Matt and Dave: First of all thank you very much for answering my post. I am using fpcmd.exe
Here is my config lines, in case I am missing some important switch. SCANFILE1 D:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE1 3 VIRUSCODE1 6 REPORT1 Infection: Any way, I already contacted one of my clients who's IP is sending lots and lots of emails with virus to our mail server. I believe they are sending probably 80% of the virus I am getting. He confirmed that they were infected and that they are running a clean up task. They have over 600 computers so it takes quite some time to make sure they are all clean. I am also narrowing other IPs to contact the owners. Besides, Declude is running 25 simultaneously -default-. If tomorrow I get overflow messages I will increase the number of processes in the declude.cfg file to see if that improves the delivery. I just have to make sure I don't crash the server. I may also increase the number of Imail threads to 40 or 50 By the way I found interesting and useful support text regarding delayed delivery here http://www.declude.com/help_answer.asp?ID=122 -Imail's SMTP Sending Architecture- Again thanks for your help -Luis Arango > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of Matt > Sent: Martes, 03 de Mayo de 2005 09:07 p.m. > To: Declude.Virus@declude.com > Subject: Re: [Declude.Virus] w32/Sober.O virus > > If you aren't running fpcmd.exe as Dave suggested, that would definitely > be the first place to start. You need to purchase F-Prot instead of > using the free DOS scanner to get fpcmd.exe. > > This is not normal behavior for Sober, but I have seen some viruses get > really bursty. For instance, one client that has a massive newsletter > would get hammered by viruses because of harvesting of their addresses > from the newsletter. Some viruses also can hammer you with huge volume > from a single computer. You might want to look at the IP's that are > sending the viruses and see if these can be narrowed down to just a few > computers for the bulk of the messages. > > Aside from that, Declude JunkMail is generally leaner than Declude > Virus, and you might get a boost by having Declude JunkMail run first, > where many of the viruses would be blocked and then wouldn't need to be > virus scanned. You would need to be deleting the spams for them to not > get scanned by Declude Virus however, maybe Hold also prevents it, but > I'm pretty sure that the other actions will still result in them being > virus scanned under this alternative configuration. This is also much > more beneficial when you run multiple virus scanners since more CPU can > be saved this way. F-Prot is generally very efficient. > > Matt > > > > Panda Consulting S.A. Luis Alberto Arango wrote: > > >FYI: > >Today we were flooded with a massive incoming emails containing Sober.O > >(f-prot) virus. > > > >We receive aprox 15% of viruses out of all the emails we process. Today > the > >figure raised to almost 40%. > > > >It fulfilled the overflow folder and there were delays of about 2 to 5 > hours > >to deliver non-virus emails > > > >We received the first email with virus at 12 (noon) may 2. Our f-prot > >signature files were not updated -we update every 4 hours- and we let 27 > >emails with viruses passed through. There was nothing we could do about > it. > >The virus was discovered the same day by Symantec, F-prot and others. > > > >Our F-prot received signature files at 1:30 pm and from that time on we > have > >catched about 9000 emails out 30,000 > > > >The folder is full with 3000 emails and is not able to be handled as fast > as > >we would want with declude/f-prot. > > > >Q: > >Is there something we can do to avoid such delays delivering emails other > >than use Imail Kill list, catching the computers delivering the viruses > and > >moving to a strongest server. > > > >Bye > > -Luis Arango > > > > > > > >______ > >[Email scanned for viruses by Panda Consulting -www.pandacons.com-] > >[Email escaneado contra virus por Panda Consulting -www.pandacons.com-] > > > >--- > >This E-mail came from the Declude.Virus mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.Virus". The archives can be found > >at http://www.mail-archive.com. > > > > > > > > > > -- > ===================================================== > MailPure custom filters for Declude JunkMail Pro. > http://www.mailpure.com/software/ > ===================================================== > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > ______ > [Email scanned for viruses by Panda Consulting -www.pandacons.com-] > [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] ______ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
