I have occasional junk mail not being scanned by Declude we are running Declude 2.0.6 PRO. We run Smartermail. The Declude header for the e-mail is being put into the body. I check through the archives and found several references. Based on their best recommendation I copied the original 2.0.6 GLOBAL.CFG and $default$.junkmail. I only made minor changes to them. The problem still occurred.
We run multiple domains and each domain has their own $default$.junkmail. We also use Declude Antivirus with TrendMicro. The only e-mails that seem to be getting through are from Yahoo. Any ideas would be appreciated. Thank you, Scott Powner [EMAIL PROTECTED] ****************************************************************** ****************************************************************** The header: Return-Path: <[EMAIL PROTECTED]> Tue Aug 16 05:57:10 2005 Received: from aamiens-157-1-20-114.w86-196.abo.wanadoo.fr [86.196.3.114] by miu4.k12.pa.us with SMTP; Tue, 16 Aug 2005 05:57:10 -0400 Date: mar., 16 août 2005 11:57:13 +0100 Return-path: <[EMAIL PROTECTED]> From: "Grossman"<[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Our store is your cureall! Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Content-Type: text/html X-SmarterMail-Spam: SPF_None *********************************************************************** *********************************************************************** The letter: Suffering from pain, depression or heartburn? We'll help you! All verified [EMAIL PROTECTED] collected at one LICENSED online store! Great choice of wonderful meds to give you long-awaited relief! Operative support, fast shipping, secure [EMAIL PROTECTED] processing and complete confidentiality! The store is VERIFIED BY BBB and APPROVED BY VISA! Subject: POSSIBLE SPAM X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]" X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c010100e]. X-RBL-Warning: DYNHELO: Dynamic HELO found. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c010100e]. X-RBL-Warning: WEIGHT10: Weight of 15 reaches or exceeds the limit of 10. X-RBL-Warning: WEIGHT11: Weight of 15 reaches or exceeds the limit of 11. X-RBL-Warning: WEIGHT12: Weight of 15 reaches or exceeds the limit of 12. X-RBL-Warning: WEIGHT13: Weight of 15 reaches or exceeds the limit of 13. X-Declude-Sender: [EMAIL PROTECTED] [86.196.3.114] X-Declude-Spoolname: 31237915.EML X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [15] at 05:57:51 on 16 Aug 2005 X-Declude-Tests: NOABUSE, BADHEADERS, DYNHELO, SPAMHEADERS, WEIGHT10, WEIGHT11, WEIGHT12, WEIGHT13, WEIGHT14, WEIGHT15 X-Country-Chain: FRANCE->destination [This E-mail scanned for viruses by Declude 2.0.6 ANTI-Virus] ************************************************************************ ************************************************************************ The GLOBAL.CFG: # # Declude JunkMail configuration file. # # This file has the global Declude JunkMail settings, defines the tests, and lists the # actions to take on outgoing E-mail (for the Pro version; not normally used). # # JunkMail Online Manual http://www.declude.com/Articles.asp?ID=116 # Technical Support http://www.declude.com/SearchResults.asp?Cat=5 # # This file was distributed with v2.0.6 # # This Code is only required for IMail CODE xxxxxxxxxxxxxx #========================================= LOGS ========================================== # "####" in the LOGFILE option, if present, automatically gets replaced with the month/date. # Log Level options: WARN / LOW / MID / HIGH / DEBUG / ERROR LOGFILE spool\dec####.log LOGLEVEL LOW #EVENTLOG ON #========================================= HEADERS ============================================ #------INCOMING------- XINHEADER X-Declude-Note: Scanned by Declude %VERSION% (http://www.declude.com/x-note.htm) for spam. XINHEADER X-Declude-Scan: Score [%WEIGHT%] at %TIME% on %DATE% XINHEADER X-Declude-Tests: %TESTSFAILED% XINHEADER X-Country-Chain: %COUNTRYCHAIN% #------OUTBOUND or GATEWAY------- XOUTHEADER X-Declude-Note: Scanned by Declude %VERSION% (http://www.declude.com/x-note.htm) for spam. XOUTHEADER X-Declude-Scan: Score [%WEIGHT%] at %TIME% on %DATE% XOUTHEADER X-Declude-Tests: %TESTSFAILED% XOUTHEADER X-Country-Chain: %COUNTRYCHAIN% #XOUTHEADER Organization: MIU IV XSENDER ON XSPOOLNAME ON #========================================= ADVANCED OPTIONS ================================= #These are Advance Options please ensure you have read the manual and understand what impact these #settings have on Delcude #CONSOLE ON #IPBYPASS 192.0.2.25 HOP 0 #HOPHIGH 1 #DNS 127.0.0.1 #LOOSENSPAMHEADERS ON #STOPPROCESSINGONFIRSTDELETE ON #COPYFILEACTIONWITHHEADERS ON #[Imail Only Directives] #ACTIONSONCOPYALL ON #NOACTIONSONCOPYALLWHENWHITELISTED ON HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT CATCHALLMAILS catchallmails x x 0 0 NOLEGITCONTENT nolegitcontent x x 0 -5 IPNOTINMX ipnotinmx x x 0 -3 #========================================= WHITELISTS ======================================= #WHITELIST HABEAS PREWHITELIST ON WHITELIST AUTH #(PRO version only) enables addresses in the web address book to automatically be white listed. #AUTOWHITELIST ON # ----- Domain Example -----> WHITELIST FROM @declude.com # ----- User Example -----> WHITELIST FROM [EMAIL PROTECTED] # ----- IP Example ----- WHITELIST IP 63.246.13.90 WHITELIST IP 206.180.64.5 WHITELIST IP 206.180.64.229 WHITELIST IP 206.180.64.253 # ----- TO Example ----- WHITELIST TO postmaster@ WHITELIST TO abuse@ #========================================= BLACKLISTS ======================================= #BLACKLIST fromfile [path]\Filters\blacklist.txt x 50 0 #BLACKIP ipfile [path]\Filters\blackip.txt x 50 0 #========================================= RBL IP4R TESTS ========================================== # 1. Definitions of the tests to use (do not edit unless you know what you are doing). These must come before the actions. # 2. First is the name of the check, then the type of check (ip4r is a DNS lookup using the reverse of the IP address). # 3. For type ip4r, 'matchstring' is the string to look for, or "*" for anything. AHBL ip4r dnsbl.ahbl.org * 6 0 BLITZEDALL ip4r opm.blitzed.org * 7 0 CBL ip4r cbl.abuseat.org 127.0.0.2 6 0 DSBL ip4r list.dsbl.org * 6 0 MXRATE-BLOCK ip4r pub.mxrate.net 127.0.0.2 1 0 MXRATE-SUSPICIOUS ip4r pub.mxrate.net 127.0.0.4 2 0 ORDB ip4r relays.ordb.org * 5 0 SBL ip4r sbl.spamhaus.org * 7 0 SORBS-HTTP ip4r dnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4r dnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4r dnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4r dnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4r dnsbl.sorbs.net 127.0.0.6 4 0 SORBS-WEB ip4r dnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4r dnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIE ip4r dnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4r dnsbl.sorbs.net 127.0.0.10 7 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 7 0 BONDEDSENDER ip4r query.bondedsender.org 127.0.0.10 -10 0 MXRATE-ALLOW ip4r pub.mxrate.net 127.0.0.3 -3 0 #=====ADDITIONAL USED RBL IP4R TESTS============= #MTLDB ip4r mtldb.declude.com 127.0.0.2 3 0 INTERSIL ip4r blackholes.intersil.net 127.0.0.2 5 0 CSMA-SBL ip4r sbl.csma.biz 127.0.0.2 