I was wondering what everyone does with the Imail\spool\virus
directory. Do you delete all the files regularly? I've got 7000 files
in there since I installed Declude (2 weeks ago).
---
[This E-mail was scanned for viruses.]
---
[This E-mail was scanned for viruses by Declude Virus
that is X days old. I run
it as a scheduled task daily.
Doug
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers
Sent: Wednesday, October 13, 2004 1:15 PM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] Spool Dir
I was wondering what everyone does
Newb question:
How do I install an interim version of Declude? Just replace the
declude.exe file?
Thanks
Kevin
Kami Razvan wrote:
Bennie:
Look at Scott's email:
Yes. v1.80 has basic (Microsoft method) detection of the GDIPlus.dll
JPEG Exploit, but their way has false positives. The v1.80i1
I'm getting an error in my vXXX.log file:
10/01/2004 13:46:27 Qc22200bc00b6e28c Couldn't find console; starting...
(2).
10/01/2004 13:46:27 Qc22200bc00b6e28c Error starting deccon.exe: 2
10/01/2004 13:46:27 Qc22200bc00b6e28c Scanned: Virus Free [MIME: 2 2058]
10/01/2004 13:46:49 Qc23200bf00b6e28e
I didn't have anything after the LOGFILE and LOGLEVEL (no mention of
CONSOLE at all). So I've added a CONSOLE OFF line after that. I don't
have Hijack, so I assume this is the way to get around the error?
Kevin Rogers wrote:
I don't appear to have any string CONSOLE ON in my virus.cfg file
Just so you know. There wasn't a CONSOLE anything in either the two
files: global.cfg or virus.cfg.
When I got the 1.81 upgrade, deccon.exe was put into my new Upgrade 1.81
directory, so I decided to put it in the /Imail directory, and now
everything is hunky-dorey. But nonetheless, there
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Kevin Rogers
Sent: Friday, October 01, 2004 8:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Another easy one
Just so you know. There wasn't a CONSOLE anything in either the two
files
A few questions:
1. We have a customer who periodically receives encrypted
(password-protected) ZIPs from a trusted company. Is there a way to
allow certain senders to bypass the BANEXT EZIP line in the virus.cfg
(or in some other way get their email through)?
2. Is there a place somewhere
files.
Thanks!
Kevin Rogers wrote:
A few questions:
1. We have a customer who periodically receives encrypted
(password-protected) ZIPs from a trusted company. Is there a way to
allow certain senders to bypass the BANEXT EZIP line in the virus.cfg
(or in some other way get their email through
-Prot\fpcmd.exe /TYPE /SILENT /NOMEM
/ARCHIVE=5 /NOBOOT /DUMB /REPORT=report.txt
VIRUSCODE 3
VIRUSCODE 6
REPORT Infection:
Bud Durland wrote:
Kevin Rogers wrote:
The sender of the EZIP file is obligated (by HIPAA legislation -
insurance industry - and by Blue Shield) to send out
password-protected
I received the following email today from Covad - our access provider.
It looks like they have a problem with Declude checking inbound emails
against a realtime blackhole list. (The problem could also be several
emails we've received lately with hundreds of recipients, many of which
were
Correction: We're not connecting to the RBL 12000 times an hour - we're
connecting to Covad's nameservers 12000 times an hour.
Kevin Rogers wrote:
I received the following email today from Covad - our access
provider. It looks like they have a problem with Declude checking
inbound emails
I'm having the same problem. Again - how do you rollback the virus defs?
Wind wrote:
Thank you for the tip, John.
I searched the logs and since the update there are legitimate E-mail,
which are caught.
Uwe
- Original Message - From: John Tolmachoff (Lists)
[EMAIL PROTECTED]
To:
sure - thanks! Has anyone let F-Prot know about this?
Kevin
Bill Landry wrote:
Depends on how you execute your updates. I use a script that saves a
copy of the previous defs to a backup directory. I can zip and send
the previous defs to you if you do not have copies of them.
Bill
-
I've been running 3.15b - I'm downloading the latest version now.
Should I install? or will this have no effect on this particular issue?
And what about the previous defs - anyone out there want to email me a
previous def file as a work around??
Thanks
Kevin
Markus Gufler wrote:
Question:
I also filled out the form at FProt's site. Thanks for the defs. When
I open up FProt, though, it says that my defs are up-to-date, even
though I replaced the newest ones with the ones that you sent. I hope
that that message indicates whether we've downloaded the latest - not
whether we are
How do I ban certain email addresses?
Some viruses have gotten through lately (first that I know about since
installing Declude) sent from forged email addresses using our own
domain. We do not whitelist our domain. I'd like to ban some of these
common addresses (e.g., [EMAIL PROTECTED],
the opportunity window for the virus.
- Original Message - From: Kevin Rogers [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Thursday, June 02, 2005 5:15 PM
Subject: [Declude.Virus] Newbie question
How do I ban certain email addresses?
Some viruses have gotten through lately
those lines in it. The same thing I
mentioned without pro applies here for adding test names to the global.cfg
and $default$.junkmail.
