Re: [Declude.Virus] Burnt by double failure today

[Matt]

John, BANZIPEXTS is not a practical solution for a service such as ours.  We would block many legitimate messages and this system would only allow for renaming files to get them through virus scanning, which is a bad idea when Windows defaults to hide extensions as it leaves the majority of users without a practical option. I can't claim perfection, but rule #1 is to deliver the good E-mail, rule #2 is to block the bad.  That will never change for me. Matt John Tolmachoff (Lists) wrote: Matt, even though F-Prot or AVG may not have been catching them (I use both) banned extensions and BANZIPEXTS along with the Invalid COM and Invalid SCR certainly caught them. Not one got through. Thanks Scott and Declude. John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, July 19, 2004 9:32 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Burnt by double failure today Just to expand upon a thread on the JunkMail list, I was burnt today by a failure in F-Prot to properly detect standard zip file viruses from the new variant today (it was throwing ERROR 8 until about 6 p.m. EST), and AVG's issues stemming from broken support of their /ARCW and /RTW switches essentially means that AVG won't report on zip files containing viruses and therefore Declude is useless with zip files and AVG version 7.0.251 or later, which is too bad because it appears that AVG released the new definitions before 90% of this virus traffic hit which was missed by F-Prot. The net result of this in combination of a huge outbreak of viruses today was about 130 of these zip files getting through Declude Virus and I would imagine that between 10% and 20% of these got through Declude JunkMail. The bulk of this happened in just 3 hours. I wrote AVG about this issue, but I don't think I care to wait for a fix at this point. They broke their product 3 ways on June 10th and still haven't fixed it. I'm ready to take another look at Clam-AV which was still having issues with Clamd the last time I checked. If anyone has some updated information on the daemon's Window's support and stability, please chime in. Matt -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================