5 0 SPAMBAG ip4r blacklist.spambag.org 127.0.0.2 4 0 FIVETENSRC ip4r blackholes.five-ten-sg.com 127.0.0.2 4 0 JAMMDNSBL ip4r dnsbl.jammconsulting.com 127.0.0.2 4 0 #========================================= RHBSL TESTS ========================================== DSN rhsbl dsn.rfc-ignorant.org 127.0.0.2 3 0 NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 2 0 NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 1 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 6 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 7 0 MAILPOLICE-FRAUD rhsbl fraud.rhs.mailpolice.com 127.0.0.2 6 0 #========================================= OTHER TESTS ========================================== BADHEADERS badheaders x x 6 0 BASE64 base64 x x 4 0 BCC bcc 10 x 1 0 CMDSPACE cmdspace x x 6 0 COMMENTS comments x x 7 0 DYNHELO dynhelo x x 4 0 ENCODEDURL encodedurl x x 1 0 HELOBOGUS helovalid x x 3 0 IPURL ipurl x x 2 0 MAILFROM envfrom x x 12 0 PERCENT percent x x 10 0 REVDNS revdnsexists x x 4 0 ROUTING spamrouting x x 2 0 SPAMHEADERS spamheaders x x 3 0 SPFFAIL spffail x x 3 0 SPFPASS spfpass x x -3 0 SUBJECTSPACES subjectspaces 12 x 4 0 SUBJECTCHARS subjectchars 50 x 4 0 #NONENGLISH nonenglish x x 5 0 #=========================================== FILTERS =================================================== #SUBJECT filter [path]\Filters\Subject.txt x 0 0 #WORD filter [path]\Declude\Filters\Word.txt x 0 0 #========================================= 3RD PARTY =================================================== #SNIFFER external nonzero "[path]\Sniffer\snfrv2r3.exe xnk05x5vmipeaof7" 12 0 #SPAMCHK external nonzero "[path]\Spamchk\spamchk.exe" 1 0 #INV-URIBL external weight "[path]\INVURIBL\invURIBL.exe %WEIGHT% %REMOTEIP%" 5 0 #========================================= TRIGGERS ================================================== WEIGHT10 weight x x 10 0 WEIGHT11 weight x x 11 0 WEIGHT12 weight x x 12 0 WEIGHT13 weight x x 13 0 WEIGHT14 weight x x 14 0 WEIGHT15 weight x x 15 0 WEIGHT16 weight x x 16 0 WEIGHT17 weight x x 17 0 WEIGHT18 weight x x 18 0 WEIGHT19 weight x x 19 0 WEIGHT20 weight x x 20 0 #========================================= ADDITIONAL TESTS ======================================== # The following tests are commented out by default because they are not commonly used (or they require a subscription). #BADWHOIS rhsbl whois.rfc-ignorant.org 127.0.0.5 3 0 #BOGONS ip4r bogons.cymru.com 127.0.0.2 4 0 #COMPU ip4r blackhole.compu.net 127.0.0.4 5 0 #DEVNULL ip4r dev.null.dk 127.0.0.2 5 0 #DORKS ip4r orbs.dorkslayers.com 127.0.0.2 5 0 #DORKZTL ip4r ztl.dorkslayers.com 127.0.0.2 5 0 #DSBLALL ip4r unconfirmed.dsbl.org * 4 0 #DUL ip4r dialups.mail-abuse.org 127.0.0.3 5 0 #FIVETENDUL ip4r blackholes.five-ten-sg.com 127.0.0.3 5 0 #FIVETENOPTIN ip4r blackholes.five-ten-sg.com 127.0.0.4 5 0 #FIVETENOTHER ip4r blackholes.five-ten-sg.com 127.0.0.5 5 0 #FIVETENSRC ip4r blackholes.five-ten-sg.com 127.0.0.2 5 0 #FLOWGO ip4r flowgoaway.com 127.0.0.2 5 0 #GUARDBLOCK ip4r spamguard.leadmon.net 127.0.0.7 3 0 #GUARDBULK ip4r spamguard.leadmon.net 127.0.0.4 3 0 #GUARDDUL ip4r spamguard.leadmon.net 127.0.0.2 3 0 #GUARDMULTI ip4r spamguard.leadmon.net 127.0.0.6 3 0 #GUARDSINGLE ip4r spamguard.leadmon.net 127.0.0.5 3 0 #GUARDSRC ip4r spamguard.leadmon.net 127.0.0.3 3 0 #IPWHOIS ip4r ipwhois.rfc-ignorant.org 127.0.0.6 3 0 #NJABL ip4r dnsbl.njabl.org 127.0.0.2 5 0 #NJABLDUL ip4r dnsbl.njabl.org 127.0.0.3 5 0 #RBL ip4r blackholes.mail-abuse.org 127.0.0.2 5 0 #RSS ip4r relays.mail-abuse.org 127.0.0.2 5 0 #SELWERD ip4r xbl.selwerd.cx 127.0.0.2 5 0 #SPAMTR ip4r rbl.spam.org.tr 127.0.0.2 5 0 #SUMMIT ip4r