recipient who cannot do something about it as then mail is
held on the server in a directory where only the postmaster has access.
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
tio
hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040
Hi Andy,
What tool are you using to specify x days old when deleting? Or are you
allready using Powershell?
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
tio
hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
b.blok
.*
Del /Q C:\IMail\spool\proc\work\*.smd.tmp
net start Decludeproc
echo %Date% %Time% End CleanTemp >> %LogFile%
exit
-
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
tio
hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el
. :-(
The only option I have is to mangle the attachment name in such a way Declude
wil leave it alone, hoping the receiver is smart enough to do what I want them
to do but never to do it when somone else asks them to do something like that.
;-)
Met vriendelijke groet,
Bonno Bloksma
senior
with this vulnerability.
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
tio hogeschool hotelmanagement en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
b.blok...@tio.nl / www.tio.nl
---
This E-mail came from the Declude.Virus mailing list. To
u
those need to be able to handle IPv6 addresses. Declude will be one of the
programs that needs to have a look at which parts of the program will be
affected by this.
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio
hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindho
those need to be able to handle IPv6 addresses. Declude will be one of the
programs that needs to have a look at which parts of the program will be
affected by this.
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio
hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindho
.
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED] / www.tio.nl
- Original Message -
From: Kevin Rogers
To: Declude.Virus@declude.com
Sent
ix but the message needs to be delivered anyway. So
if it gets caught again because the sender ip is still listed... that is not
what I want, I need to have it delivered to the users mailbox.
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hospitality en toeris
scan
deleted mail.
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED] / www.tio.nl
- Original Message -
From: David Barker
To: declude.
possible copy, routeto,
etc statements can we at least have it for the HOLD action asap?
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED] / www.tio.nl
clude\scanners\ClamAV
directory that seems to suggest something else.
So where is a HOWTO to get it up and running with Declude? I'm sure I'm not the
first to look at the combination, so how dit YOU do it. :-)
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool
g 4.4.0 later this week.
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED] / www.tio.nl
- Original Message -
From: David Barker
To: declude.viru
e uses the "real" name of a virus
when multiple scanners report a virus and some don't know the name?
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROT
program. I used to be able to extract uuencoded stukk with my zip archive tool
but... What to use for base64 encoded stuff?
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
Hi,
For those of us who use ClamAV
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hotelmanagement en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED] / www.tio.nl
- Original Message -
From: Moritz
ch I can change.
Is there something similar that we can use?
p.s. I assume they mean IMail1 as there is no IMail.exe in the IMail directory.
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hotelmanagement en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040
ch I can change.
Is there something similar that we can use?
p.s. I assume they mean IMail1 as there is no IMail.exe in the IMail directory.
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hotelmanagement en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040
64
Content-Location:
http://server/share/docs/BacoDiscussionsBlob.asp?ID={A1243322-3030-48BF-BD72-8A248CB26090}
I'm assuming this Content-Location can be easily spoofed right? Or could I
somehow convince Declude to pass these mails when there is a specific
Contect-Location
Met vriendelij
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hotelmanagement en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED] / www.tio.nl
- Original Message -
From: Darin Cox
To: declude.virus@declude.com
AUTH.
Currently this is not possible I think, would be a nice option though.
How do others currently circumvent this problem?
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hotelmanagement en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237
Hi,
Yes, mee to, see my other mail in this forum.
I've tried to send a false positive report to ClamAV but I'm not sure it got
there. :-(
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hotelmanagement en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t
program so
I don't think the Bugzilla page is the right place. If I need to report it via
a mailing list, which one?
3) How I can check whether my report was received?
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hotelmanagement en toerisme
begijnenhof
os so all seems to be woking. Both
scanners are also correctly updating their database.
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hotelmanagement en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED] / www.tio.
Hi,
And...?
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hotelmanagement en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED] / www.tio.nl
- Original Message -
From: David Barker
To
them
(with a few exeptions) get called in a situation.
