Re: [Declude.JunkMail] Virus Getting Through AV and FProt
I did that a few weeks ago, and still have had a few slip through. F-Prot detects it as a "suspicious" file if I save the .zip attachment and try to extract the .exe from it. G.Z. - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 31, 2005 3:35 PM Subject: RE: [Declude.JunkMail] Virus Getting Through AV and FProt This has been covered for a couple of hours now on the Declude Virus list. You need to update your F-Prot configuration to include the virus code 8 as a match. John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of A. Clausen > Sent: Tuesday, May 31, 2005 1:29 PM > To: Declude JunkMail > Subject: [Declude.JunkMail] Virus Getting Through AV and FProt > > We're getting a virus coming through and its causing some strange results in > Declude AV. The file itself is a zip file called "2.zip" which contains the > file "02_05_2005.exe". In the Declude AV log we're seeing lines like this: > > 05/31/2005 09:07:28 Q8bbf2a5f00800b96 MIME file: 8.zip [base64; Length=18205 > Checksum=2348990] > 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Could not find parse string Infection > in report.txt > 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Error 8 in virus scanner 1. > 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Scanned: Error in virus scanner. > [MIME: 2 18323] > > Is FProt just behind in updating its definitions or is there something nasty > happening? > > -- > Aaron Clausen > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Latest non-beta version of Declude ..install question
I believe that the installer in part ignores the location you choose during manual install and drops some files into a default location (C:\Program Files\Computerized Horizons). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, May 31, 2005 2:58 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Latest non-beta version of Declude ..install question Sharyn, Comments inline, Darrell Sharyn Schmidt writes: > It used to be that I could just copy the declude.exe file to the IMAIL > directory after renaming the old one. You still can - just during the install process select manual install. Once you select manual install you can pick a location to drop the files into. Once you do that just go into that directory and copy the declude.exe into your imail directory. > No restart, no stopping or starting services..just an update on the fly. > > Can I still do this? I have been on Declude's website and looked over > the instructions for the manual install. Same deal as before. Update on the fly when doing a manual install. However, for me I stop all the service. > Im guessing this is what I want to do. I don't want Declude touching > my global.cfg, I'd rather do this myself. Understood - same sentiments as most of us. > Will the manual install give me a new global.cfg too? Yes, it will drop all of the files for Declude into the directory where you specified. Just make sure you pick a folder to drop the manually installed files in that is other than your normal Declude folder everything will work fine.. Good luck, Darrell DLAnalyzer - Comprehensive reporting on Declude Junkmail and Virus - Try it today http://www.invariantsystems.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Virus Getting Through AV and FProt
This has been covered for a couple of hours now on the Declude Virus list. You need to update your F-Prot configuration to include the virus code 8 as a match. John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of A. Clausen > Sent: Tuesday, May 31, 2005 1:29 PM > To: Declude JunkMail > Subject: [Declude.JunkMail] Virus Getting Through AV and FProt > > We're getting a virus coming through and its causing some strange results in > Declude AV. The file itself is a zip file called "2.zip" which contains the > file "02_05_2005.exe". In the Declude AV log we're seeing lines like this: > > 05/31/2005 09:07:28 Q8bbf2a5f00800b96 MIME file: 8.zip [base64; Length=18205 > Checksum=2348990] > 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Could not find parse string Infection > in report.txt > 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Error 8 in virus scanner 1. > 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Scanned: Error in virus scanner. > [MIME: 2 18323] > > Is FProt just behind in updating its definitions or is there something nasty > happening? > > -- > Aaron Clausen > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Virus Getting Through AV and FProt
We're getting a virus coming through and its causing some strange results in Declude AV. The file itself is a zip file called "2.zip" which contains the file "02_05_2005.exe". In the Declude AV log we're seeing lines like this: 05/31/2005 09:07:28 Q8bbf2a5f00800b96 MIME file: 8.zip [base64; Length=18205 Checksum=2348990] 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Could not find parse string Infection in report.txt 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Error 8 in virus scanner 1. 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Scanned: Error in virus scanner. [MIME: 2 18323] Is FProt just behind in updating its definitions or is there something nasty happening? -- Aaron Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Latest non-beta version of Declude ..install question