blackholes.2mbit.com 127.0.0.2 5 0 #V6NET ip4r spammers.v6net.org 127.0.0.2 5 0 #VISI ip4r relays.visi.com 127.0.0.2 5 0 #ZTA ip4r zta.birdsong.org * 5 0 #RBLPLUS ip4r rbl-plus.mail-abuse.org 127.1.0.1 5 0 #DULPLUS ip4r rbl-plus.mail-abuse.org 127.1.0.2 5 0 #RBLANDDUL ip4r rbl-plus.mail-abuse.org 127.1.0.3 5 0 #RSSPLUS ip4r rbl-plus.mail-abuse.org 127.1.0.4 5 0 #RBLANDRSS ip4r rbl-plus.mail-abuse.org 127.1.0.5 5 0 #DULANDRSS ip4r rbl-plus.mail-abuse.org 127.1.0.6 5 0 #MAPSALL ip4r rbl-plus.mail-abuse.org 127.1.0.7 5 0 #<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< OUTBOUND ONLY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # (PRO VERSION ONLY) The actions listed below only apply to outgoing E-mail, Note that the DUL test should NOT # be used to block outgoing mail! #<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< RBL IP4R TESTS OUTBOUND >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> BLITZEDALL WARN CBL WARN DSBL WARN ORDB WARN MXRATE-ALLOW WARN MXRATE-BLOCK WARN MXRATE-SUSPICIOUS WARN SBL WARN SORBS-HTTP WARN SORBS-SOCKS WARN SORBS-MISC WARN SORBS-SMTP WARN SORBS-SPAM WARN SORBS-WEB WARN SORBS-BLOCK WARN SORBS-ZOMBIE WARN SORBS-DUHL WARN SPAMCOP WARN BONDEDSENDER WARN #<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ADDITIONAL RBL IP4R TESTS OUTBOUND >>>>>>>>>>>>>>>>>>>>>>>>>>>>>> #MTLDB WARN CSMA-SBL WARN INTERSIL WARN SPAMBAG WARN FIVETENSRC WARN JAMMDNSBL WARN #<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< RHBSL TESTS OUTBOUND >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> DSN WARN NOABUSE WARN NOPOSTMASTER WARN MAILPOLICE-BULK WARN MAILPOLICE-PORN WARN MAILPOLICE-FRAUD WARN #<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< OTHER TESTS OUTBOUND >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> BADHEADERS WARN BASE64 WARN BCC WARN CMDSPACE WARN COMMENTS WARN DYNHELO WARN ENCODEDURL WARN HELOBOGUS WARN IPURL WARN MAILFROM WARN PERCENT HOLD REVDNS WARN ROUTING WARN SPAMHEADERS WARN SPFFAIL WARN SPFPASS WARN SUBJECTSPACES WARN SUBJECTCHARS WARN #NONENGLISH WARN #<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< FILTERS OUTBOUND >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> #SUBJECT WARN #WORD WARN #<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 3RD PARTY OUTBOUND >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> #SNIFFER WARN #SPAMCHK WARN #INV-URIBL WARN #<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< TRIGGERS OUTBOUND >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> WEIGHT10 WARN WEIGHT14 WARN WEIGHT20 WARN #<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ADDITIONAL TESTS OUTBOUND >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # The following tests are commented out by default because they are not commonly used (or they require a subscription). #BADWHOIS WARN #BOGONS WARN #COMPU WARN #DEVNULL WARN #DORKS WARN #DORKZTL WARN #DSBLALL WARN #DUL WARN #FIVETENDUL WARN #FIVETENOPTIN WARN #FIVETENOTHER WARN #FIVETENSRC WARN #FLOWGO WARN #GUARDBLOCK WARN #GUARDBULK WARN #GUARDDUL WARN #GUARDMULTI WARN #GUARDSINGLE WARN #GUARDSRC WARN #INTERSIL WARN #IPWHOIS WARN #NJABL WARN #NJABLDUL WARN #RBL WARN #RSS WARN #SELWERD WARN #SPAMTR WARN #SUMMIT WARN #V6NET WARN #VISI WARN #ZTA WARN #RBLPLUS WARN #DULPLUS WARN #RBLANDDUL WARN #RSSPLUS WARN #RBLANDRSS WARN #DULANDRSS WARN #MAPSALL WARN #CATCHALLMAILS IGNORE IPNOTINMX IGNORE NOLEGITCONTENT IGNORE ********************************************************************** ********************************************************************** The $default$.junkmail # # This file determines the action to take when an incoming