Groetjes,
Bonno Bloksma
- Original Message -
From: "GlobalWeb.net Webmaster" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, April 19, 2006 7:15 PM
Subject: RE: [Declude.Virus] How to delete quarantined messages ?
he latest 3.0.x version
as that is the only correct working combination. And if there are any
problems running THAT combination the guys/gals at Declude are determined to
fix it.
Groetjes,
Bonno Bloksma
---
[E-mail scanned at tio.nl for viruses by Declude Virus]
---
[This E-mail was scanned
Hi John,
BANZIPEXT on
#BANEZIPEXT on
Try "BANZIPEXTS ON" noting the s in there.
Oops, thanks.
Is there any syntax warning for stuff like this in Declude, in the logfiles
or using the Diag parameter? I could not find anything in my Declude vir
logfiles.
Groetjes,
Bon
Hi,
I must be missing something. I thought I had
blocked exe's in zip's but some new virusses came through using the exe in zip
trick. here is my virus.cfg, what am I missing?
## Declude Virus configuration file##
This file was distributed with v2.0#
CODE
x
as wel. :-(
Sure glad I'm using two scanners. ;-)
Met vriendelijke groet,
Bonno Bloksma
---
[E-mail scanned at tio.nl for viruses by Declude Virus]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubsc
g them and there is as of yet no update. Just
did a manual update and no new version. I'm at:
SIGN.DEF 2-may-2005, 13:32 CET
SIGN2.DEF 2-may-2005, 16:46 CET
Using f-prot 3.16b
Groetjes,
Bonno Bloksma
- Original Message -
From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
To:
Sen
2-may-2005, 16:46 CET
Using f-prot 3.16b
Groetjes,
Bonno Bloksma
- Original Message -
From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
To:
Sent: Monday, May 02, 2005 8:37 PM
Subject: RE: [Declude.Virus] Viruses appearing to be getting through...
F-Prot may have already fix
Hi,
> Hi Bonno,
> thank you.
> Looks terrific !
It's only an adaptation of what someone else posted overhere so I can't take
all the credit. ;-)
Groetjes,
Bonno Bloksma
---
[E-mail scanned at tio.nl for viruses by Declude Virus]
---
This E-mail came from the Declude.Viru
%LOGFILE% Error moving SMD files to VirusDay1 directory
Dir . /a >> %LogFile%
Goto Einde
:ErrMov1g
%DTLOG% %LOGFILE% Error moving GSC files to VirusDay1 directory
Dir . /a >> %LogFile%
Goto Einde
:Einde
SET LOGFILE=
SET DTLOG=
Exit
Groetjes,
Bonno Bloksma
---
[E-mail scanned at
ils too". ;-)
p.s. get the unix tool from sourceforge. http://unxutils.sourceforge.net/
(Get the Utilities and the Updates)
Groetjes,
Bonno Bloksma
---
[E-mail scanned at tio.nl for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This
Hi Jim,
> >Here are the relevant lines for the config file:
> >
> >
> >SCANFILE C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM
/ARCHIVE=3
> >/NOBOOT /NOFLOPPY /DUMB /REPORT=report.txt
Remove the /NOFLOPPY when using fpcmd.exe
Groetjes,
Bonno Bloksma
---
add AVAFTERJM, it will accomplish this. This tells
> Junkmail to run first, then if it's not spam, run the AV.
Sorry forgot, don't want to use that option because of the danger it implies
when returning a mesage to the queue.
> One caveat is that if you move a message from s
erability reports to the sender when it's not spam. Does anybody
know of a way?
I'm using Virus Pro and JM standard.
Groetjes,
Bonno Bloksma
yone, or maybe
f-prot themselves, any info on that? Does returncode 8 generate false
positives and if so, how many?
Groetjes,
Bonno Bloksma
Back up my hard drive? How do I put it in reverse?
