Title: .vir directories in spool\proc
There
has been information on this issue on the Declude Junkmail list, which is
where most of the beta stuff is talked about.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Grant, contact me off list and we can test this.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Grant Griffith
Sent: Thursday, September 22, 2005 10:58 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Declude
There is an issue with both Hijack and Confirm with Beta 3.0.4.4. The issue
has to do with the handling of domain aliases. Declude is aware of the issue
and is working on it.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of
Everyone is banning vbe attachments, correct?
http://www.sophos.com/virusinfo/analyses/w32pegasa.html
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The
What are others thoughts on blocking eml and msg attachments?
If there is an eml or msg attachment which that has a executable or virus
attachment, will Declude properly decode it and will it be scanned for
viruses and banned attachments?
John T
eServices For You
---
This E-mail came from the
What is the payload inside the zip?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Matt
Sent: Monday, September 12, 2005 7:52 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Seemingly bad virus this morning
: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 11:55 AM
Subject: RE: [Declude.Virus] Seemingly bad virus this morning
What is the payload inside the zip?
John T
eServices For You
-Original Message-
From: [EMAIL
we could just insert an hour between 1am
PT/4am ET and 1:00:01am PT/4:00:01am ET. That would fix it.
Darin.
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, September 09, 2005 1:42 PM
Subject: RE: [Declude.Virus
and 1:00:01am
PT/4:00:01am ET. That would fix it.
Darin.
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, September 09, 2005 1:42 PM
Subject: RE: [Declude.Virus] Sudden Internet Slowdown
Nope, we here
: [Declude.Virus] Sudden Internet Slowdown
Them: When can we have it?
Me: Tomorrow.
Them: No, if we wanted it tomorrow, we'd ask for it tomorrow!
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent
While the site you are looking for is
called www.virustotal.com, here are steps you will probably have to take:
Basically what you will end up doing is
first finding what the registry key for it is, what is the actual executable
name, restart the computer in safe mode, and delete or
50 MB e-mail attachments?
Youch!
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Griffith
Sent: Thursday, July
07, 2005 8:36 PM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Limit
Size of
Title: Message
So the virus writer got a slap on the
wrist. Boy, that will sure send a message to would be virus writers.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Colbeck, Andrew
Sent: Friday, July
08,
Declude Virus has no definitions to update.
Are you using AFTERJM ON?
Logs, what do the logs say?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Daniel Ivey
Sent: Wednesday, June 08, 2005 12:54 PM
To:
Welcome Bill.
John T
[EMAIL PROTECTED]
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Billman
Sent: Friday, June 03,
2005 1:25 PM
To: Declude.Jun[EMAIL PROTECTED]; Declude.Virus@declude.com
Subject: [Declude.Virus] System
Of John Tolmachoff (Lists)
Sent: Wednesday, June 01, 2005 7:44 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] BitDefender updates
So far, it appears that the updates are only take place when some one is
actually logged in. In the last 4 days, the only time I have seen
Title: Message
And the answer is no you can not use
BCC, or even CC. Some one has asked before and Scott answered with the
technical explanation which I do not remember what it was.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of John Tolmachoff (Lists)
Sent: Friday, May 27, 2005 4:20 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] BitDefender updates
There updater is there, but like Jerry questioned does it require
ANYWAYS, what would be the comment from
Declude on this issue?
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Sunday, May 29, 2005
4:43 PM
To: Declude.Virus@declude.com
Subject: Re:
One of the servers I manage is getting hit with lots of messages being
caught with banned exe within zip.
They are coming from different IPs
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
])
Sent: Tuesday, May 31, 2005 8:22 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] New virus out?
John,
What do the filenames appear to be - any pattern either filename, subject,
body content etc?
Darrell
John Tolmachoff (Lists) writes:
One of the servers I manage
Since I am pressed for time and am presently unable to completely digest
what the vulnerability is and how to stop it, how can we configure our
Declude installs to protect/find/stop these messages?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Title: Message
Putting in 2 new drives was the easy
part.
Recreating 43 websites in IIS because
the backup drive on the backup server departed for parts unknown the week
before and proceeded with the tape drive (Onstream) finally giving out a month
ago leaving my backup solution in
Title: Message
Not unless it has been introduced as a
feature in 2.x.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
Sent: Tuesday, May 31, 2005
6:27 PM
To: Declude.Virus@declude.com
Subject:
Off the topic, but it interrupted my
work on my mail server.
Any one ever loose both mirrored OS
drives at the same time?
FUN FUN FUN
NOT!
At least Ghost is able to read the
master.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED]
mid-April. Fortunately it was just after midnight on a Friday, so we
had everything back up before morning and no one noticed the interruption in
service.
