Re: [Declude.JunkMail] weird random .htm attachments
No, unfortunately I haven't found a good test here and yes they are on the increase. Gr -Marc - Original Message - From: Glenn Brooks To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004 8:02 PM Subject: RE: [Declude.JunkMail] weird random .htm attachments Has anyone set up a filter to catch thesewe get a lot of them... gb At 04:41 PM 3/29/2004 -0800, you wrote: Yes, I have been seeing them too. They are java scripts that run. Definitly spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kevin Sent: Monday, March 29, 2004 4:37 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] weird random .htm attachments Hi, Tried searching mail-archive.com for these but didn't turn up anything. Subject: pass on the fun [random subjects] Body: This message has attach [random too] [random attachments but always ends in .htm] I didn't open it with IE but with a text editor. Starts with script language=JavaScriptcontractions = new Array(162, [whole bunch of numbers] ends with charters = 907; beetle = 243; var equal = ; for(bowl = 0; bowl charters; bowl++) equal = equal + String.fromCharCode(contractions[bowl] ^ preferential[bowl % beetle]); document.write(equal); /script Sniffer catches these under rule 62 (Experimental) but it's not enough to hold these. Any ideas? What does one see when they view this under IE? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] weird random .htm attachments
I filter on this + String.fromCharCode( This is common in all of them. Combined with other tests it catches most. Mike - Original Message - From: Glenn Brooks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004 20:02 Subject: RE: [Declude.JunkMail] weird random .htm attachments Has anyone set up a filter to catch thesewe get a lot of them... gb At 04:41 PM 3/29/2004 -0800, you wrote: Yes, I have been seeing them too. They are java scripts that run. Definitly spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kevin Sent: Monday, March 29, 2004 4:37 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] weird random .htm attachments Hi, Tried searching mail-archive.com for these but didn't turn up anything. Subject: pass on the fun [random subjects] Body: This message has attach [random too] [random attachments but always ends in .htm] I didn't open it with IE but with a text editor. Starts with script language=JavaScriptcontractions = new Array(162, [whole bunch of numbers] ends with charters = 907; beetle = 243; var equal = ; for(bowl = 0; bowl charters; bowl++) equal = equal + String.fromCharCode(contractions[bowl] ^ preferential[bowl % beetle]); document.write(equal); /script Sniffer catches these under rule 62 (Experimental) but it's not enough to hold these. Any ideas? What does one see when they view this under IE? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] weird random .htm attachments
so you do a body filter? At 09:00 AM 3/30/2004 -0500, you wrote: I filter on this + String.fromCharCode( This is common in all of them. Combined with other tests it catches most. Mike - Original Message - From: Glenn Brooks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004 20:02 Subject: RE: [Declude.JunkMail] weird random .htm attachments Has anyone set up a filter to catch thesewe get a lot of them... gb At 04:41 PM 3/29/2004 -0800, you wrote: Yes, I have been seeing them too. They are java scripts that run. Definitly spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kevin Sent: Monday, March 29, 2004 4:37 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] weird random .htm attachments Hi, Tried searching mail-archive.com for these but didn't turn up anything. Subject: pass on the fun [random subjects] Body: This message has attach [random too] [random attachments but always ends in .htm] I didn't open it with IE but with a text editor. Starts with script language=JavaScriptcontractions = new Array(162, [whole bunch of numbers] ends with charters = 907; beetle = 243; var equal = ; for(bowl = 0; bowl charters; bowl++) equal = equal + String.fromCharCode(contractions[bowl] ^ preferential[bowl % beetle]); document.write(equal); /script Sniffer catches these under rule 62 (Experimental) but it's not enough to hold these. Any ideas? What does one see when they view this under IE? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] weird random .htm attachments