---
[E-mail scanned at tio.nl for viruses by Declude Virus]
---
[This E-mail was scanned for viruse
DTLOG% %LOGFILE% Error Renaming VirusDay%RotDay% directory
Goto einde
:ErrMov1s
%DTLOG% %LOGFILE% Error moving SMD files to VirusDay1 directory
Dir . /a >> %LogFile%
Goto Einde
:ErrMov1g
%DTLOG% %LOGFILE% Error moving GSC files to VirusDay1 directory
Dir . /a >> %LogFile%
Goto Einde
:Ein
d the update manually and noticed
it got an update. So MAYBE there is a problem with the update routine
when the servers are in the process of being updated themselves and don't
accept connections, or something like it.
Hmmm I think I'll CC this to [EMAIL PROTECTED]
Groetjes,
Bon
that's all the information I can find on that site, they have heard
of it and are catching it.
2) Is this a forging virus we need to add to the
list? If so, does Declude allready have it in his forging virus
list?
Groetjes,
Bonno Bloksma
virus front overhere (NL).
Groetjes,
Bonno Bloksma
- Original Message -
From:
Markus Gufler
To: [EMAIL PROTECTED]
Sent: Wednesday, July 28, 2004 12:10
PM
Subject: [Declude.Virus] wave of unknown
viruses?
I'm not sure but
in the last few minutes I ca
is in *one*
place where it can do the most good, any other place can simply use the info
it provides.
Scott, maybe updating the default config to reflect this would be a good
idea.
Groetjes,
Bonno Bloksma
Back up my hard drive? How do I put it in reverse?
- Original Message -
Fro
ally gone,. I can find only one reason today, either the sender or
receiver is on a slow dial-up and want's to send/receive across *dial-up
sessions* for whatever reason. If that's the case, maybe they should split
up the file beforehand using ZIP/RAR/etc. and sent eacht part seperate
/02/2004 19:09:51
Q2b5d083f02240435 Scanned: CONTAINS A VIRUS [MIME: 439830]05/02/2004
19:09:51 Q2b5d083f02240435 From: <> To: [EMAIL PROTECTED][incoming from
192.87.5.144]05/02/2004 19:09:51 Q2b5d083f02240435 Subject: Undelivered Mail
Returned toSenderGroetjes,Bonno Bloksma Back up
m
did not produce
*any* hit. Maybe that should be adressed as well, as it is a big feature of
Declude virus.
Groetjes,
Bonno Bloksma
ed: CONTAINS A VIRUS [MIME: 4
37310]
04/26/2004 20:44:17 Q588000ad02465470 From: <> To: [EMAIL PROTECTED]
[incoming from 192.87.5.144]
04/26/2004 20:44:17 Q588000ad02465470 Subject: Undelivered Mail Returned to
Sender
Groetjes,
Bonno Bloksma
Back up my hard drive? How do I put it i
anymore.
Met vriendelijke groet,
Bonno Bloksma
- Original Message -
From: "Scott Fisher" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 23, 2004 3:54 PM
Subject: Re: [Declude.Virus] W32.Netsky.Q got through..
I've noticed that Virusscan does a bet
rom: <> To: [EMAIL PROTECTED] [incoming
from 131.174.93.39]
04/19/2004 08:55:47 Q77f00fb601282210 Subject: Undelivered Mail Returned to
Sender
Groetjes,
Bonno Bloksma
- Original Message -
From: "Postmaster" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent:
. Any update on 1.79 scanning mail from the webinterface as well?
I'm
> >still on 1.78i28 because of that.
>
> The latest interim release should scan web messaging E-mail again.
I'll update to the latest interim on monday then. I won't introduce a change
like that minutes
top of the
mail?
Groetjes,
Bonno Bloksma
Will general stuff like this be available on a static
link we can refer people to?
Groetjes,
Bonno Bloksma Back up my hard drive? How do I put it in
reverse?
