[Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it?
Hi, I noticed that ZeroHour stopped catching any viruses after 6/28 - and, after investigating, I now realize it no longer traps any Spam. There were NO changes to any .CFG (or other Declude files). I'm enclosing the most recent Diags.txt (from 6/18, where CommTouch was ON) and then one from today after I made a point of manually restarting DecludeProc. Suddenly, it reports CommTouch as OFF? My customer screen shows: Host Information Declude Imail Perpetual Lic. [omitted] 28 Jun 2010 AVG Activated Current CommTouch Activated It can't be a coincidence that CommTouch stopped working 3 weeks ago, on the exact anniversary date of my (renewed) agreement? Since I only purchased CommTouch a few weeks ago, I'm new to this. So, what do Declude customers have to do after purchasing CommTouch or after renewing their service agreements to make sure that the software will continue to work with a complete function set? This way, I can add yet another reminder to my calendar (besides monitoring the AVG licensing renewal date). Overall Server Virus Summary Report Total Messages Processed: 21,868 Virus Infected Messages: 60 Percentage Infected: 0.27% VIRUS # INFECTED PERCENTAGE OUTLOOK 'BLANK FOLDING' VULNERABILITY 33 0.15% OUTLOOK 'CR' VULNERABILITY 11 0.05% OUTLOOK 'MIME SEGMENT IN MIME PREAMBLE' VULNERABILITY 8 0.04% I-WORM/MYDOOM.O 3 0.01% I-WORM/MYDOOM.BE 1 0.00% I-WORM/MYDOOM.N 1 0.00% NON STANDARD HEADER VULNERABILITY 1 0.00% TROJAN.IFRAME-3 1 0.00% WORM.BAGLE-ZIPPWD-35 1 0.00% Virus Scanner Summary Report (Integrated AVG Scanner) Total Messages Processed: 21,868 Virus Infected Messages: 5 Percentage Infected: 0.02% VIRUS # INFECTED PERCENTAGE I-WORM/MYDOOM.O 3 0.01% I-WORM/MYDOOM.BE 1 0.00% I-WORM/MYDOOM.N 1 0.00% Virus Scanner Summary Report (ClamAV) Total Messages Processed: 21,868 Virus Infected Messages: 2 Percentage Infected: 0.01% VIRUS # INFECTED PERCENTAGE TROJAN.IFRAME-3 1 0.00% WORM.BAGLE-ZIPPWD-35 1 0.00% Best Regards, Andy --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.Declude 4.6.35 Diagnostics Compilation Platform: IMail Copyright (c) 2000-2009 Declude, Inc. Host Name MAYWOOD-IS-0012.WEBHOST.HM-SOFTWARE.COM Daisy Chain smtp32.exe DNS Server 127.0.0.1 Product Details JunkMail ON EVAON Hijack OFF AVGON CommTouch OFF Tests Defined 106 CONSOLEOFF BYPASS19 BYPASSWHITELIST BYPASS14 BYPASSWHITELIST BYPASS12 BYPASSWHITELIST KUNDENSERVER IP4R SPAMCOPIP4R BARRACUDA IP4R NJABL IP4R NJABLRELAYSIP4R NJABLDUL IP4R NJABLDYNA IP4R NJABLSOURCES IP4R NJABLMULTI IP4R NJABLFORMMAIL IP4R NJABLPROXIES IP4R AHBL IP4R AHBLRELAYS IP4R AHBLPROXIESIP4R AHBLSOURCESIP4R AHBLPSSL IP4R AHBLFORMMAIL IP4R AHBLDYNA IP4R AHBLZDDOS IP4R AHBLZRELAY IP4R AHBLZSCAN IP4R AHBLZWORM IP4R AHBLZVIRUS IP4R AHBLPROXIES2 IP4R AHBLTORIP4R SORBS IP4R SORBS-HTTP IP4R SORBS-SOCKSIP4R SORBS-MISC IP4R SORBS-SMTP IP4R SORBS-WEB IP4R SORBS-BLOCKIP4R SORBS-ZOMBIE IP4R SORBS-DUHL IP4R SENDERDB IP4R
RE: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it?