yes Mike - Original Message - From: Glenn Brooks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 09:20 Subject: Re: [Declude.JunkMail] weird random .htm attachments so you do a body filter? At 09:00 AM 3/30/2004 -0500, you wrote: I filter on this + String.fromCharCode( This is common in all of them. Combined with other tests it catches most. Mike - Original Message - From: Glenn Brooks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004 20:02 Subject: RE: [Declude.JunkMail] weird random .htm attachments Has anyone set up a filter to catch thesewe get a lot of them... gb At 04:41 PM 3/29/2004 -0800, you wrote: Yes, I have been seeing them too. They are java scripts that run. Definitly spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kevin Sent: Monday, March 29, 2004 4:37 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] weird random .htm attachments Hi, Tried searching mail-archive.com for these but didn't turn up anything. Subject: pass on the fun [random subjects] Body: This message has attach [random too] [random attachments but always ends in .htm] I didn't open it with IE but with a text editor. Starts with script language=JavaScriptcontractions = new Array(162, [whole bunch of numbers] ends with charters = 907; beetle = 243; var equal = ; for(bowl = 0; bowl charters; bowl++) equal = equal + String.fromCharCode(contractions[bowl] ^ preferential[bowl % beetle]); document.write(equal); /script Sniffer catches these under rule 62 (Experimental) but it's not enough to hold these. Any ideas? What does one see when they view this under IE? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Strange MONKEYFORMMAIL problems
Great idea! -Original Message- From: Joe Wolf [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 9:51 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Strange MONKEYFORMMAIL problems I try to look at the config files on a regular basis, but I have to print both of them out and compare them side by side to see if Declude has made any changes. It would be of great help to me if they would just put a comment at the top of the file giving the revision date. I think many others would be able to tell if they need an update much easier. Just my two cents. -Joe - Original Message - From: Troy D. Hilton [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 8:31 AM Subject: RE: [Declude.JunkMail] Strange MONKEYFORMMAIL problems Dude, I didn't know it was dead until my Junkmail started catching all these legit emails, and I'm not complaining about it as much as trying to avoid this problem in the future. Basically, I just need to do a regular update to my global.cfg file. I'm sure the information about the list dying was posted to the NG but I obviously missed it. Troy D. Hilton SofWerks LLC. [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown Sent: Monday, March 22, 2004 8:48 PM To: [EMAIL PROTECTED]; Troy D. Hilton Cc: Declude Junkmail Forum Subject: Re: [Declude.JunkMail] Strange MONKEYFORMMAIL problems No offense, but when you know the list is a dead soldier, why are you still trying to use it -- and when it doesn't work -- why are you complaining about it here? Let's move on to something constructive and challenging. Dead puppies aren't very much fun. Thanks, Monday, March 22, 2004, 1:34:46 PM, Troy D. Hilton [EMAIL PROTECTED] wrote: TDH Hello All, TDH I know that the MONKEYFORMMAIL and MONKEYPROXIES list are dead TDH and apparently has been for a while but we had a problem last TDH Monday in that TDH hundreds of legitimate emails started getting caught with these lists. I've TDH since disabled the tests in Junkmail. I saw that someone else had TDH a problem TDH with these tests and someone mentioned that these lists had been TDH dead for a TDH while. Can someone please explain why all of a sudden my Junkmail started TDH failing emails with these when these lists had been dead? Also, TDH how do I TDH avoid something like this form happening again? TDH Troy D. Hilton TDH SofWerks LLC. TDH [EMAIL PROTECTED] TDH 302-529-1961 Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049 Providing Internet Solutions Worldwide - An eDataWeb Affiliate --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: Internet Usage Monitoring
Management wants to do web usage mainitoring. They do not at this time want to do blocking. We have a pix firewall that does what Cisco calls URL logging but in relaity it does not log the url but the ip address of the server and the path on the server to the document being viewed. What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. Any one have any suggestions? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Internet Usage Monitoring
web trends firewall suite maybe? - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 2:43 PM Subject: [Declude.JunkMail] OT: Internet Usage Monitoring Management wants to do web usage mainitoring. They do not at this time want to do blocking. We have a pix firewall that does what Cisco calls URL logging but in relaity it does not log the url but the ip address of the server and the path on the server to the document being viewed. What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. Any one have any suggestions? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Internet Usage Monitoring
