Only if you also have BANEXT rar.
Do you have junkmail scanning before virus?
John T-Original Message-From: "Gary Steiner" [EMAIL PROTECTED]Sent 4/25/2007 10:44:37 AMTo: declude.virus@declude.comSubject: [Declude.Virus] re: new virus with .rar attachmentAs a followup to t
No name, just the extenesion?John T
eServices For You
-Original Message-
From: Andy Schmidt [EMAIL PROTECTED]
Sent 3/3/2008 9:30:59 AM
To: [EMAIL PROTECTED]
Cc: declude.virus@declude.com
Subject: [Declude.Virus] Invalid Zip VulnerabilityHi, I checked your KB – and
it doesn’t document
Any update or information on this?John T
eServices For You
-Original Message-
From: David Barker [EMAIL PROTECTED]
Sent 6/23/2008 11:36:40 AM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default
I am catching a lot of ZIP-exe files to different addresses from different IPs
starting about 25 minutes ago.John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.Virus.The
I really think these type of comments, while they may be perfectly valid, are
better done off line as they are outside of the scope and purpose of this
list.John T
eServices For You
-Original Message-
From: Patrick Childers pchild...@hgbd.com
Sent 6/4/2009 10:36:30 AM
To:
this changed? John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
this changed? John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.Virus. The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing
Is there a way possible to allow on a per user basis outgoing banned extensions
WITHOUT disabling outgoing virus scanning?
If not, could this be something that could be added?John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail
Any ideas?John T
eServices For You
-Original Message-
From: John T johnl...@eservicesforyou.com
Sent 12/11/2009 11:59:05 AM
To: declude.virus declude.virus@declude.com
Subject: [Declude.Virus] Per user setting
Is there a way possible to allow on a per user basis outgoing banned extensions
Fighting the latest virus, trying to ban open.html file attacements.
Any one able to do this succesfully? I am working with Declude right now to
figure out why it is not being stopped.John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an
The proper procedure is:
Stop Imail SMTP
Stop Imail Queue Manager
Make sure spool\proc and spool\proc\work
are empty of files. If not, wait until they are processed.
Stop Decludeproc
Copy in the new file
Start Decludeproc
Start Imail SMTP
Start Imail Queue Manager
John T
From the manual:
DELETEONVIRUS YES or TRUE
However, once deleted it is gone for good.
Better is to rotate and delete via a scheduled batch file.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Harry Vanderzand
Sent
Matt, what is the payload inside the
zip?
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Thursday, October 06, 2005
9:32 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] New
variant
What is wrong with sharp objects? They make nice clean cuts.
Now, it's the blunt ones that I worry about.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Scott Fisher
Sent: Tuesday, October 11, 2005 1:44 PM
Yah, those doctors and their instruments. Ouch.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Darrell ([EMAIL PROTECTED])
Sent: Tuesday, October 11, 2005 2:44 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus
for Pro version.
So if you are using Pro version, you can just use BANZIPEXTS and BANEZIPEXTS
if desired, leaving BANEXT ZIP and BANEXT EZIP in the virus.cfg but
commented out. That way, if there is a sudden need to do so, it can be done
quickly.
John T
eServices For You
-Original Message
SKIPIFFORGING is only for virus
notifications, so it should not be in any other .eml file.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Wednesday,
October 12, 2005 12:30 PM
What is the payload inside?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of John Carter
Sent: Tuesday, November 01, 2005 7:51 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Blast of zips coming in
We
Well ...
;-)
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of System Administrator
Sent: Tuesday, November 01, 2005 9:48 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Blast of zips coming in
on 11/1/05
I use AVG as the second scanner and am happy with the results. I like
BitDefender as they publish updates on average a dozen or more times per
day, but it is more resource costly.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf
Sophos is now calling it Sober-R.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Darin Cox
Sent: Monday, November 14, 2005 8:33 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] New Sober to be released Nov-15
And another:
BANNAME packed-password_text.zip
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Darin Cox
Sent: Tuesday, November 15, 2005 10:16 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] New Sober
Yes. I also like to add known file names so that when the user receives a
message about a banned file, if they see the file name they are less likely
to send me a message saying that the banned file could be OK as it looks
like from some one they know.
