Declude 4.10.42
JM ADD Add IMail support for SQL Database. Declude can check the
SQL DB for Autowhitelist
JM ADD IPNOSCAN for IMail
JM ADD Add a new directive POSTINIFIX uses either ON or OFF in the
declude.cfg file. Postini is a large managed email service which amends the
header structure. The Postini fix helps Declude correctly identify
Postini headers. To configure use POSTINIFIX ON
JM ADD Add the Recipient, mailfrom and subject information to the
blklst.txt file. The format blklst.txt file is
Date|time|spool#|IP|TotalWeight|LastAction|RecpList|mailfrom|subject|testsfa
iled
JM ADD IPBYPASS can be configured with CIDR
JM ADD New Header directive XWHITELIST ON in the global.cfg
will give the reason for why the email was WHITELISTED in the header of the
email.
JM ADD Integrated Message Sniffer with Declude. Will use Declude
rulebase. (If you are a current Message Sniffer user this does not apply to
you unless you want to switch and use the Declude rulebase) To
configure the SNF files need to be edit by the user, where the [PATH] needs
to be the actual path on your server.
getRulebase.cmd
SET SNIFFER_PATH=[PATH]\declude\scanners\SNF\
Snf_engine.xml file
<log path='[PATH]\declude\scanners\SNF\'/>
<rulebase path='[PATH]\declude\scanners\SNF\'/>
<workspace path='[PATH]\declude\scanners\SNF\'/>
<update-script on-off='on'
call='[PATH]\declude\scanners\SNF\getRulebase.cmd' guard-time='180'/>
Global.cfg
SNFIPCAUTION SNFIP x 4 5 0
SNFIPBLACK SNFIP x 5 10 0
SNFIPTRUNCATE SNFIP x 6 10 0
IPREPUTATION SNFIP x 5 10 -5
SNIFFER-TRAVEL SNF x 47 10 0
SNIFFER-INSURANCE SNF x 48 10
0
SNIFFER-AV-PUSH SNF x 49 10 0
SNIFFER-WAREZ SNF x 50 10 0
SNIFFER-SPAMWARE SNF x 51 10
0
SNIFFER-SNAKEOIL SNF x 52 12
0
SNIFFER-SCAMS SNF x 53 10 0
SNIFFER-PORN SNF x 54 10 0
SNIFFER-MALWARE SNF x 55 10 0
SNIFFER-ADVERTISING SNF x 56 10
0
SNIFFER-SCHEME SNF x 57 10 0
SNIFFER-CREDIT SNF x 58 10 0
SNIFFER-GAMBLING SNF x 59 10
0
SNIFFER-GENERAL SNF x 60 10 0
SNIFFER-SPAM SNF x 61 10 0
SNIFFER-OBFUSCATION SNF x 62 10
0
SNIFFER-IP-RULES SNF x 63 10
0
SNFTRUNCATE SNF x 20 10 0
EVA FIX Fix for Virus test not catching the eicar test due to e-mail
formatting
HJ ADD Added a function to send a notify e-mail when hijack is
triggered and e-mails are being held in the Hold2 folder To turn the Hijack
e-mail notify on add the following directive to the
hijack.cfg.
HIJNOTIFY ON
Add the included HijackNotify.eml into the \Declude
directory. The email can be modified.
DEC ADD Added variable %AUTH% to show the authenticated sender of
the email
David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
[email protected]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [email protected], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