We just migrated servers this week. It is possible your DNS is using cached information. Remember a diags.txt is only created on startup so you may have old information. Can you flush your DNS cache and restart Declude to see if it resolves the problem. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, July 08, 2009 10:20 AM To: declude.virus@declude.com; declude.junkm...@declude.com Subject: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it? Sensitivity: Personal Hi, I noticed that ZeroHour stopped catching any viruses after 6/28 - and, after investigating, I now realize it no longer traps any Spam. There were NO changes to any .CFG (or other Declude files). I'm enclosing the most recent Diags.txt (from 6/18, where CommTouch was ON) and then one from today after I made a point of manually restarting DecludeProc. Suddenly, it reports CommTouch as OFF? My customer screen shows: Host Information Declude Imail Perpetual Lic. [omitted] 28 Jun 2010 AVG Activated Current CommTouch Activated It can't be a coincidence that CommTouch stopped working 3 weeks ago, on the exact anniversary date of my (renewed) agreement? Since I only purchased CommTouch a few weeks ago, I'm new to this. So, what do Declude customers have to do after purchasing CommTouch or after renewing their service agreements to make sure that the software will continue to work with a complete function set? This way, I can add yet another reminder to my calendar (besides monitoring the AVG licensing renewal date). Overall Server Virus Summary Report Total Messages Processed: 21,868 Virus Infected Messages: 60 Percentage Infected: 0.27% VIRUS # INFECTED PERCENTAGE OUTLOOK 'BLANK FOLDING' VULNERABILITY 33 0.15% OUTLOOK 'CR' VULNERABILITY 11 0.05% OUTLOOK 'MIME SEGMENT IN MIME PREAMBLE' VULNERABILITY 8 0.04% I-WORM/MYDOOM.O 3 0.01% I-WORM/MYDOOM.BE 1 0.00% I-WORM/MYDOOM.N 1 0.00% NON STANDARD HEADER VULNERABILITY 1 0.00% TROJAN.IFRAME-3 1 0.00% WORM.BAGLE-ZIPPWD-35 1 0.00% Virus Scanner Summary Report (Integrated AVG Scanner) Total Messages Processed: 21,868 Virus Infected Messages: 5 Percentage Infected: 0.02% VIRUS # INFECTED PERCENTAGE I-WORM/MYDOOM.O 3 0.01% I-WORM/MYDOOM.BE 1 0.00% I-WORM/MYDOOM.N 1 0.00% Virus Scanner Summary Report (ClamAV) Total Messages Processed: 21,868 Virus Infected Messages: 2 Percentage Infected: 0.01% VIRUS # INFECTED PERCENTAGE TROJAN.IFRAME-3 1 0.00% WORM.BAGLE-ZIPPWD-35 1 0.00% Best Regards, Andy --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RE: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it?
Andy, When I checked your record on our server CT was set to ON I did not reactivate it. 1. The switch over to the new system was on 6/28 8:00-10:00 pm EST time. I chose Sunday to do this as web traffic to Declude would be low and it was after the weekend. 2. Thanks for pointing out that we should update our own DNS a week prior. This was done 1 week prior and we set the TTL to 5 min. Which I think is still the case and once everything has settled we will move it up again. I have not pinpointed the exact problem as of yet however the issue you experienced occurred on some servers and is resolved within minutes of notifying us, as it was with you. Thanks David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, July 08, 2009 11:50 AM To: declude.junkm...@declude.com Subject: [Declude.JunkMail] RE: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it? Sensitivity: Personal Hi Dave, The Diags.txt I had sent was created from THIS MORNING (I had made a point of restarting DecludeProc to get a current status). So CommTouch was definitely reported as OFF at that time. It had been reported as ON in June, the previous time that the server had been started (for security fixes). I cleared the DNS cache and restarted DecludeProc and now Diags.txt reports ON for CommTouch. So thanks for re-activating it. So - that leaves a whole bunch of new concerns: - If you ONLY migrated servers THIS week, then THIS was NOT the reason. CommTouch had stopped after 6/27, which is 11 days ago. (That's the last date your log files showed any CommTouch hits!) However, it's the exact date of my new renewal term! So what precisely happened on 6/28 at midnight? - Irregardless, if you switched IP addresses for some of your servers, that you obviously would have to FIRST update your OWN DNS a week prior (or whatever the old TTL was) to change the TTL for that DNS record to something extremely short (e.g., hours). A week later, after the old TTL had expired, you could THEN change the DNS record to the NEW IP address and update the TTL to the longer period again. If you simply switched IP addresses without prior TTL adjustments, then your customers would NOT see the new IP until the old TTL had run out. Although this was not the problem I my case - which host name are we talking about and how was this migration executed if you feel that your customers have to flush their DNS cache to obtain the new server address? Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, July 08, 2009 11:04 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it? Sensitivity: Personal We just migrated servers this week. It is possible your DNS is using cached information. Remember a diags.txt is only created on startup so you may have old information. Can you flush your DNS cache and restart Declude to see if it resolves the problem. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, July 08, 2009 10:20 AM To: declude.virus@declude.com; declude.junkm...@declude.com Subject: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it? Sensitivity: Personal Hi, I noticed that ZeroHour stopped catching any viruses after 6/28 - and, after investigating, I now realize it no longer traps any Spam. There were NO changes to any .CFG (or other Declude files). I'm enclosing the most recent Diags.txt (from 6/18, where CommTouch was ON) and then one from today after I made a point of manually restarting DecludeProc. Suddenly, it reports CommTouch as OFF? My customer screen shows: Host Information Declude Imail Perpetual Lic. [omitted] 28 Jun 2010 AVG Activated Current CommTouch Activated It can't be a coincidence that CommTouch stopped working 3 weeks ago, on the exact anniversary date of my (renewed) agreement? Since I only purchased CommTouch a few weeks ago, I'm new to this. So, what do Declude customers have to do after purchasing CommTouch or after renewing their service agreements to make sure that the software will continue to work with a complete function set? This way, I can add yet another reminder to my calendar (besides monitoring the AVG licensing renewal date). Overall Server Virus Summary Report Total Messages Processed: 21,868 Virus Infected Messages: 60 Percentage Infected: 0.27% VIRUS # INFECTED PERCENTAGE OUTLOOK 'BLANK FOLDING' VULNERABILITY 33
RE: [Declude.JunkMail] RE: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it?