Was it Windows mirroring or hardware
level?
Darin.
- Original Message -
From: John
Tolmachoff
. It's
called the Firmware Maintenance CD.
Andrew 8)
-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
Sent: Monday, May 30, 2005
9:07 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus]
EXITSCANONVIRUS
Windows
: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, May 27, 2005 2:50 AM
Subject: [Declude.Virus] EXITSCANONVIRUS
A question about this new feature.
Am I correct in thinking that as soon as a scanner reports a virus, the
next
scanner(s) in line
PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Saturday, May 28, 2005 12:34 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] EXITSCANONVIRUS
Well, here is an example of what I was hoping not to see.
05/27/2005 23:35:14 Q112105DF2AB2 Vulnerability flags = 0 05/27
BANCRVIRUSES OFF
which leaves me with
BANCLSID ON
which has never been triggered.
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Saturday, May 28, 2005 12:34 AM
To: Declude.Virus
A question about this new feature.
Am I correct in thinking that as soon as a scanner reports a virus, the next
scanner(s) in line will not be called and the message will be processed
accordingly, and that it will not be affected by Declude first finding a
banned attachment before having it
.
David Franco-Rocha
Declude Technical Support
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, May 27, 2005 2:50 AM
Subject: [Declude.Virus] EXITSCANONVIRUS
A question about this new feature.
Am I correct in thinking
Support
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, May 27, 2005 11:17 AM
Subject: RE: [Declude.Virus] EXITSCANONVIRUS
Thanks. Is this a configurable meaning we have to have either ON or OFF?
John T
eServices
?
Jerry
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman
Sent: Thursday, May 26, 2005 9:52 PM
To: John Tolmachoff (Lists)
Subject: Re: [Declude.Virus] BitDefender updates
Since it appears that the free version of BitDefender
It will only ban those listed with
BANEXT, unless you are also using BANEXT ZIP.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher
Sent: Thursday, May
26, 2005 1:02 PM
To: Declude.Virus@declude.com
Since it appears that the free version of BitDefender works with Declude,
how do you go about doing updates, as it appears there is no auto update for
the free version.
Also, is any one using the standard version and if so is the command line
the same?
John T
eServices For You
---
This E-mail
Yahoo is accepting e-mail to user infected with the Sober.o virus and then
sending a bounce to the forged address saying the message can not be
delivered for user over quota.
Now, how funny is that?
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
One of the addresses it is using as the forged from address is the
postmaster address of one of my major clients.
I have received over 50 failure to deliver notices to that address from
all kinds of domains including AOL since noon today.
That means there are still way to many e-mail servers out
: Have you all running the latest v3.16b ?
I can't see any appearance of HTML/ObjData in the entire current
logfile, but I've still running 3.16a
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Tolmachoff (Lists
Is there a SKIPIFFILE similar to SKIPIFEXT for use in the BANNotify.eml
file?
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at
It appears that something has updated on F-Prot in the last hour. Now, a lot
of outbound HTML e-mails are being flagged by F-Prot as having the HTML
object exploit. Running the file on www.virustotal.com shows clean.
Any one else seeing problems?
For now, as I am at a client, I have turned off
I saw a big bunch about 2 hours ago that were stopped by banned zip
extensions.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Chuck Schick
Sent: Monday, May 02, 2005 10:58 AM
To: Declude. Virus
Subject: [Declude.Virus]
Q66F5EF3A00E815E6 From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [outgoing from
208.7.179.200]
05/02/2005 13:44:22 Q66F5EF3A00E815E6 Subject: RE: NCC Docket 2005 - 2
It looks like turning F-Prot off might be a good idea,
or at least configuring it to not delete viruses.
Matt
John Tolmachoff (Lists) wrote
or F-Prot
(although
I have F-Prot updates disabled for now, until they get there problem
with
HTML/[EMAIL PROTECTED] fixed).
Bill
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, May 02, 2005 11:11 AM
Subject: RE
Is it possible in the first place for malicious or executable code to occur
in a PDF?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Markus Gufler
Sent: Tuesday, April 26, 2005 10:40 AM
To: Declude.Virus@declude.com
: [Declude.Virus] How
to check VIRUSCODEs
John,
If you don't mind sharing, what was the issue that you had last week with
F-Prot throwing a code 8 on legitimate E-mail? Or did I get that wrong?
