RE: [Declude.Virus] AVG reports SPAM as VIRUS!
Andy, AVG is not integrated with Declude JM, this is AVG reporting the name of the virus as spam. Now, something may have changed that AVG is now detecting spam in their signatures however we were not made aware of this by AVG I will look further into this. As much as we do appreciate your feedback which helps Identify such problems, in some things it may be more helpful to first approach mailto:supp...@declude.com supp...@declude.com or myself dbar...@declude.com before engaging everyone in the list, your assumptions of PROPERLY IMPLEMENTED as part of Declude JunkMail not just dumped into the regular virus handling! and Declude MUST recognize that and NOT treat it like a virus are rather harsh to be posting to without having all the facts to begin with. Thanks David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 12, 2010 10:39 AM To: declude.virus@declude.com Subject: [Declude.Virus] AVG reports SPAM as VIRUS! Importance: High Hi, For the past few days, I'm seeing AVG suddenly reporting a virus SPAM: Virus Scanner Summary Report (Integrated AVG Scanner) Total Messages Processed: 19,499 Virus Infected Messages: 232 Percentage Infected: 1.19% VIRUS # INFECTED PERCENTAGE SPAM 232 1.19% resulting in these SMTP headers: X-Declude-Virus: Detected Spam [from IP 41.218.0.202 ([No Reverse DNS])]. and these reports: q061a000274936c02.smd AVG Reports VIRUS: Spam q061a000274936c02.smd File(s) are INFECTED [Spam: 7] q061a000274936c02.smd Scanned: CONTAINS A VIRUS [MIME: 1 424] q061a000274936c02.smd From: bloodiest...@rcbassociats.com To: elopre...@??? [incoming from 41.218.0.202] q061a000274936c02.smd Subject: Please attention! This causes a whole bunch of problems, e.g. a) I am unable to 'weigh' this Spam with other factors BEFORE it gets blocked. b) It bypasses the WhiteList feature (from the user's Webmail Contacts) c) It's treated like a Virus, hundreds of the configured virus notices are being emailed, etc. While I'm certainly in favor of any additional SPAM detection - but then it needs to be PROPERLY IMPLEMENTED as part of Declude JunkMail not just dumped into the regular virus handling! If AVG reports to Declude the virus name Spam, then Declude MUST recognize that and NOT treat it like a virus (or at least give us a config option NOT to.) Best Regards, Andy --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AVG reports SPAM as VIRUS!
Dave, I'm aware it's integrated in Declude Virus - that's why I chose the CORRECT list to discuss this. I referenced Declude Junkmail, because IF AVG is now reporting SPAM, the THAT part SHOULD be handled as part of Declude Junkmail NOT as Declude Virus. I choose to use the list, whenever I have expended some time to track down a situation and realize that this will affect all users and thus will save everyone time from working on the same issue. That's the whole point of the list! Consequently, whenever AVG stops working altogether (which was doubted both times when I discovered it - until eventually it was determined to have been a problem after all), I will continue to report this on the list, because everyone needs to be aware that their internal scanner may be non-functioning for extended periods of time. The alternative would be for Declude to post an alert! When I notice that the Sniffer implementation has objectively incorrect or incomplete sample files, or have sample files that don't make it obvious that some IP based results will be triple-counted, then I feel justified in discussing this on the list as this will benefit OTHER users who don't have to re-learn what took me days to figure out. I will post on the list whenever I'm hoping to solicit feedback from a broader audience, to see if a situation I encountered was isolated or turns out to be more widespread. I will contact support@ whenever I suspect that I may have an isolated problem that needs to be analyzed first. In my opinion, I usually use the appropriate venue. But I accept that you may disagree and prefer that the list is quiet. Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, May 12, 2010 10:59 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AVG reports SPAM as VIRUS! Andy, AVG is not integrated with Declude JM, this is AVG reporting the name of the virus as spam. Now, something may have changed that AVG is now detecting spam in their signatures however we were not made aware of this by AVG I will look further into this. As much as we do appreciate your feedback which helps Identify such problems, in some things it may be more helpful to first approach mailto:supp...@declude.com supp...@declude.com or myself dbar...@declude.com before engaging everyone in the list, your assumptions of PROPERLY IMPLEMENTED as part of Declude JunkMail not just dumped into the regular virus handling! and Declude MUST recognize that and NOT treat it like a virus are rather harsh to be posting to without having all the facts to begin with. Thanks David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 12, 2010 10:39 AM To: declude.virus@declude.com Subject: [Declude.Virus] AVG reports SPAM as VIRUS! Importance: High Hi, For the past few days, I'm seeing AVG suddenly reporting a virus SPAM: Virus Scanner Summary Report (Integrated AVG Scanner) Total Messages Processed: 19,499 Virus Infected Messages: 232 Percentage Infected: 1.19% VIRUS # INFECTED PERCENTAGE SPAM 232 1.19% resulting in these SMTP headers: X-Declude-Virus: Detected Spam [from IP 41.218.0.202 ([No Reverse DNS])]. and these reports: q061a000274936c02.smd AVG Reports VIRUS: Spam q061a000274936c02.smd File(s) are INFECTED [Spam: 7] q061a000274936c02.smd Scanned: CONTAINS A VIRUS [MIME: 1 424] q061a000274936c02.smd From: bloodiest...@rcbassociats.com To: elopre...@??? [incoming from 41.218.0.202] q061a000274936c02.smd Subject: Please attention! This causes a whole bunch of problems, e.g. a) I am unable to 'weigh' this Spam with other factors BEFORE it gets blocked. b) It bypasses the WhiteList feature (from the user's Webmail Contacts) c) It's treated like a Virus, hundreds of the configured virus notices are being emailed, etc. While I'm certainly in favor of any additional SPAM detection - but then it needs to be PROPERLY IMPLEMENTED as part of Declude JunkMail not just dumped into the regular virus handling! If AVG reports to Declude the virus name Spam, then Declude MUST recognize that and NOT treat it like a virus (or at least give us a config option NOT to.) Best Regards, Andy --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com
RE: [Declude.Virus] AVG reports SPAM as VIRUS!
