I had posted a question to the IMail list that Scott suggested I post here for comment. I'm sorry in advance if it's been covered recently, but being new to the group, I would have missed it...
1. We're running Declude-AV with FProt. Works pretty well, but some things have been getting through lately.
With regards to how Declude works, suppose I host a domain & email accounts on the server (Imail 7.07) and someone @AOL sends an infected file to my client.
Does Declude scan it at the time it is received from the AOL server? Does it scan again when my client checks mail?
My suspicion on why some things are being missed is that some messages are being sent in prior to the AV software setting a definition for it.
So what we've been seeing is the latest BAGLE, etc., getting through Declude/FProt but being picked up on the client's machine running Norton locally.
Does this make sense?
2. I'm looking to add McAfee as a second scanner. We have the AntiVirus Suite, which includes the enterprise scanner and the command line scanner. I'm trying to figure out how to configure this so:
(1) it uses the command line scanner and
(2) it benefits from the "live update" feature of the Enterprise scanner.
3. Being new to the list, the first message received ended up in my SPAM folder. Here's the header I received. My questions are (1) why are these things being flagged, and (2) are these headers being set by the Declude mail server before it is being sent to me, or being set by my mail server when it receives the message from the list?
From: "Douglas Cohn" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: [Declude.Virus] Could not find parse string Infection: in report.txt
Date: Sat, 20 Mar 2004 14:16:31 -0500
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AcQOqvPBJ1XiWpwqRTaeheyv0XPlogABLBQg
X-RBL-Warning: BLARSBL: This E-mail came from 64.15.255.80, a potential spam source listed in BLARSBL. [2-2-1000]
X-RBL-Warning: FIVETENIGNORE: 69.167.74.216.blackholes.five-ten-sg.com. [2-20-a000]
X-RBL-Warning: NJABLSOURCES: "C&W / TranSend, Inc. spam house -- 1072977278" [2-40-14000]
X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: -6. [2-97-30800]
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [4000020e]. [2-98-31000]
X-Note: This E-mail was scanned for viruses by Declude Virus (www.declude.com)
X-NRecips: 1
X-Reverse-IP: mail.internetny.com
X-Weight: -4 (BLARSBL, FIVETENIGNORE, NJABLSOURCES, SPFUNKNOWN, HEUR1, SPAMCHK, SPAMHEADERS)
X-Country-Chain: UNITED STATES->destination.
X-Declude-Sender: [EMAIL PROTECTED] [64.15.255.80]
X-Declude-Spoolname: D988d02c4043ae160.SMD
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-Declude-Sender: [EMAIL PROTECTED] [24.107.232.14]
X-Note: This E-mail was scanned by Declude JunkMail 1.75 for spam.
X-Spam-Tests-Failed: None [-8]
X-Note: This E-mail was sent from cpe-24-107-232-14.ma.charter.com ([24.107.232.14]).
X-RCPT-TO: <[EMAIL PROTECTED]>
Sorry to ask so many questions on the first post, but hopefully I'll get up to speed on the nuances of Declude and be able to make some useful contributions.
Thanks all!
--- [This E-mail scanned for viruses by Declude Virus]
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