Thanks,
Matt
John Tolmachoff (Lists) wrote:
From my understanding is that code 8
means the file is suspect
From my understanding is that code 8
means the file is suspect but does not exactly match a known pattern in the
definition file. It is not automatically flagged for encrypted zips.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL
www.virustotal.com :: @ Hispasec Sistemas 2004 :: e-mail
[EMAIL PROTECTED]
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of John Tolmachoff (Lists)
Sent: Friday, April 15, 2005 2:33 PM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Another new
I am getting lots of banned attachment notices and lots of bounces in the
last 90 minutes.
THANKFULLY, I am blocking zip files which contain executables otherwise
these would have all be delivered to users.
Any one have an idea of what this one is, it is kind of acting like Bagle.
John T
I sent an encrypted zip file out, changing the .zip to ._ip. F-prot scanned
it and returned code 8, so Declude dutifly tagged it as infected.
Virus Code 8 means suspect, correct?
If this is what F-Prot is going to do, we need to rethink having
users/clients rename files.
04/14/2005 09:04:54.958
John,
I know that you don't follow this logic, but banning regular zips is
extreme and unnecessary IMO. Declude will scan any attachment
Matt, my original post said encrypted zips. This was an encrypted zip and
contained a executable.
I do not ban regular zips unless they contain an
AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus]
F-Prot tagging zips as code 8
My fault for the misread, but I also addressed the
issue regardless. Remove VIRUS CODE 8 from your config if you don't want
for this to happen.
Matt
John Tolmachoff (Lists) wrote:
John,I know
I have seen in the last hour 4 e-mails blocked for [RAR-EXE] and each one
had a blank subject line.
Each one also had the recipients user part of the e-mail address as the
sender's user part of the e-mail address.
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing
)
-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
Sent: Thursday, April 14, 2005 11:33 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus]
F-Prot tagging zips as code 8
I guess my question is what has changed
in F-Prot
I bet Scott is smirking reading that and if Len saw it look out.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Dan Horne
Sent: Wednesday, March 30, 2005 2:06 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus]
Yep, I block them for good reason.
A virus scanner can not (and should not) scan what is inside an encrypted
Zip file.
My policy stays the same: If you have to send a potentially malicious file,
you will have to rename the extension.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
Scott, may your new endeavors be as rewarding or more than the ones now
behind you.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Monday, February 21, 2005 10:10
I have been wondering what is going on in the last half hour. Been getting a
larger than normal amount of banned extension blocks.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Don Hickey
Markus, I received the post with the attachment and time stamped 12:17 AM
PST.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Markus Gufler
Sent: Wednesday, February 09, 2005 1:55 AM
To:
First, you should be actively monitoring
the HOLD2 directory. There are some scripts on the Declude Tools sight that can
be used for this.
Second, you do not need to cycle the
SMTP service. However, you will have to rename the HOLD2 files if you want to release
them and then manually
My log files go to a separate directory (partition if available) and are
zipped either weekly or monthly depending on size and when there are enough
they get burned to CD then deleted.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL
So, if I am banning ZIPEXT, this should be caught since rar is treated same
as zip in Declude, correct?
What is the file in the rar?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Andy
I just had a client request blocking of hlp attachments. I have been
extremely busy with 2 major projects and have not seen anything about this.
Any one have information on a virus that uses that?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for
Here is some information for all who have concerns about the new licensing
and tie in to IPs and/or MACs:
I have spoken to Barry today, and while I will not reveal the little bit of
information I was given, I will state on my honor that I have no problem
with the new license code process what
I also would like to continue to have the option of a manual install.
The beauty of Declude is its adaptation and customization. An auto install
takes that away and can mess with customized files.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
Yes, this is a known problem. Resolution
is to switch to the 32 bit windows version.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Brandes
Sent: Tuesday,
December
Declude creates a separate directory for each message for scanning, so while
the report name is the same, the directory is unique.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Colbeck,
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Parallel processing
Thanks, John. Asking here was quicker than breaking out that free file
monitor (FileMon) from SysInternals.com ...
Andrew 8)
-Original Message-
From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED]
Sent
http://www.sophos.com/virusinfo/analyses/w32favsina.html
Any one have any more information on this new one?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
Neither F-Prot (3.15b) nor AVG (7.0.289) appear to be catching this.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just
- against html mail
/\- against microsoft attachments
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Thursday, November 11, 2004 11:28 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus
Any one know what the link in the body is so we can add filters for it?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe,
Declude JunkMail questions should be directed to the Declude.JunkMail list.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Imail_Forum
Sent: Thursday, November 04, 2004 8:34 AM
To: [EMAIL
Has any tried using BitDefender with Declude Virus, or ClamAV for that
matter?