E-mail fail one or more tests. # Only one action can be used per test. Each line contains the name of one test and the # action to take; for example, "DSBL WARN". # # IGNORE will put an entry into the log file for failed message (same as LOG action), # LOG will put an entry into the log file for failed message, # BEEP will cause a "beep" at the local server, # COPYTO (Pro version only) will send a copy of the E-mail to a specified address # WARN will add a warning to the headers of the message, # FOOTER (Standard and Pro versions only) will add text to the end of the E-mail (IE: "DSBL FOOTER [This message may be spam]") # HEADER (Standard and Pro versions only) will add text to the beginning of the E-mail # SUBJECT will add text to the beginning of the subject # ATTACH (Pro version only) will turn the E-mail into an attachment # MAILBOX (IMail Pro version only) will move the E-mail to a user's folder (no, not a Windows directory) # ALERT will send a "bounce" message as well as deliver the E-mail, # ROUTETO (Standard and Pro versions only) will re-route the E-mail to an alternate address # HOLD will hold the message in the spool\spam directory. # BOUNCEONLYIFYOUMUST will send a "bounce" message - this should NOT be used except in rare cases # DELETE will delete the E-mail -- don't use unless necessary! # AHBL WARN BLITZEDALL WARN CBL WARN DSBL WARN MXRATE-BLOCK WARN MXRATE-SUSPICIOUS WARN ORDB WARN SBL HOLD SORBS-HTTP WARN SORBS-SOCKS WARN SORBS-MISC WARN SORBS-SMTP WARN SORBS-SPAM WARN SORBS-WEB WARN SORBS-BLOCK WARN SORBS-ZOMBIE WARN SORBS-DUHL HOLD SPAMCOP HOLD BONDEDSENDER WARN MXRATE-ALLOW WARN #===== ADDITIONAL USED RBL IP4R TESTS ============= #MTLDB WARN INTERSIL WARN CSMA-SBL WARN SPAMBAG WARN FIVETENSRC WARN JAMMDNSBL WARN #==== RHBSL TESTS ===== DSN WARN NOABUSE WARN NOPOSTMASTER WARN MAILPOLICE-BULK WARN MAILPOLICE-PORN WARN MAILPOLICE-FRAUD WARN #==== OTHER TESTS ===== BADHEADERS WARN BASE64 WARN BCC WARN CMDSPACE WARN COMMENTS WARN DYNHELO WARN ENCODEDURL WARN HELOBOGUS WARN IPURL WARN MAILFROM WARN PERCENT HOLD REVDNS WARN ROUTING WARN SPAMHEADERS WARN SPFFAIL WARN SPFPASS WARN SUBJECTSPACES WARN SUBJECTCHARS WARN #NONENGLISH WARN #====== FILTERS ============= #SUBJECT WARN #WORD WARN #==== 3RD PARTY ============= #SNIFFER WARN #SPAMCHK WARN #INV-URIBL WARN #==== TRIGGERS ============= WEIGHT10 WARN WEIGHT11 WARN WEIGHT12 WARN WEIGHT13 WARN WEIGHT14 SUBJECT POSSIBLE SPAM WEIGHT15 SUBJECT POSSIBLE SPAM WEIGHT16 SUBJECT POSSIBLE SPAM WEIGHT17 SUBJECT POSSIBLE SPAM WEIGHT18 HOLD %DATE% WEIGHT19 HOLD %DATE% WEIGHT20 HOLD %DATE% # ADDITIONAL TESTS # The following tests are commented out by default because they are not commonly used (or they require a subscription). #BADWHOIS WARN #BOGONS WARN #COMPU WARN #DEVNULL WARN #DORKS WARN #DORKZTL WARN #DSBLALL WARN #DUL WARN #FIVETENDUL WARN #FIVETENOPTIN WARN #FIVETENOTHER WARN #FIVETENSRC WARN #FLOWGO WARN #GUARDBLOCK WARN #GUARDBULK WARN #GUARDDUL WARN #GUARDMULTI WARN #GUARDSINGLE WARN #GUARDSRC WARN #INTERSIL WARN #IPWHOIS WARN #NJABL WARN #NJABLDUL WARN #RBL WARN #RSS WARN #SELWERD WARN #SPAMTR WARN #SUMMIT WARN #V6NET WARN #VISI WARN #ZTA WARN #RBLPLUS WARN #DULPLUS WARN #RBLANDDUL WARN #RSSPLUS WARN #RBLANDRSS WARN #DULANDRSS WARN #MAPSALL WARN #CATCHALLMAILS IGNORE IPNOTINMX IGNORE NOLEGITCONTENT IGNORE ************************************************************************** ************************************************************************** And just in case virus.cfg # # Declude Virus configuration file # CODE xxxxxxxxxxx # The "####" in the LOGFILE option gets replaced with the month/date LOGFILE spool\vir####.log