John T
eServices For You
-Original
If you have Pro version you should be always blocking using BANZIPEXTS ON
and BANEZIPEXTS ON.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Rick Davidson
Sent: Monday, November 21, 2005 12:12 PM
To: Declude.Virus
Looks like F-Prot is now catching it as SoberZ
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Rick Davidson
Sent: Monday, November 21, 2005 12:12 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] New Virus
ON noting the s in there.
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
SortMonster
AutoWhite for Declude
INV-URIBL
Aprox 35 filter tests
27 IP4R tests
12 RHSBL
17 Declude JM tests (REVDNS, HELO, PERCENT, ROUTING, SUBJECTCHARACHTERS,
SUBJECTSPACES, etc.)
No known issues with Declude 3.0.5.20
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing
BANNAME mailtext.zip
The ones I saw were bounces, but they may be made to look like bounces.
Only Norman and Avast found it on VirusTotal as a Sober variant, and NOD32
suspects it is a variant.
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe
file (ZIP-EXE).
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Markus Gufler
Sent: Friday, November 25, 2005 12:21 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Another Sober out. (= idea)
Thank you John
Well, I would say it is more like a restaurant but you can not get blow
fish, alcohol, cigarettes, 10 Lbs of greasy French fries, etc.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Markus Gufler
Sent: Friday, November 25
FYI, any server hardware that is not being used I disable. Removes items
from equations when trying to solve problems.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of sbsi lists
Sent: Friday, November 25, 2005 11:25 AM
Title: Strange...
I do not think this is either an Imail
or Declude issue, rather a server security issue, or rather a comprise of
server security.
Sounds like you have some type of virus
or Trojan on that server.
John T
eServices For You
-Original Message-
From
www.virustotal.com
This is a very small e-mail, the D file being only 11 kb.
Some of the small AV companies are reporting it as a Bagle variant and
F-Prot is reporting it as MitGlieder.GU although it is not catching it on
the server.
John T
eServices For You
-Original Message-
From
Uh, keyboard virus?
;)
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Goran Jovanovic
Sent: Thursday, December 15, 2005 7:53 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Where to send exe's to check
Great news, not. Any one know if F-Prot or AVG or BitDefender is catching
this yet?
http://www.sophos.com/virusinfo/analyses/w32feebsa.html
John T
eServices For You
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing
Looks like another round of Bagle is starting?
John T
eServices For You
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
Is this what you are seeing?
http://www.sophos.com/virusinfo/analyses/w32feebsa.html
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of JT
Sent: Thursday, January 05, 2006 6:44 AM
To: declude.virus@declude.com
Subject
That means you are not blocking banned extensions within zip files?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of JT
Sent: Thursday, January 05, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus
Are you using the correct switches for F-Prot?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of JT
Sent: Thursday, January 05, 2006 12:49 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Sober.X Variant
Title: Mail.zip from AOL Encrypted Messaging Service?
Well,
neither the HELO nor the IP received from looks to be anything from AOL.
I would say it is a virus.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Just got this from Sophos:
http://www.sophos.com/virusinfo/analyses/trojbagledlbj.html
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Colbeck, Andrew
Sent: Wednesday, January 25, 2006 10:14 AM
To: Declude.Virus
But if we are cycling the held viruses on a x day basis, (my cycle is 5
days,) why would that be needed?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Markus Gufler
Sent: Wednesday, January 25, 2006 2:37 PM
As a work around until and if Declude adds the requested feature, you could
write a script to search the files on a timed based for a phrase (virus
name) and have it delete them.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf
Why
not catch it with less resources via banning hta files and BANZIPEXTS and
BANEZIPEXTS?
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis
Alberto Arango
Sent: Wednesday,
January 25
I am using viruscode 8 and it is not blocking password protected zips. I
think like Markus said it is looking for a combination of a password
protected zip, and executable and the phrase he listed.
Markus, did that attachment have an executable within the zip file?
John T
eServices For You
, this issue is fine. Others mileage may vary.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Markus Gufler
Sent: Tuesday, January 31, 2006 10:39 AM
To: Declude.Virus@declude.com
Subject: RE
Matt, are you saying the attachment as
Declude would see it is B64, UU, UUE, MIM, MME, BHX and HQX? If that is so,
what harm would be in blocking those for now?
John T
eServices For You
Seek, and ye shall
find!
