I switched from i5 to i8 6 hours ago. Until now I can see two empty vir
directories. Before I've had one undeleted vir directory per month. (5000 to
7000 msgs / day)
I'm using
BANEZIPEXTS ON
BANEXT (file extensions)
Markus
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Wednesday, March 03, 2004 1:56 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files Matt, Thanks, I don't have the old format listed BANEXT EZIP, I pulled it out and only list the two: BANEZIPEXTS ON BANZIPEXTS ON BANEXT (FILE EXT) Not sure where to go from here, but I had over 200 vir directories this morning when I checked, thus I know i7 is working. Thanks, Keith -----Original Message----- From: [EMAIL PROTECTED] on behalf of Matt Sent: Wed 3/3/2004 2:08 AM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files Keith, I'm not sure about your config, but we did detect an executable within a password protected file (identified by the text of the captured file) and blocked it according to our config settings. I did remove the BANEXT EZIP setting, maybe if you have both the new and the old format, this will create issues??? Anyway, this is working for me I think: ----- Virus.cfg ----- BANEZIPEXTS ON BANEXT BAS BANEXT BAT BANEXT CMD BANEXT COM BANEXT EXE BANEXT MSI BANEXT MSP BANEXT MST BANEXT PIF BANEXT REG BANEXT SCR BANEXT SCT BANEXT VB BANEXT VBE BANEXT VBS BANEXT WSC BANEXT WSF BANEXT WSH ----- Log File ----- 03/03/2004 01:12:04 Q77320ad90180418d MIME file: Information.zip [base64; Length=12424 Checksum=1573366] 03/03/2004 01:12:04 Q77320ad90180418d Banning .ZIP file with EXE extension. 03/03/2004 01:12:07 Q77320ad90180418d Scanned: Banned file extension. [MIME: 2 12942] 03/03/2004 01:12:07 Q77320ad90180418d From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] 03/03/2004 01:12:07 Q77320ad90180418d Subject: Warning about your e-mail account. ----- Source Snippet ----- For security purposes the attached file is password protected. Password is "24247". Matt Keith Johnson wrote: >Scott, > I dropped back to 1.78i7 and that eicar zip file test (encrypted with com file in it), got caught right away and showed up in the log, however, I am back to the directories not being removed. Any thoughts? > > I wish I had something to show you in the logs with i8, however, nothing shows up in the logs, it just passes straight through. > >Keith > > -----Original Message----- > From: Keith Johnson on behalf of Keith Johnson > Sent: Wed 3/3/2004 1:37 AM > To: [EMAIL PROTECTED] > Cc: > Subject: RE: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files > > > Scott, > I don't think 1.78i8 is working correctly. Since moving to i8 from i7, I haven't noticed any zip's with viruses in them come through the log. I thought it was me, however, I password zipped up an eicar virus (first testing it plain to ensure it was blocked), then sent it through and I got it unaltered. I haven't seen any logs (running MID) that we blocked any, and I have know we are getting hammered with them. Do you have any thoughts? I may need to fall back to i7 to ensure. Thanks, > > Keith > > -----Original Message----- > From: [EMAIL PROTECTED] on behalf of R. Scott Perry > Sent: Tue 3/2/2004 6:39 PM > To: [EMAIL PROTECTED] > Cc: > Subject: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files > > > > We now have a new interim release 1.78i8 of Declude Virus Pro at > http://www.declude.com/interim that will look for invalid .bat, .com, .pif, > and .scr files, and will treat them as vulnerabilities. It is expected > that this will cut down significantly on the impact of future viruses in > the time before new virus definitions are available. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > since 2000. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > > > -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
<<attachment: winmail.dat>>