Monster.com?? LOL -Just kidding. Can the PIX log to a syslog server? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, March 30, 2004 12:43 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: Internet Usage Monitoring Management wants to do web usage mainitoring. They do not at this time want to do blocking. We have a pix firewall that does what Cisco calls URL logging but in relaity it does not log the url but the ip address of the server and the path on the server to the document being viewed. What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. Any one have any suggestions? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Internet Usage Monitoring
PIX connected to WebSense connected to SQL(or MSDE) will accomplish this goal. -Original Message- From: Doug Anderson [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 12:52 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT: Internet Usage Monitoring web trends firewall suite maybe? - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 2:43 PM Subject: [Declude.JunkMail] OT: Internet Usage Monitoring Management wants to do web usage mainitoring. They do not at this time want to do blocking. We have a pix firewall that does what Cisco calls URL logging but in relaity it does not log the url but the ip address of the server and the path on the server to the document being viewed. What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. Any one have any suggestions? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Internet Usage Monitoring
One caveat to the suggestions is that many smaller sites now share the same IP with host headers. If you can't capture the domain used, this information will be lost in those instances. I'm not sure that there is a reliable way to convert IP's to domains on static sites either since all that would seem to be available would be the reverse DNS entry which often times won't match the domain of the site in question. It would seem that to do this with accuracy, you would need some sort of proxy server to handle HTTP requests. Note that I'm not familiar with the other options suggested, but as usual, I 'think' I'm right about this :) Matt Kevin Bilbee wrote: Management wants to do web usage mainitoring. They do not at this time want to do blocking. We have a pix firewall that does what Cisco calls URL logging but in relaity it does not log the url but the ip address of the server and the path on the server to the document being viewed. What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. Any one have any suggestions? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Internet Usage Monitoring
Yep...We use it with Kiwi for logging. Didn't give us everything we wanted though (for monitoring bandwidth needs of various servers), so we now use logging from managed switches instead. Darin. - Original Message - From: Todd Holt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 3:55 PM Subject: RE: [Declude.JunkMail] OT: Internet Usage Monitoring Monster.com?? LOL -Just kidding. Can the PIX log to a syslog server? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, March 30, 2004 12:43 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: Internet Usage Monitoring Management wants to do web usage mainitoring. They do not at this time want to do blocking. We have a pix firewall that does what Cisco calls URL logging but in relaity it does not log the url but the ip address of the server and the path on the server to the document being viewed. What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. Any one have any suggestions? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Internet Usage Monitoring
On 30 Mar 2004 at 12:43, Kevin Bilbee wrote: Here we *used* a product called LittleBrother. It would produce complete tracking reports for every user. Very complete. Simple to use. Not sure if it is still avail. We stopped using it because of privacy/union concerns. -Nick Hayer Management wants to do web usage mainitoring. They do not at this time want to do blocking. We have a pix firewall that does what Cisco calls URL logging but in relaity it does not log the url but the ip address of the server and the path on the server to the document being viewed. What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. Any one have any suggestions? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [AUTOMATED NOTE: Your mail server [170.222.200.91] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Internet Usage Monitoring