LOGLEVEL low # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. SCANFILE C:\trend\engine\vscanwin32.com /NB /NM /nc VIRUSCODE 1 # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'virus' (\IMail\spool\virus). VIRDIR smartermail\spool\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. MAXATONCE 0 # # The following options allow you to limit scanning to only incoming or outgoing # E-mail, with v1.13 and higher. INCOMING ON OUTGOING ON # # The ONACCESS option should be set to OFF unless you have an on-access virus scanner # that will be deleting attachments with viruses. It is recommended NOT to have an # on-access scanner interfering, and to leave this at OFF. # ONACCESS OFF # # The SCANNERTIMEOUT option lets you choose the number of seconds that Declude will # wait for the virus scanner to finish. The minimum value is 10 seconds. Most # scanners will not need to take that long. This option is mainly to prevent # defective scanners (that never finish) from interfering with your outgoing E-mail. # Raising this will NOT help if your virus scanner always times out. # SCANNERTIMEOUT 60 # # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG SKIPEXT PNG # # The BANEXT option will let you ban file extensions. E-mails containing attachments # with these file extensions will be quarantined, and if you have a BANnotify.EML file, # it will be sent out. This works in the Standard and Pro versions. # BANEXT scr BANEXT pif BANEXT exe BANEXT com # # The BANEXT EZIP line blocks all encrypted .ZIP and .RAR files, which is necessary # to be fully protected against viruses (since it is impossible to detect a well- # constructed virus within an encrypted .ZIP or .RAR file). # BANEXT EZIP # BANEXT zip BANEXT rar BANEZIPEXTS OFF # # Declude Virus Pro can pre-scan HTML files. If no dangerous code is detected, the # virus scanner will not get called. This can significantly cut down on CPU usage. # PRESCAN OFF # # Declude Virus can block treat files using CLSID extensions as viruses. This type of # extension will force a certain type of program to be run, while making the file appear # to be a .TXT or other safe file. There is no known legitimate reason to send this # type of file through E-mail. BANPARTIAL ON bans the Partial Vulnerability. # BANCLSID ON BANPARTIAL ON # # The FOOTER lines will add a footer to the bottom of E-mails that are scanned. This may # not be visible if you send HTML or attachments with the E-mail. # #FOOTER --- FOOTER [This E-mail scanned for viruses by Declude 2.0.6 ANTI-Virus] # # The DELETEVIRUSES option, when set to ON, will delete viruses, rather than quarantine them. # It is recommended to leave this at OFF. # DELETEVIRUSES OFF # # The DELIVERERRORS option, when set to ON, will treat errors from the virus scanner as if no # virus was found. When set to ON, this could cause viruses to get through in rare situations, # but will also prevent legitimate mail from being quarantined due to an error in the scanner. # It is recommend to leave this at ON. # DELIVERERRORS ON # # The BANCRVIRUSES option will automatically treat E-mail with malformed headers that could # contain a virus as if they did contain a virus. It is strongly recommended that you keep # this set to ON; otherwise, viruses could slip through. # BANCRVIRUSES ON # # The FORGINGVIRUS option is used to list viruses that forge the return address, so Declude # can replace the name of the sender with "[Forged]". # FORGINGVIRUS Klez [This E-mail scanned for viruses by Declude 2.0.6 ANTI-Virus] [This E-mail scanned for viruses by Declude 2.0.6 ANTI-Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