Andy, My point was not that one shouldn't post to the list, we appreciate user input no matter how we feel about it, an open forum is very important for both Declude and users. All I am saying is if you had emailed us first then we could stike the assumption that we dumped a new spam tests into virus handling as you suggested. While I'm certainly in favor of any additional SPAM detection - but then it needs to be PROPERLY IMPLEMENTED as part of Declude JunkMail not just dumped into the regular virus handling! And then we could focus on the real issue of why is AVG reporting SPAM. Working together to solve a problem is the goal, so let's rule out the things we know it is not. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 12, 2010 11:35 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AVG reports SPAM as VIRUS! Dave, I'm aware it's integrated in Declude Virus - that's why I chose the CORRECT list to discuss this. I referenced Declude Junkmail, because IF AVG is now reporting SPAM, the THAT part SHOULD be handled as part of Declude Junkmail NOT as Declude Virus. I choose to use the list, whenever I have expended some time to track down a situation and realize that this will affect all users and thus will save everyone time from working on the same issue. That's the whole point of the list! Consequently, whenever AVG stops working altogether (which was doubted both times when I discovered it - until eventually it was determined to have been a problem after all), I will continue to report this on the list, because everyone needs to be aware that their internal scanner may be non-functioning for extended periods of time. The alternative would be for Declude to post an alert! When I notice that the Sniffer implementation has objectively incorrect or incomplete sample files, or have sample files that don't make it obvious that some IP based results will be triple-counted, then I feel justified in discussing this on the list as this will benefit OTHER users who don't have to re-learn what took me days to figure out. I will post on the list whenever I'm hoping to solicit feedback from a broader audience, to see if a situation I encountered was isolated or turns out to be more widespread. I will contact support@ whenever I suspect that I may have an isolated problem that needs to be analyzed first. In my opinion, I usually use the appropriate venue. But I accept that you may disagree and prefer that the list is quiet. Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, May 12, 2010 10:59 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AVG reports SPAM as VIRUS! Andy, AVG is not integrated with Declude JM, this is AVG reporting the name of the virus as spam. Now, something may have changed that AVG is now detecting spam in their signatures however we were not made aware of this by AVG I will look further into this. As much as we do appreciate your feedback which helps Identify such problems, in some things it may be more helpful to first approach mailto:supp...@declude.com supp...@declude.com or myself dbar...@declude.com before engaging everyone in the list, your assumptions of PROPERLY IMPLEMENTED as part of Declude JunkMail not just dumped into the regular virus handling! and Declude MUST recognize that and NOT treat it like a virus are rather harsh to be posting to without having all the facts to begin with. Thanks David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 12, 2010 10:39 AM To: declude.virus@declude.com Subject: [Declude.Virus] AVG reports SPAM as VIRUS! Importance: High Hi, For the past few days, I'm seeing AVG suddenly reporting a virus SPAM: Virus Scanner Summary Report (Integrated AVG Scanner) Total Messages Processed: 19,499 Virus Infected Messages: 232 Percentage Infected: 1.19% VIRUS # INFECTED PERCENTAGE SPAM 232 1.19% resulting in these SMTP headers: X-Declude-Virus: Detected Spam [from IP 41.218.0.202 ([No Reverse DNS])]. and these reports: q061a000274936c02.smd AVG Reports VIRUS: Spam q061a000274936c02.smd File(s) are INFECTED [Spam: 7] q061a000274936c02.smd Scanned: CONTAINS A VIRUS [MIME: 1 424] q061a000274936c02.smd From: bloodiest...@rcbassociats.com To: elopre...@??? [incoming from 41.218.0.202] q061a000274936c02.smd Subject: Please attention! This causes a whole bunch of problems, e.g. a) I am unable to 'weigh' this Spam with other factors BEFORE it gets blocked. b) It bypasses the WhiteList feature (from the user's Webmail
RE: [Declude.Virus] AVG reports SPAM as VIRUS!
Dave - you are right! This appears to a matter of poor labeling by AVG - and has nothing to do with Declude. I have since looked through a large sample of held emails and they either are well crafted short Notices about a supposed change in SMTP, POP settings - which even lists the person's email address, and a warning to carefully read the enclosed instructions before making changes. Then there is a link to a ZIP file (which likely will be a virus). The other group of emails deals with a supposed non-deliverable DHL package that one needs to pick up at the post office after printing the attached label (with the link to a zip file). All appears to be emails with links to malicious pages. In that respect, one can't argue that Declude Virus is the appropriate place to catch that (but then it's inconsistent for AVG to detect it with a label Spam). You are further correct, that AVG has done a good job catching this one. I ran it past ClamD and the latest McAfee hourly signature - and neither flagged those emails. From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, May 12, 2010 12:20 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AVG reports SPAM as VIRUS! Looks like it is part of their virus signatures, and the only line in the email was:http://glunis.g**glegroups.com/web/setup.zip We could request that they change the name. if not we will have to make an translation in our code to accommodate this. File 45710617.eml received on 2010.05.12 16:16:29 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED http://www.virustotal.com/img/loader.gif Result: 1/41 (2.44%) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.image001.gif