I am in the process of reviewing replacements for WebSense in our network (it is much too expensive for our small organization). I have found 2 products so far that show promise: Web Inspector from Zixcorp.com And Sentian at N2H2.com The former uses a pass-by model with packet spoofing to monitor/block, and is a stand-alone server (does not depend on PIX). The second one integrates with the PIX like WebSense. Both are much less expensive. Here is an article from PCMag that reviews all three: http://www.pcmag.com/article2/0,1759,1532849,00.asp Web Inspector got very low marks, but I have tested the application and it doesn't seem as bad to me as they make it out to be. It could be more intuitive, though. Dan Horne, CCNA Web Services Administrator TAIS Web Wilcox World Travel Tours [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. SPAM-FREE 1.0(2476) -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, March 30, 2004 3:43 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: Internet Usage Monitoring Management wants to do web usage mainitoring. They do not at this time want to do blocking. We have a pix firewall that does what Cisco calls URL logging but in relaity it does not log the url but the ip address of the server and the path on the server to the document being viewed. What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. Any one have any suggestions? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Internet Usage Monitoring
Yes it does log to a syslog server. And I am currently doing that. They do not like the format. This is from our Kiwi syslog 10.1.50.253 pixfirewall %PIX-5-304001: 68.123.166.135 Accessed URL 12.9.25.243:/diyguide.shtm Notice the Accessed URL it is an ip address not the host name. This is all good if the reverse dns entries are setup properly. But in the case of a server using host headers there is know way to tell wht the host name was/is. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Todd Holt Sent: Tuesday, March 30, 2004 12:56 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OT: Internet Usage Monitoring Monster.com?? LOL -Just kidding. Can the PIX log to a syslog server? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, March 30, 2004 12:43 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: Internet Usage Monitoring Management wants to do web usage mainitoring. They do not at this time want to do blocking. We have a pix firewall that does what Cisco calls URL logging but in relaity it does not log the url but the ip address of the server and the path on the server to the document being viewed. What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. Any one have any suggestions? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Internet Usage Monitoring
What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. You might seriously want to consider putting up an HTTP proxy--transparent or standard. And though I'm not the type to blindly tout Unix-only stuff in Windows groups, Squid (www.squid-cache.org) is really very cool, if you feel like a little learnin'. Got to know it while working on a (commercial) content filtering add-on...still use Squid, while the add-on was never as stable. :) --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Internet Usage Monitoring
The Pix doesn't log the hostname...at least not the 515s we usually work withonly the IP address. Darin. - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 5:47 PM Subject: RE: [Declude.JunkMail] OT: Internet Usage Monitoring I have to agree that is why I am asking this list with diverse experience. My research to this point supports your comment. I am thinking about downloading the trial versions of Websense and N2H2 to get a comparison and determine it the PIX integeration also supplies the host name in the reporting. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Sent: Tuesday, March 30, 2004 1:20 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT: Internet Usage Monitoring One caveat to the suggestions is that many smaller sites now share the same IP with host headers. If you can't capture the domain used, this information will be lost in those instances. I'm not sure that there is a reliable way to convert IP's to domains on static sites either since all that would seem to be available would be the reverse DNS entry which often times won't match the domain of the site in question. It would seem that to do this with accuracy, you would need some sort of proxy server to handle HTTP requests. Note that I'm not familiar with the other options suggested, but as usual, I 'think' I'm right about this :) Matt Kevin Bilbee wrote: Management wants to do web usage mainitoring. They do not at this time want to do blocking. We have a pix firewall that does what Cisco calls URL logging but in relaity it does not log the url but the ip address of the server and the path on the server to the document being viewed. What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. Any one have any suggestions? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Internet Usage Monitoring