The manual at http://declude.com/junkmail/manual.htm decribes adding filter
files pretty well.
Darin.
- Original Message -
From: Kevin Rogers [EMAIL
PROTECTED]
- Original Message - From: Kevin Rogers [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Thursday, June 02, 2005 10:37 PM
Subject: Re: [Declude.Virus] Newbie question
I looked up the filter section at the manual. This is what I did.
I made a file called filter.txt
displays), you need to check the HEADERS.
- Original Message - From: Kevin Rogers [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, June 03, 2005 3:26 AM
Subject: Re: [Declude.Virus] Newbie question
Great. Exactly what I needed.
I was also confused about the MAILFROM. Does
.
Darin.
- Original Message -
From: Kevin Rogers [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Sunday, June 05, 2005 2:56 PM
Subject: Re: [Declude.Virus] Newbie question
I changed it to HEADERS and still I am receiving emails from these
addresses (got 4 of them personally yesterday
exists since it is not in the current
manual, but
there was an option in previous versions of AV called AVAFTERJM that
allowed
JunkMail to run first. Otherwise you are correct that AV would run
first.
Darin.
- Original Message - From: Kevin Rogers [EMAIL PROTECTED]
To: Declude.Virus
We're looking for a simple way to opportunistically allow our users to
encrypt or password-protect certain emails and/or their attachments that
contain sensitive data. We're running Declude Pro and have banned EZIP
extensions (the highly recommended suggestion from several people on
this
is BANEZIPEXTs which will ban an
EZIP file containing a file that is banned.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Kevin Rogers
Sent: Monday, October 10, 2005 10:26 PM
To: Declude.Virus@declude.com
Subject
to the spool directory... possibly going as
far as launching the SMTP32 process to immediately send the message if you
don't want your user to wait for the next queue run.
Darin.
- Original Message -
From: Kevin Rogers [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Tuesday, October 11
want your user to wait for the next queue run.
Darin.
- Original Message - From: Kevin Rogers
[EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Tuesday, October 11, 2005 1:26 AM
Subject: [Declude.Virus] Slightly OT: Encrypting or Securing Email
Content
We're looking for a simple
, SURBL/URI
integration, MRTG Integration, and Log Parsers.
Kevin Rogers writes:
We're looking for a simple way to opportunistically allow our users
to encrypt or password-protect certain emails and/or their
attachments that contain sensitive data. We're running Declude Pro
and have banned EZIP
Yes. There are a couple of ways. One is to just run a scheduled task
that calls the Updater. Something like:
C:\Program Files\FSI\F-Prot\FP-Updater\Updater.exe /INTERNET /QUIT /HIDDEN
Chris Anton wrote:
Hi all,
We are running F-Prot and are wondering if there is a way to configure
the
I agree as well. Perhaps even simple installation instructions for the
newbs like me.
Darin Cox wrote:
Totally agree... there are not enough announcements of bugs and
fixes/releases especially when there's an unused list for that purpose.
Darin.
- Original Message -
From:
I think a good name would include something that intimates that with
this version, you are getting everything. So my suggestion is:
All Decluded
or All Decluded 1.0
You could even start an ad campaign with the slogan Are You All
Decluded? and promote your various products under this guise.
Some of my clients need to be able to receive password-protected ZIP
files and I'm wondering if people on this list ban the EZIP extension
outright, or if they allow it but ban all the other extensions that
could be harmful from within a EZIP file.
Declude's virus.cfg file states that
# The
I upgraded to 4.6.35 because of the AVG scanner issue, but now in my
declude logs I am seeing error messages like this:
06/23/2009 00:38:48.986 q8f0c00670096.smd DataBase Error =
['(unknown)' is not a valid path. Make sure that the path name is
spelled correctly and that you are
on.
And, since the upgrade all emails are failing the DYNHELO and HELOBOGUS
tests so I've had to reduce their weights for the time being. Has
anyone seen this or have any ideas how to correct?
Thanks.
Kevin Rogers wrote:
I upgraded to 4.6.35 because of the AVG scanner issue, but now in my
declude logs I
.
David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
dbar...@declude.com
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Kevin
Rogers
Sent: Thursday, June 25, 2009 2:35 PM
To: declude.virus
All throughout the day, hundreds of D and T files (each of them 0KB)
show up in my spool directory. I spoke with Ipswitch about this and
they said they had heard of it only with other Declude users and that it
most likely is caused by Declude.
Very quickly (way quicker than if they were all
I'm getting several false positives a day for the following tests:
[Outlook 'Blank Folding' Vulnerability]
MIME segment in MIME Postamble
Today I received 10 false positives (from the same legit email address)
of ['uuencoding bad end' Vulnerability]
I can't even find the 'uuencoding bad end'
.
--
From: Kevin Rogers ke...@rootdesign.com
Sent: Thursday, May 06, 2010 8:39 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] False Positives
I'm getting several false positives a day for the following tests:
[Outlook 'Blank Folding' Vulnerability
38 matches
Mail list logo