-Original Message-
From: [EMAIL PROTECTED]
[mailto
Actually, I am already blocking hqz and
uue so I went and added the others and will see what happens.
John T
eServices For You
Seek, and ye shall
find!
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
Sent: Tuesday
Andrew, the output ended up being 255 characters
long and then wrapping.
How do I do this so each find is on a separate
line for reading?
John T
eServices For You
Seek, and ye shall
find!
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED
Did a search on all logs for January. Found
337 hits, all HQX files. All but 2 were viruses, and those 2 had suspicious looking
from addresses and I am assuming were unviable corrupt versions of viruses.
John T
eServices For You
Seek, and ye shall
find!
-Original
I have been blocking them for about 2
weeks now and the only legit one caught was a file sent to a MAC user. They
followed the instructions in my policy and resent it without problem.
John T
eServices For You
Seek, and ye shall
find!
-Original Message-
From:
[EMAIL
Seeing HQX, BHX and UUEs being blocked this morning.
John T
eServices For You
Seek, and ye shall find!
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED
Upon further investigation and uploading to VirusTotal, these are a group
that came in from one IP that had corrupted/incomplete file attachments and
were non-viable Kasper viruses.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED]
[mailto
No I have not tested lately. I have been
extremely busy this week. I will try on Saturday.
John T
eServices For You
Seek, and ye shall
find!
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Griffith
Sent: Friday, March
03
Fine, make a guy feel guilty.
Ok, I am over it now. ;)
Ill get to it tonight.
I promise.
I think.
;-)
John T
eServices For You
Seek, and ye shall
find!
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Griffith
You nor I nor Declude nor any one knows where that leads too. You can not
scan the destination for a url.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Nick Hayer
Sent: Tuesday, April 11, 2006 12
Yep, exactly what I meant. I ban them as
there is no way to scan them (Although Bill says ClamAV can do it) to know what
they are going to lead to.
John T
eServices For You
Seek, and ye shall
find!
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED
PPPOONNGGG!
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of David Barker
Sent: Thursday, April 27, 2006 6:22 AM
To: Declude.Virus@declude.com
Is the word document only named that?
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus
Gufler
Sent: Tuesday, June 27, 2006 11:32 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] New
I know. :(
Declude, this is a feature who's time has come.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus
Gufler
Sent: Tuesday, June 27, 2006 3:10 PM
To: declude.virus@declude.com
Subject
extension? We all know that relaying
on users to not open attachments is problematic.
John T
eServices For You
Seek, and ye shall find!
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus
Sure it is not some form or the Pebcak virus Andrew?
Sorry, couldn't resist. I needed the laugh.
;-)
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Colbeck,
Andrew
Sent: Wednesday, June 28, 2006
to reinventing
[S:\Spool\proc\work\Ddcfa012a008d.vir\1_1.]
07/11/2006 10:16:51.274 qdcfa012a008d.smd Virus scanner 1 reports exit
code of 0
07/11/2006 10:16:51.274 qdcfa012a008d.smd Scanned: Virus Free [UU: 1
0][MIME: 2 17360]
John T
eServices For You
Seek, and ye shall find
In other log lines Declude states it is an invalid/bogus pif file. That
might explain it.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
Steiner
Sent: Friday, July 14, 2006 2:43 PM
Have you tried running the command line by itself against a file in question
to see what the return code is?
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
Steiner
Sent: Friday, July 14, 2006
FYI
By banning potentially malicious extensions, including within zip files, I
caught an email with the FEEBS virus. Per VirusTotal, ClamAV, McCrappy, AVG,
F-Prot is not catching these.
John T
eServices For You
Seek, and ye shall find!
---
This E-mail came from the Declude.Virus mailing
When a vulnerability is detected, it looks for vulnerability.eml only. When
a virus is detected, it uses any and all .eml files except for
vulnerability.eml.
So yes, you could do that.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED
for that client, one for if the infected email
is incoming and one for if the infected email is outgoing.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
Steiner
Sent: Thursday, August 10, 2006 9:05 PM
Andrew, wouldnt the second line
include the first meaning only the second line is needed?
John T
eServices For You
Seek, and ye shall
find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Colbeck, Andrew
Sent: Monday, October
02
in SKIPIFFORGINGVIRUS instead of having list list each
SKIPIFVIRUSNAMEHAS
John T
eServices For You
Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail
OOPS, brainfart.