I called Cisco and the reason the 515s do not log the host name is because the pix does not look at the data in the packet(s) for the host header information Kind of usless as a url looger. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox Sent: Tuesday, March 30, 2004 2:55 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT: Internet Usage Monitoring The Pix doesn't log the hostname...at least not the 515s we usually work withonly the IP address. Darin. - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 5:47 PM Subject: RE: [Declude.JunkMail] OT: Internet Usage Monitoring I have to agree that is why I am asking this list with diverse experience. My research to this point supports your comment. I am thinking about downloading the trial versions of Websense and N2H2 to get a comparison and determine it the PIX integeration also supplies the host name in the reporting. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Sent: Tuesday, March 30, 2004 1:20 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT: Internet Usage Monitoring One caveat to the suggestions is that many smaller sites now share the same IP with host headers. If you can't capture the domain used, this information will be lost in those instances. I'm not sure that there is a reliable way to convert IP's to domains on static sites either since all that would seem to be available would be the reverse DNS entry which often times won't match the domain of the site in question. It would seem that to do this with accuracy, you would need some sort of proxy server to handle HTTP requests. Note that I'm not familiar with the other options suggested, but as usual, I 'think' I'm right about this :) Matt Kevin Bilbee wrote: Management wants to do web usage mainitoring. They do not at this time want to do blocking. We have a pix firewall that does what Cisco calls URL logging but in relaity it does not log the url but the ip address of the server and the path on the server to the document being viewed. What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. Any one have any suggestions? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude Logs / Whitelisting
1. I've been reviewing the log files and what is the meaning of the following log entries: 03/30/2004 00:08:28 Q0ecf080d00fe32c8 L2 Message OK 03/30/2004 18:30:27 Q111b18cd00a62426 L1 Message OK 2. How can you disable or adjust the score for disabling Bypassing whitelisting? Bypassing whitelisting of E-mail with weight =35 (42) and at least 2 recipients (2). --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Logs / Whitelisting
1. I've been reviewing the log files and what is the meaning of the following log entries: 03/30/2004 00:08:28 Q0ecf080d00fe32c8 L2 Message OK 03/30/2004 18:30:27 Q111b18cd00a62426 L1 Message OK The L means a local recipient (incoming E-mail); an R means a remote recipient (outgoing). The number refers to the number of recipients (so L2 refers to the 2nd recipient, which is a local user). 2. How can you disable or adjust the score for disabling Bypassing whitelisting? Bypassing whitelisting of E-mail with weight =35 (42) and at least 2 recipients (2). In your case, I would recommend removing it -- just remove any lines in the \IMail\Declude\global.cfg file that mention bypasswhitelist in them. It is not normally a recommended option to use. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] weird random .htm attachments
So you use something like like. BODY 10CONTAINS+ String.fromCharCode( - Original Message - From: Glenn Brooks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 9:20 AM Subject: Re: [Declude.JunkMail] weird random .htm attachments so you do a body filter? At 09:00 AM 3/30/2004 -0500, you wrote: I filter on this + String.fromCharCode( This is common in all of them. Combined with other tests it catches most. Mike - Original Message - From: Glenn Brooks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004 20:02 Subject: RE: [Declude.JunkMail] weird random .htm attachments Has anyone set up a filter to catch thesewe get a lot of them... gb At 04:41 PM 3/29/2004 -0800, you wrote: Yes, I have been seeing them too. They are java scripts that run. Definitly spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kevin Sent: Monday, March 29, 2004 4:37 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] weird random .htm attachments Hi, Tried searching mail-archive.com for these but didn't turn up anything. Subject: pass on the fun [random subjects] Body: This message has attach [random too] [random attachments but always ends in .htm] I didn't open it with IE but with a text editor. Starts with script language=JavaScriptcontractions = new Array(162, [whole bunch of numbers] ends with charters = 907; beetle = 243; var equal = ; for(bowl = 0; bowl charters; bowl++) equal = equal + String.fromCharCode(contractions[bowl] ^ preferential[bowl % beetle]); document.write(equal); /script Sniffer catches these under rule 62 (Experimental) but it's not enough to hold these. Any ideas? What does one see when they view this under IE? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Error #183