Does it work?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing
]
[mailto:[EMAIL PROTECTED]
On Behalf Of John Tolmachoff (Lists)
Sent: Wednesday, November 03, 2004 8:56 AM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] BitDefender
Has any tried using BitDefender with Declude Virus, or ClamAV for that
matter?
Does it work?
John Tolmachoff
Engineer
, 2004 9:41 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] BitDefender
BitDefender work fine with Declude Virus, don't know about mxGuard.
Bill
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 03, 2004 9:27
it is the slowest of the virus scanners we have
tested: McAfee, F-Prot, TrendMicro, and ClamAV.
Bill
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 03, 2004 1:34 PM
Subject: RE: [Declude.Virus] BitDefender
Which
Block executable files. That should be standard defense mode now-a-days.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Chuck Schick
Sent: Tuesday, November 02, 2004 8:07 AM
To: Declude.
The Declude Junkmail log lines.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Declude
Sent: Thursday, October 28, 2004 9:06 AM
To: John Tolmachoff (Lists)
Subject: Re[2]: [Declude.Virus
Not sure if I missed a posting on this so,
I recently attended an IPswitch seminar on ICS
and ISPs can continue to purchase IMail as a
standalone product.
Sincerely,
John David M. Miller
As of yesterday, incorrect. More to come later on my report to the Imail
list.
John Tolmachoff
Do you have an on-access scanner running?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Keith Johnson
Sent: Monday, October 25, 2004 7:38 AM
To: [EMAIL PROTECTED]
Subject: RE:
] On Behalf Of John Tolmachoff
(Lists)
Sent: Thursday, October 21, 2004 1:12 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] MyDoom.o's slipping through.
Why are you not banning executable files within zip files?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
customer that earlier
reported the trouble.
Thanks,
Chris Patterson, CCNA
Network Engineer
-Original Message-
From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 21, 2004 4:12 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] MyDoom.o's
1. Did configure logging in the hijack.cfg file?
2. Where is it logging to?
3. Of course the SMTP service is running, otherwise no e-mail would come in
or out.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Is Deccon.exe in the \imail folder?
yes it is in the base imail folder.
Do I need the global.cfg file?
I would not think so since this is not running the virus scan.
Now that is a interesting question.
It might need to be.
Imail hands the message to declude.exe.
Declude.exe checks to
Why are you not banning executable files within zip files?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Chris Patterson
Sent: Thursday, October 21, 2004 12:42 PM
To: [EMAIL PROTECTED]
Are you using Declude Hijack?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Kevin Rogers
Sent: Friday, October 01, 2004 8:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus]
Is there going to be a test added to the Tools page to test to see if the
GDIplus.dll exploit will be caught?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus]
Paypal and Outlook 'Blank Folding' Vulnerability
John Tolmachoff (Lists) wrote:
However,
the post I was responding to was questioning whether or not there was an actual
vulnerability, not what to do with it.
What you define
Goran, I take it you are volunteering as the guinea pig?
;)
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Goran Jovanovic
Sent: Friday, September 24, 2004 10:09 AM
To: [EMAIL
Yes there is and has been an option for vulnerability notification.
It is called adding lines like SKIPIFVIRUSNAMEHAS vulnerability and
SKIPIFVIRUSNAMEDOESNOTHAVE vulnerability.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
Issue is not the notifications. That is how I found out about the problem.
The issue is getting Paypal to fix it.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Darin Cox
Sent: Friday,
Correct, you can not strip the attachment, the configured action is taken on
the whole message. So, if you have Declude Virus configured to automatically
delete (not recommended) then the whole message is deleted.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original
'
Vulnerability
I understand that. I was trying to help you come up with a workaround in
the meantime.
Perhaps this would have been a good day to roll over and go back to
sleep...
Darin.
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED
No thanks. I like to feel dry after using a towel when getting out of the
shower.
As a truck driver, I once made a team run to Marietta Georgia. Once was
quite enough thank you.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
This looks like a clear explanation to me:
18.3 Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when
there is a line in the headers with just a single space or a single tab
character. Outlook can treat this as the end of the headers, allowing it to
see a virus that is embedded
I would have turned the
vulnerability detection off by now except for the fact that more recently there
has been good progress on malformed file detection that has been useful in
blocking viruses (or at least stopping the banned extension bounce messages on
our system). I would prefer
CDW
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Hirthe, Alexander
Sent: Tuesday, September 21, 2004
12:27 AM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] IMail?
Don't you ever sleep?
Good night.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Sanford Whiteman
Sent: Tuesday, September 21, 2004 12:34 AM
To: Hirthe, Alexander
Subject: Re:
I think this is the one where the html
body calls an object from a URL which will automatticly download the virus
payload.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
1 - 100 of 312 matches
Mail list logo