
(usually 10MB and up) so it's not hard to separate them from the image spam and
common viruses being held in the virus directory.
As mentioned by Craig in an earlier post, it would be nice if Declude added the
Or does this show that there are too many people out there who don't have
anti-virus software on their computers?
Original Message
From: Colbeck, Andrew [EMAIL PROTECTED]
Sent: Tuesday, May 01, 2007 1:11 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] Interesting
submitted it for investigation.
David Barker
VP Operations | Declude
Your Email Security is our business
O: 978.499.2933 x7007
F: 978.988.1311
E: [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
Steiner
Sent
Barker
VP Operations | Declude
Your Email Security is our business
O: 978.499.2933 x7007
F: 978.988.1311
E: [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
Steiner
Sent: Friday, April 27, 2007 4:25 PM
fixed version?
Gary Steiner
Original Message
From: David Barker [EMAIL PROTECTED]
Sent: Wednesday, May 02, 2007 4:19 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude
failures
Yes I apologize I only realized
.
Gary Steiner
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
I'm using the SOSDG port which is currently at version 0.90.3-3c and have not
encountered the problem you describe. Then again, I'm also using SmarterMail,
so don't know if this may be an IMail compatibility problem.
Original Message
From: John Shacklett [EMAIL PROTECTED]
Don't know if this relates to your situation, but hope it helps. I ran into a
problem similar to this, but on a 32-bit machine. It was caused when the
software was installed with an account that had administrator privileges, but
not THE Administrator account. So possibly you are looking at
I've been using the SOSDG version of ClamAV (http://www.sosdg.org/clamav-win32)
with no problem. The is the same version/port of ClamAV that SmarterMail ships
with their product.
The trick is setting it up to run as a service with runclamscan and runclamd.
These are included with ClamAV in
There is an announcement on the SOSDG web site saying they will no longer
support their version of ClamAV.
http://www.sosdg.org/clamav-win32
Is anyone using a different port of ClamAV with Declude? Has anyone had
success with http://www.clamwin.com/ ?
Original Message
Here is a comment by the SOSDG ClamAV author on the SmarterMail forum:
http://www.smartertools.com/forums/p/22257/59718.aspx#59718
Original Message
From: Gary Steiner decludei...@plusultraweb.com
Sent: Monday, December 29, 2008 3:20 PM
To: declude.virus@declude.com
What version or port of ClamAV are you using with Declude? I've been
reading on the SmarterTools forums about the problems with ClamWin, and was
wondering if the majority are using this port or a different one?
SmarterTools has been referring people to this link:
63 matches
Mail list logo