Hi Scott,
If I understand the IMail directory structure correctly the spool\web
directory is only used for mail attachments sent via the webinterface. If
that is indeed the case then here a logfile from Sophos to show you why it
is important to scan webmail for virusses.
Groetjes,
Bonno Bloksma
needs to be BANnotify.eml
While we are on the subject, can I easily delete e-mails with a 0 byte zip
file, as they are just broken virusses anyway?
Like I wrote below, I have IMail (8.05), Declude (1.78i28) Junkmail standard
and virus pro
Met vriendelijke groet,
Bonno Bloksma
- Original
ncrypted files. I could
not find this option in the test virus menu yet.
Of course it's quite easy to create those files myself but this would
probably be another hint about the quality of Declude.
Groetjes,
Bonno Bloksma
---
[This E-mail scanned for viruses by Declude Virus using f-prot and
MAIL PROTECTED] to: [EMAIL PROTECTED]
Date: 12/22/2003 14:57:23
Subject:Test eicar.com file [eicarzip]
Spool File: Df84100200154a8a7.SMD
Remote IP: 216.58.174.203
Headers:
[...]
As you can see Declude is using the right template. I guess it's time for
t
vered.
1 file out of 1 was infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email [EMAIL PROTECTED]
or telephone +44 1235 559933
Ending Sophos Anti-Virus.
--
Met vriendelijke groet,
Bonno Bloksma
---
[This E-mail scanned for viru
names which are forging viruses and is
maintained by/for Declude.
> but forging..
Yeah. :) It's not the dns which is being forged which kinda gets you on the
wrong track.
> Probabaly something simple though. :P
Yup. ;-)
Groetjes,
Bonno Bloksma
Back up my hard drive? How do I put
#x27;t
want that for whatever reason.
Groetjes,
Bonno Bloksma
Back up my hard drive? How do I put it in reverse?
- Original Message -
From: "Karen D. Oland" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 25, 2003 7:46 PM
Subject: RE: [Declude.Virus
Hi,
It seems the templates at the Declude site are not updatet yet. So euther
Scott did not get around to it yet or he has other information. We got a few
Sobers as well and they claim to have come from an alias we only use for
receiving mail.
Met vriendelijke groet,
Bonno Bloksma
nse was it clean?Groetjes,
Bonno Bloksma Back up my hard drive? How do I put it in
reverse?
Hi,
I'm thinking of leaving the banext in place but
want to allert the sender and/or recipient when a mail is being held. I've
downloaded the BANnotify.eml file but don't see how Declude decides when to use
it. Do I need to put any extra control lines at the beginning?
Gr
stalled if they fix something you need to have fixed. Or make it a policy
to update every 3 months to the latest version that is free to you at that
time. I started at 7.00 and am now at 7.07HF2.
Groetjes,
Bonno Bloksma
Back up my hard drive? How do I put it in reverse?
---
[This E-mail scan
y the virus scanner.
Well guess what, Scott, THANK YOU, because a few hours later today after the
virusscanner was updated it turned out this exe file contained a virus
called W32/Lirva.D@mm. Am I glad Declude is catching those MIME errors as
well. :-)
Groetjes,
Bonno Bloksma
Back up my hard dri
id Declude not scan it the second time? Because it was a local
delivery? Are *all* local deliveries not scanned? Can somebody please tell
me what the process was that happened here so I can better understand it and
better understand possible gaps in the virus security.
Met vriendelijke groet,
Bon
e (lots of whitespace in a filename) but now it is
visible, in stead of hidden beyond the end of our screen.
Met vriendelijke groet,
Bonno Bloksma
- Original Message -
From: "Postmaster" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 09, 2002 11:
Thanks again!
You're welcome.
Groetjes,
Bonno Bloksma
Back up my hard drive? How do I put it in reverse?
-Original Message-
From: John Tolmachoff [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 03, 2002 10:40 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Opinion on Virus
68 matches
Mail list logo