Below is a log for a single email, the last line indicates that ther was an error # 183. I have checked and these files are still sitting in the spool directory, Virus scanning is excluding the following directories z:\IMAIL Z:\IMAIL\SPOOL Z:\IMAIL\SPOOL\VIRUS Any ideas as to other possible causes of this problem? Thanks in advance, David 03/30/2004 22:04:49 Q435810aa00d01c07 DSBL:5 SORBS-DUL:6 SORBS-HTTP:5 SORBS-MISC:5 SORBS-SOCKS:5 SPAMCOP:9 XBL:8 NOABUSE:2 NOPOSTMASTER:1 CMDSPACE:5 HELOBOGUS:6 . Total weight = 57. 03/30/2004 22:04:49 Q435810aa00d01c07 Subject: No Embarrassment!edith 03/30/2004 22:04:49 Q435810aa00d01c07 From: [EMAIL PROTECTED] To: PROTECTED IP: 24.112.126.47 ID: 03/30/2004 22:04:49 Q435810aa00d01c07 Tests failed [weight=57]: TLD-TRUSTED-HELO=WARN TLD-TRUSTED-MAILFROM=WARN TLD-TRUSTED-REVDNS=WARN DSBL=IGNORE SORBS-DUL=WARN SORBS-HTTP=WARN SORBS-MISC=WARN SORBS-SOCKS=WARN SPAMCOP=WARN XBL=WARN NOABUSE=WARN NOPOSTMASTER=WARN WEIGHT10=IGNORE WEIGHT15=IGNORE WEIGHT20=IGNORE WEIGHT24=IGNORE WEIGHT30=IGNORE WEIGHT35=IGNORE WEIGHT40=IGNORE WEIGHT45=IGNORE WEIGHT50=IGNORE WEIGHT55=IGNORE WEIGHTVHIGH=HOLD SPAM-VHIGH=SUBJECT CMDSPACE=WARN HELOBOGUS=WARN IPNOTINMX=WARN NOLEGITCONTENT=WARN 03/30/2004 22:04:49 Q435810aa00d01c07 WARNING: Could not unlock Z:\IMail\spool\_435810aa00d01c07.~MD due to error #183. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Error #183
Try the following, assuming that you are running McAfee as your scanner: http://www.mail-archive.com/[EMAIL PROTECTED]/msg13155.html There are also other mentions of error #183 in the archive that may be of use. Matt Kornitz, David wrote: Below is a log for a single email, the last line indicates that ther was an error # 183. I have checked and these files are still sitting in the spool directory, Virus scanning is excluding the following directories z:\IMAIL Z:\IMAIL\SPOOL Z:\IMAIL\SPOOL\VIRUS Any ideas as to other possible causes of this problem? Thanks in advance, David 03/30/2004 22:04:49 Q435810aa00d01c07 DSBL:5 SORBS-DUL:6 SORBS-HTTP:5 SORBS-MISC:5 SORBS-SOCKS:5 SPAMCOP:9 XBL:8 NOABUSE:2 NOPOSTMASTER:1 CMDSPACE:5 HELOBOGUS:6 . Total weight = 57. 03/30/2004 22:04:49 Q435810aa00d01c07 Subject: No Embarrassment!edith 03/30/2004 22:04:49 Q435810aa00d01c07 From: [EMAIL PROTECTED] To: PROTECTED IP: 24.112.126.47 ID: 03/30/2004 22:04:49 Q435810aa00d01c07 Tests failed [weight=57]: TLD-TRUSTED-HELO=WARN TLD-TRUSTED-MAILFROM=WARN TLD-TRUSTED-REVDNS=WARN DSBL=IGNORE SORBS-DUL=WARN SORBS-HTTP=WARN SORBS-MISC=WARN SORBS-SOCKS=WARN SPAMCOP=WARN XBL=WARN NOABUSE=WARN NOPOSTMASTER=WARN WEIGHT10=IGNORE WEIGHT15=IGNORE WEIGHT20=IGNORE WEIGHT24=IGNORE WEIGHT30=IGNORE WEIGHT35=IGNORE WEIGHT40=IGNORE WEIGHT45=IGNORE WEIGHT50=IGNORE WEIGHT55=IGNORE WEIGHTVHIGH=HOLD SPAM-VHIGH=SUBJECT CMDSPACE=WARN HELOBOGUS=WARN IPNOTINMX=WARN NOLEGITCONTENT=WARN 03/30/2004 22:04:49 Q435810aa00d01c07 WARNING: Could not unlock Z:\IMail\spool\_435810aa00d01c07.~MD due to error #183. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Error #183
Matt, Thanks, but I had already reviewed that series of postsI should also mention that the C:\temp and c:\windows\temp are also exclude from Virus Scanning. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Sent: Tuesday, March 30, 2004 10:42 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Error #183 Try the following, assuming that you are running McAfee as your scanner: http://www.mail-archive.com/[EMAIL PROTECTED]/msg13155.html There are also other mentions of error #183 in the archive that may be of use. Matt Kornitz, David wrote: Below is a log for a single email, the last line indicates that ther was an error # 183. I have checked and these files are still sitting in the spool directory, Virus scanning is excluding the following directories z:\IMAIL Z:\IMAIL\SPOOL Z:\IMAIL\SPOOL\VIRUS Any ideas as to other possible causes of this problem? Thanks in advance, David 03/30/2004 22:04:49 Q435810aa00d01c07 DSBL:5 SORBS-DUL:6 SORBS-HTTP:5 SORBS-MISC:5 SORBS-SOCKS:5 SPAMCOP:9 XBL:8 NOABUSE:2 NOPOSTMASTER:1 CMDSPACE:5 HELOBOGUS:6 . Total weight = 57. 03/30/2004 22:04:49 Q435810aa00d01c07 Subject: No Embarrassment!edith 03/30/2004 22:04:49 Q435810aa00d01c07 From: [EMAIL PROTECTED] To: PROTECTED IP: 24.112.126.47 ID: 03/30/2004 22:04:49 Q435810aa00d01c07 Tests failed [weight=57]: TLD-TRUSTED-HELO=WARN TLD-TRUSTED-MAILFROM=WARN TLD-TRUSTED-REVDNS=WARN DSBL=IGNORE SORBS-DUL=WARN SORBS-HTTP=WARN SORBS-MISC=WARN SORBS-SOCKS=WARN SPAMCOP=WARN XBL=WARN NOABUSE=WARN NOPOSTMASTER=WARN WEIGHT10=IGNORE WEIGHT15=IGNORE WEIGHT20=IGNORE WEIGHT24=IGNORE WEIGHT30=IGNORE WEIGHT35=IGNORE WEIGHT40=IGNORE WEIGHT45=IGNORE WEIGHT50=IGNORE WEIGHT55=IGNORE WEIGHTVHIGH=HOLD SPAM-VHIGH=SUBJECT CMDSPACE=WARN HELOBOGUS=WARN IPNOTINMX=WARN NOLEGITCONTENT=WARN 03/30/2004 22:04:49 Q435810aa00d01c07 WARNING: Could not unlock Z:\IMail\spool\_435810aa00d01c07.~MD due to error #183. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.