Re: [Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM)
on 9/18/03 9:38 PM, R. Scott Perry wrote: Thanks a bunch for both new features. Are you planning on doing anything in the future with the IP's that you are collecting, i.e. new functionality like creating a blacklist? Or is this just being done to facilitate that test? We haven't decided for certain what we are going to do, but if we get enough of a volume, we will likely send automated notices to the appropriate abuse addresses. One thing that would be nice is if we could put a DONOTSENDTOFORGINGVIRUS in our config or .eml files and if Declude Virus sees a forging virus it would not send the warning messages automatically. That way we wouldn't have to manually update what is a forging virus in our files. Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM)
One thing that would be nice is if we could put a DONOTSENDTOFORGINGVIRUS in our config or .eml files and if Declude Virus sees a forging virus it would not send the warning messages automatically. That way we wouldn't have to manually update what is a forging virus in our files. Already done. :) You can add a line SKIPIFFORGING to any of the \IMail\Declude\*.eml files, and they will not be sent out when a forging virus is detected (with the latest interim release, at http://www.declude.com/release/175i/declude.exe ). Also, the sender.eml and otherpostmaster.eml files will automatically be skipped if a forging virus is detected, so you would only need the SKIPIFFORGING line if you have your own custom .eml files, or don't want recipient/postmaster notifications sent for forging viruses. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM)
You can add a line SKIPIFFORGING to any of the \IMail\Declude\*.eml Scott: Will the recipient and postmaster then show the sender as FORGED? Since we had a list of the forged in the virus.cfg. 1: Can we delete all the skipifvirus lines in the .eml files? 2: Can we delete all the forged entries in the virus.cfg? Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, September 19, 2003 7:51 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM) One thing that would be nice is if we could put a DONOTSENDTOFORGINGVIRUS in our config or .eml files and if Declude Virus sees a forging virus it would not send the warning messages automatically. That way we wouldn't have to manually update what is a forging virus in our files. Already done. :) You can add a line SKIPIFFORGING to any of the \IMail\Declude\*.eml files, and they will not be sent out when a forging virus is detected (with the latest interim release, at http://www.declude.com/release/175i/declude.exe ). Also, the sender.eml and otherpostmaster.eml files will automatically be skipped if a forging virus is detected, so you would only need the SKIPIFFORGING line if you have your own custom .eml files, or don't want recipient/postmaster notifications sent for forging viruses. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM)
on 9/19/03 7:51 AM, R. Scott Perry wrote: One thing that would be nice is if we could put a DONOTSENDTOFORGINGVIRUS in our config or .eml files and if Declude Virus sees a forging virus it would not send the warning messages automatically. That way we wouldn't have to manually update what is a forging virus in our files. Already done. :) Nice! I figured you already had something in place in the interim release, but since you didn't say anything, I thought I'd state the obvious. Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM) entries (aka VERISCAM)
Will the recipient and postmaster then show the sender as FORGED? No, but that will likely be added. Since we had a list of the forged in the virus.cfg. 1: Can we delete all the skipifvirus lines in the .eml files? 2: Can we delete all the forged entries in the virus.cfg? I would recommend keeping them in there, just as a backup. Once this new system has been well tested, then it should be safe to remove them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM)
Scott, Does the new Declude poll every time to your box to see what is forging and what is not or does it keep a cache? (Just thinking about your bandwidth and also if.. g-d forbid... your network connection goes down.) -Josh On Sep 19, 2003, at 8:21 AM, System Administrator wrote: on 9/19/03 7:51 AM, R. Scott Perry wrote: One thing that would be nice is if we could put a DONOTSENDTOFORGINGVIRUS in our config or .eml files and if Declude Virus sees a forging virus it would not send the warning messages automatically. That way we wouldn't have to manually update what is a forging virus in our files. Already done. :) Nice! I figured you already had something in place in the interim release, but since you didn't say anything, I thought I'd state the obvious. Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM)
Does the new Declude poll every time to your box to see what is forging and what is not or does it keep a cache? It polls every time a virus is received. (Just thinking about your bandwidth and also if.. g-d forbid... your network connection goes down.) However, if our server can't be reached, Declude Virus will assume that the virus is a forging virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM)
We have just come out with an interim release (v1.75i8) that will detect the wildcard A records from all TLDs that use them. This works automatically with the MAILFROM and HELOBOGUS tests, without any configuration changes needed. However, the latest interim release includes an experimental new feature in Declude Virus, that will automatically look up virus names to see if they are forging viruses. This will send the name of the virus and the IP address that sent it to our servers as part of the lookup. If you do not feel comfortable with this information being sent, you can add a line AUTOFORGE OFF to your virus.cfg file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM)
Where can I download the interim release? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, September 18, 2003 1:42 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM) We have just come out with an interim release (v1.75i8) that will detect the wildcard A records from all TLDs that use them. This works automatically with the MAILFROM and HELOBOGUS tests, without any configuration changes needed. However, the latest interim release includes an experimental new feature in Declude Virus, that will automatically look up virus names to see if they are forging viruses. This will send the name of the virus and the IP address that sent it to our servers as part of the lookup. If you do not feel comfortable with this information being sent, you can add a line AUTOFORGE OFF to your virus.cfg file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM)
Where can I download the interim release? You can download it from http://www.declude.com/release/175i/declude.exe . -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Interim release to detect wildcard DNS entries (aka VERISCAM)
Thanks a bunch for both new features. Are you planning on doing anything in the future with the IP's that you are collecting, i.e. new functionality like creating a blacklist? Or is this just being done to facilitate that test? We haven't decided for certain what we are going to do, but if we get enough of a volume, we will likely send automated notices to the appropriate abuse addresses. The idea is that while large ISPs just don't have the resources to deal with thousands of individual reports of viruses (with many of them being duplicates, many of them not appropriate, etc.), they may have the time to deal with getting updates several times a day of new customers of theirs that have viruses, and which ones still are sending viruses. Or perhaps we can set it up so that the appropriate people can go to a website to check the infected computers under their control, or that individuals can check all the IPs in their Class C range (so a curious person may find out that one of their co-workers has a virus, and then tells the IT guys...). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.