> Or, with the >latest release (1.52 or higher), it is possible to have the declude.exe >ile act as the smtp32.exe file, so that Declude can intercept the web >messaging E-mail (this is done by renaming the smtp32.exe file to >ipsmtp.exe, renaming the declude.exe file to smtp32.exe, using a >"DAISYCHAIN ipsmtp.exe" line in the virus.cfg file, and using regedit to >change the HKEY_LOCAL_MACHINE\Software\Ipswitch\IMail\Global\SendName value >to point to smtp32.exe instead of declude.com, then stopping/restarting the >IMail SMTP service).
Tried that and sent the eicar test file, but vir1025.log shows errors... 10/25/2002 16:42:40 Q76778da028b MIME file: eicar.com [7bit; Length=70 Checksum=4642] 10/25/2002 16:42:40 Q76778da028b Scanner 1: Virus=: EICAR test file NOT a virus. Attachment=eicar.com [0] O 10/25/2002 16:42:40 Q76778da028b Found a bogus .com file 10/25/2002 16:42:40 Q76778da028b File(s) are INFECTED [13] 10/25/2002 16:42:40 Q76778da028b Deleting file with virus 10/25/2002 16:42:40 Q76778da028b Deleting E-mail with virus! 10/25/2002 16:42:40 Q76778da028b Scanned: CONTAINS A VIRUS [MIME: 2 207] 10/25/2002 16:42:40 Q76778da028b From: [EMAIL PROTECTED] To: 10/25/2002 16:42:40 Q76778da028b Subject: dskdjksdjklsdfjkl 10/25/2002 16:42:40 Q76778da028b ERROR: No recipients in .eml template file 10/25/2002 16:42:40 Q76778da028b ERROR: No recipients in .eml template file 10/25/2002 16:42:40 Q76778da028b ERROR: No recipients in .eml template file Todd Praski Dotcom Ltd. 115 N. University Dr. Ste. A Nacogdoches, TX 936-559-0001 -----Original Message----- From: [EMAIL PROTECTED] [mailto:Declude.Virus-owner@;declude.com]On Behalf Of R. Scott Perry Sent: Friday, October 25, 2002 12:24 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Web Messaging Emails bypass declude >We (ISP) are currently running IMail v7.13, Declude Virus Pro 1.60, Declude >JunkMail Pro 1.60 and Killer WebMail Templates for Web Messaging. I would >guess that approx. 10% of our subscribers use Imail's Web Messaging for >sending/receiving their email. This question concerns emails not being >handled by the declude processes when sent via Web Messaging.<---I am >correct on this aren't I? > >Does anyone know of a workaround for this? Either from Declude or IMail? You are correct (all their incoming mail is scanned, but the mail sent from web messaging often bypasses Declude). The first thing to realize is that it would be rare for a virus to get transmitted that way. The only way that a virus can be spread by web messaging is if [1] The sender already has a virus on their computer, and [2] The sender sends an E-mail and clicks the "Attach File" button, and [3] They attach a file that was infected by the virus that is on their computer, and [4] The file they attach is an executable file. If a user sends an E-mail from web messaging and does not intentionally attach a file to it (a virus can't do that by itself), it cannot contain a virus. If they send an attachment that is not infected (few, if any, viruses will attach themselves to all the files on the hard drive), it will not contain a virus. If they send a .jpg picture or .mp3 file, for example, it can't contain a virus. If a virus *is* sent, it will only be sent to the person (or people) that the sender specifies, and nobody else. You can, however, use an on-access scanner to scan the \IMail\spool directory (but not the subdirectories off of \IMail\spool), so that any viruses that are uploaded via web messaging will be deleted. Or, with the latest release (1.52 or higher), it is possible to have the declude.exe file act as the smtp32.exe file, so that Declude can intercept the web messaging E-mail (this is done by renaming the smtp32.exe file to ipsmtp.exe, renaming the declude.exe file to smtp32.exe, using a "DAISYCHAIN ipsmtp.exe" line in the virus.cfg file, and using regedit to change the HKEY_LOCAL_MACHINE\Software\Ipswitch\IMail\Global\SendName value to point to smtp32.exe instead of declude.com, then stopping/restarting the IMail SMTP service). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