John T
eServices For You
Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
Steiner
Sent: Friday, October 27, 2006 5:07 PM
RAR files should be treated the same as ZIP files, so unless something has
changed if you have BANZIPEXTS ON and have BANEXT EXE it should be banned.
John T
eServices For You
Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882
What happens if you restart the Queue Manager service?
John T
eServices For You
Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David
Did you put it into the Declude.cfg file?
John T
eServices For You
Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wolf
Tombe
Sent
Search for all log lines for that message in both the junkmail and virus
logs to see if there is another error message preceding that.
John T
eServices For You
Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)
-Original
Do not use Digital email Signatures when posting to a list.
John T
eServices For You
Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail
Using Imail rules, no! Imail rules are the last to run of all other items.
Exactly what are you intending to do?
John T
eServices For You
Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)
-Original Message-
From: [EMAIL PROTECTED
If you want to block IP addresses from any access, your best bet is to use
Imail Control Access list in the SMTP service, that way neither Imail nor
Declude ever have to touch it in the first place.
John T
eServices For You
Life is a succession of lessons which must be lived to be understood
- .jpeg
- .com
- .exe
John T
eServices For You
Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
As Andrew pointed out, you did not read the fine print.
John T
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Douglas Cohn
Sent: Tuesday, March 13, 2007 8:50 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] F-Prot Version 6
F-prot
Bill, I will be back on in a couple of hours if you are still around and
need help.
John T
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Bill Green dfn Systems
Sent: Thursday, March 22, 2007 6:15 PM
To: declude.virus@declude.com
Subject: Re
.
John T
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
David Barker
Sent: Monday, April 16, 2007 11:24 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] Declude 4.3.46 Release
Addresses this AVG issue. If you currently only have AVG as your
to have the number 1 for each line, i.e.
SCANFILE1 and VIRUSCODE1.
John T
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hirthe,
Alexander
Sent: Tuesday, April 17, 2007 12:29 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] You should not use an on-access virus
Unfortunately, I am still up, at least for another 15 minutes or so. If you
want to zip and send me a log file I will have a look see.
John Tolmachoff
eServices For You
[EMAIL PROTECTED]
(626) 737-6003
Fax (626) 737-6004
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
checking for legit files, use the BANEXT.eml file to
send a postmaster message that you get and/or the recipient and/or sender
get and that notice can be reviewed a lot easier than manually checking the
hold directory.
John T
---
This E-mail came from the Declude.Virus mailing list
What version of Declude? I am using 4.3.47 and it is working.
What does the Virus log say?
John T
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy
Armbrecht
Sent: Monday, April 30, 2007 12:45 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] BanNotify email
1) Put your virus log into debug and then try sending a banned
extension attachement.
2) Post your bannotify.eml file as a text attachment
John T
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy
Armbrecht
Sent: Wednesday, May 02, 2007 5:48 AM
Sorry to bother, but please post the rest of the lines from the debug log
for that message.
John T
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy
Armbrecht
Sent: Wednesday, May 02, 2007 2:36 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] BanNotify email
I wonder if the name of the file you are testing with is on the forging list
at Declude.
Try creating a text file and renaming it to something like john.bat and then
see what happens.
John T
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy
Armbrecht
Sent: Thursday
-mail will be deleted
automatically after 5 days.
FROM: %MAILFROM%
TO: %ALLRECIPS%
SUBJECT: %SUBJECT%
Remote IP: %REMOTEIP%
DATE: %DATE% @ %TIME%
SPOOL FILE: %QUEUENAME%
Headers of the e-mail in question:
%HEADERS%
John T
From: [EMAIL PROTECTED] [mailto:[EMAIL
I do not ban EZIP outright, but instead I ban EZIPEXTS.
John T
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno
Bloksma
Sent: Thursday, June 28, 2007 5:30 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] banning EZIP but
Hi,
Just ran into a problem
David, the log snipped posted is of the Declude Virus log, meaning it passed
Junkmail and was scanned.
John T
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David
Barker
Sent: Monday, July 30, 2007 9:24 AM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] exe
in multipart
processing.
09/19/2007 09:07:08.918 q492300cc5430.smd Scanned: Virus Free [MIME: 4
345642]
John T
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
93 matches
Mail list logo