Andy, When I checked your record on our server CT was set to ON I did not reactivate it. 1. The switch over to the new system was on 6/28 8:00-10:00 pm EST time. I chose Sunday to do this as web traffic to Declude would be low and it was after the weekend. 2. Thanks for pointing out that we should update our own DNS a week prior. This was done 1 week prior and we set the TTL to 5 min. Which I think is still the case and once everything has settled we will move it up again. I have not pinpointed the exact problem as of yet however the issue you experienced occurred on some servers and is resolved within minutes of notifying us, as it was with you. Thanks David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, July 08, 2009 11:50 AM To: declude.junkm...@declude.com Subject: [Declude.JunkMail] RE: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it? Sensitivity: Personal Hi Dave, The Diags.txt I had sent was created from THIS MORNING (I had made a point of restarting DecludeProc to get a current status). So CommTouch was definitely reported as OFF at that time. It had been reported as ON in June, the previous time that the server had been started (for security fixes). I cleared the DNS cache and restarted DecludeProc and now Diags.txt reports ON for CommTouch. So thanks for re-activating it. So - that leaves a whole bunch of new concerns: - If you ONLY migrated servers THIS week, then THIS was NOT the reason. CommTouch had stopped after 6/27, which is 11 days ago. (That's the last date your log files showed any CommTouch hits!) However, it's the exact date of my new renewal term! So what precisely happened on 6/28 at midnight? - Irregardless, if you switched IP addresses for some of your servers, that you obviously would have to FIRST update your OWN DNS a week prior (or whatever the old TTL was) to change the TTL for that DNS record to something extremely short (e.g., hours). A week later, after the old TTL had expired, you could THEN change the DNS record to the NEW IP address and update the TTL to the longer period again. If you simply switched IP addresses without prior TTL adjustments, then your customers would NOT see the new IP until the old TTL had run out. Although this was not the problem I my case - which host name are we talking about and how was this migration executed if you feel that your customers have to flush their DNS cache to obtain the new server address? Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, July 08, 2009 11:04 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it? Sensitivity: Personal We just migrated servers this week. It is possible your DNS is using cached information. Remember a diags.txt is only created on startup so you may have old information. Can you flush your DNS cache and restart Declude to see if it resolves the problem. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, July 08, 2009 10:20 AM To: declude.virus@declude.com; declude.junkm...@declude.com Subject: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it? Sensitivity: Personal Hi, I noticed that ZeroHour stopped catching any viruses after 6/28 - and, after investigating, I now realize it no longer traps any Spam. There were NO changes to any .CFG (or other Declude files). I'm enclosing the most recent Diags.txt (from 6/18, where CommTouch was ON) and then one from today after I made a point of manually restarting DecludeProc. Suddenly, it reports CommTouch as OFF? My customer screen shows: Host Information Declude Imail Perpetual Lic. [omitted] 28 Jun 2010 AVG Activated Current CommTouch Activated It can't be a coincidence that CommTouch stopped working 3 weeks ago, on the exact anniversary date of my (renewed) agreement? Since I only purchased CommTouch a few weeks ago, I'm new to this. So, what do Declude customers have to do after purchasing CommTouch or after renewing their service agreements to make sure that the software will continue to work with a complete function set? This way, I can add yet another reminder to my calendar (besides monitoring the AVG licensing renewal date). Overall Server Virus Summary Report Total Messages Processed: 21,868 Virus Infected Messages: 60 Percentage Infected: 0.27% VIRUS # INFECTED PERCENTAGE OUTLOOK 'BLANK FOLDING' VULNERABILITY 33