Sharyn, Comments inline, Darrell Sharyn Schmidt writes: It used to be that I could just copy the declude.exe file to the IMAIL directory after renaming the old one. You still can - just during the install process select manual install. Once you select manual install you can pick a location to drop the files into. Once you do that just go into that directory and copy the declude.exe into your imail directory. No restart, no stopping or starting services..just an update on the fly. Can I still do this? I have been on Declude's website and looked over the instructions for the manual install. Same deal as before. Update on the fly when doing a manual install. However, for me I stop all the service. Im guessing this is what I want to do. I don't want Declude touching my global.cfg, I'd rather do this myself. Understood - same sentiments as most of us. Will the manual install give me a new global.cfg too? Yes, it will drop all of the files for Declude into the directory where you specified. Just make sure you pick a folder to drop the manually installed files in that is other than your normal Declude folder everything will work fine.. Good luck, Darrell DLAnalyzer - Comprehensive reporting on Declude Junkmail and Virus - Try it today http://www.invariantsystems.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Latest non-beta version of Declude ..install question
Title: Latest non-beta version of Declude ..install question Hello, Yes, I'm a bit behind the times. I am finally getting around to downloading what looks like the latest full version of Declude Junkmail and virus, 2.0.6, for Imail. It used to be that I could just copy the declude.exe file to the IMAIL directory after renaming the old one. No restart, no stopping or starting services..just an update on the fly. Can I still do this? I have been on Declude's website and looked over the instructions for the manual install. Im guessing this is what I want to do. I don’t want Declude touching my global.cfg, I'd rather do this myself. Will the manual install give me a new global.cfg too? Thanks, Sharyn
[Declude.JunkMail] Host alias and user.junkmail files
Title: Host alias and user.junkmail files Hi, Under my old OHM, todhunter.com, I had a todhunter.com folder with all my user.junkmail files, for individual user settings. Now, my new OHM is Cruzaninc.com, with todhunter.com as the alias. Does Declude look at this as two separate domains or the same, as IMAIL does? In other words, will Declude take the individual user.junkmail files in the todhunter.com domain and automatically apply them to cruzaninc.com, or do I now have to maintain two sets of user.junkmail files, both in separate folders? Thanks, Sharyn
Re: [Declude.JunkMail] Problem forwarding to AOL
This is all documented well on their postmaster website and it is very nice that they report a link right in the logs. For all that I don't agree with them penalizing the company providing the relay service to their mutual customers, they do handle everything else fairly well. Darin. - Original Message - From: "Marc Catuogno" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 31, 2005 10:18 AM Subject: [Declude.JunkMail] Problem forwarding to AOL I just got about 40-50 returned e-mails from people who have forwarded their e-mails from my domain to AOL. I was able to get an individual e-mail straight through to AOL and a forwarded e-mail through as well. Many people on my server have their e-mail forwarded, to my chagrin, and only the AOL e-mails bounced. This was in the log http://postmaster.info.aol.com/errors/554hvub1.html It gave me a number to AOL that was answered live (I almost fainted) and I gave him the specific error, he told me it was a bad URL in the e-mail I sent. The e-mail I sent was a warning about a scam e-mail - the link in the e-mail triggered their bounce. I'm usually the first to bash AOL but I must admit they handled this one pretty well... Just thought I'd share. I guess this will teach me to break up the scam links --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Problem forwarding to AOL
I just got about 40-50 returned e-mails from people who have forwarded their e-mails from my domain to AOL. I was able to get an individual e-mail straight through to AOL and a forwarded e-mail through as well. Many people on my server have their e-mail forwarded, to my chagrin, and only the AOL e-mails bounced. This was in the log http://postmaster.info.aol.com/errors/554hvub1.html It gave me a number to AOL that was answered live (I almost fainted) and I gave him the specific error, he told me it was a bad URL in the e-mail I sent. The e-mail I sent was a warning about a scam e-mail - the link in the e-mail triggered their bounce. I'm usually the first to bash AOL but I must admit they handled this one pretty well... Just thought I'd share. I guess this will teach me to break up the scam links --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] X-RBL-Warning??
Our own domain is getting caught with an X-RBL-Warning: X-RBL-Warning: MAILFROM: Domain ute-sei.org has no MX or A records [0001]. I checked the documentation for this and found: Each line determines the action to take for a specific test; for example, "ORBZ WARN" lets Declude JunkMail know to add a standard "X-RBL-Warning:" header for E-mail that fails the ORBZ test. I can’t find how to check the ORBZ test. Everything I look up tells me that this domain doesn’t exist anymore. Any other checks I make on our domain points to the MX record being defined properly. What should I be checking or changing? Susan Duncan Web/Communications Officer / Agent des Communications/web Union of Taxation Employees / Syndicat des employées de l'Impôt Tel: 613-235-6704 ext 240 Fax: 613-234-7290 e-mail: [EMAIL PROTECTED] http://www.ute-sei.org/