Re[2]: [Declude.Virus] Request for Headers
I appreciate it. I have all three of your products and think they are wonderful. Keep up the good work. Best regards, Johnmailto:[EMAIL PROTECTED] Hello R., Monday, July 30, 2001, 8:20:27 PM, you wrote: >>I had the postmaster of an ISP request the headers of the virus. I >>was able to get them, but thought it might be nice if Declude could do >>it automatically. >> >>Is it possible to have Declude automatically be able to send all the >>header info? RSP> That isn't possible currently, but I have added that to the request RSP> database, and it will likely be added to an upcoming version, as it could RSP> be quite useful. RSP> -Scott RSP> This E-mail came from the Declude.Virus mailing list. To RSP> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP> type "unsubscribe Declude.Virus". You can E-mail RSP> [EMAIL PROTECTED] for assistance. You can visit our web RSP> site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Request for Headers
>I had the postmaster of an ISP request the headers of the virus. I >was able to get them, but thought it might be nice if Declude could do >it automatically. > >Is it possible to have Declude automatically be able to send all the >header info? That isn't possible currently, but I have added that to the request database, and it will likely be added to an upcoming version, as it could be quite useful. -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Request for Headers
I had the postmaster of an ISP request the headers of the virus. I was able to get them, but thought it might be nice if Declude could do it automatically. Is it possible to have Declude automatically be able to send all the header info? Best regards, John mailto:[EMAIL PROTECTED] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Invalid final delivery
With Declude I keep on getting mails from Postmaster saying Invalid final delivery userid: info@localhost Any explanation for this? Bruno Carlos This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] REVDNS:Has anyone used F-Prot...
I use it for workstations and it seems to do an excellent job. David DanielsSystem AdministratorStarfish Internet Service[EMAIL PROTECTED] - Original Message - From: Paul Ingram To: Declude. Virus Sent: Monday, July 30, 2001 1:48 PM Subject: [Declude.Virus] REVDNS:Has anyone used F-Prot... Does anyone use F-prot for workstations? For $2 a system I thought it might be worth looking into. Also if I go to F-Prot on my servers should I use the on demand scanner or just the command line part? Paul Ingram IT Systems Analyst CI Travel 1.888.461.0022 Ext:826 [EMAIL PROTECTED]
Re: [Declude.Virus] REVDNS:Has anyone used F-Prot...
>Does anyone use F-prot for workstations? >For $2 a system I thought it might be worth looking into. That's a good idea, especially since the minimum license is for 20 computers. So if you already license it to use with Declude Virus, you've got 19 extra licenses you can use. >Also if I go to F-Prot on my servers should I use the on demand scanner or >just the command line part? For non-Declude use, I would recommend the F-Stop on-access scanner (the one that runs in the background), as it will detect viruses as they are written to disk, rather than on set schedules as with the command line scanner. -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] %virusname% and %virusfile%
>I am running Declude with Netshield v4.5. (everything is working pretty >well too!) > >What I would like to do, is make use of these %virusname% and >%virusfile% options in the alert email that I am having sent to myself >when Declude finds a virus. You need to add "/REPORT report.txt" to the SCANFILE line in \IMail\Declude\virus.cfg, and also add a separate line that says "REPORT Found". [Users with F-Prot will instead add "/REPORT=report.txt" to the SCANFILE line, and add "REPORT Infection" on a separate line.] -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] %virusname% and %virusfile%
Good afternoon! Forgive me in advance for a question that I am sure has been answered before, but I'm new to the software and to the list. I am running Declude with Netshield v4.5. (everything is working pretty well too!) What I would like to do, is make use of these %virusname% and %virusfile% options in the alert email that I am having sent to myself when Declude finds a virus. I have looked at the instructions in the manual on the Declude website, and I am not quite sure how to get the Netshield to save a report with the information that Declude needs to fill in these variables. Is there anyone out there that already has this set up, that would be willing to share with me how it was done? I think I understand what needs to be added to the virus.cfg file, I'm just not sure how to go about setting it up in Netshield. My thought would be to rename the file that Netshield logs to, to report.txt, but after looking at the file itself, it doesnt seem to contain the proper information. Thanks in advance for your help! Sharyn Schmidt Network Specialist Florida Distillers Company (863) 956-1116 x139 We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged "Best in the World" at the annual San Francisco Wine and Spirits Championships, and the artisan tequilas of Porfidio 100% Agave Tequilas, judged "Best Tequila" four years running by the Wine Enthusiast magazine. For more information, please click (go to) http://www.cruzanrums.com";>http://http://www.cruzanrums";>www.cruzanrums.com This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] REVDNS:Has anyone used F-Prot...
Does anyone use F-prot for workstations? For $2 a system I thought it might be worth looking into. Also if I go to F-Prot on my servers should I use the on demand scanner or just the command line part? Paul Ingram IT Systems Analyst CI Travel 1.888.461.0022 Ext:826 [EMAIL PROTECTED]
RE: [Declude.Virus] OSDUL:sir cam
OK.. I think you hit it Scott. The one that was missed, is the only one so far, that has come through with the .doc.com extension. Everything else has come with the .pif. My guess would be that Mcaffee saw the .doc extension and just quit scanning. Just goes to show that even with all the best/updated virus protection in the world, a smart user can make all the difference! Of course, that doesn't explain why my firewall let it through, since it's supposed to be stripping .com extensions, but that, obviously, isn't your problem. :) Thanks for your help! Sharyn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Monday, July 30, 2001 9:40 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] OSDUL:sir cam >Yes! I checked the log and everything seems to be working fine. The >email came through as "virus free", however, the day before Declude >nabbed it, and has been nabbing it. There's a chance that McAfee may not be recognizing it in certain forms. Virus scanners actually won't scan an entire file sometimes, but use logic to determine what part(s) to scan. For example, in an .EXE file, there are parts marked as data segments, that shouldn't be able to contain a virus. It might be that there is some sort of logic like that that is missing the virus (perhaps when a certain file extension combination is used). The "Virus Free" message should only appear if the scanner reported that no virus was present. >I'm not sure what Roger means by this.. > >We had one sneak in for the first time this last week as well. We know >it happened because the header info identified it. With the increase in >virus activity during the last week maybe we reached >the MAXATONCE 4 and it didn't 'wait' for the 5th? He is using the MAXATONCE configuration option, which lets you limit the maximum number of virus scanners that can run at the same time. This is useful if you have a high volume server, or occasionally someone sends a lot of mail at the same time, or your licensing only allows you to run a certain number of concurrent scanner processes. The default for this is "MAXATONCE 0", which will not limit the number of simultaneous scanner processes. -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged "Best in the World" at the annual San Francisco Wine and Spirits Championships, and the artisan tequilas of Porfidio 100% Agave Tequilas, judged "Best Tequila" four years running by the Wine Enthusiast magazine. For more information, please click (go to) http://www.cruzanrums.com";>http://http://www.cruzanrums";>www.cruzanrums.com This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] OSDUL:sir cam
>Yes! I checked the log and everything seems to be working fine. The >email came through as "virus free", however, the day before Declude >nabbed it, and has been nabbing it. There's a chance that McAfee may not be recognizing it in certain forms. Virus scanners actually won't scan an entire file sometimes, but use logic to determine what part(s) to scan. For example, in an .EXE file, there are parts marked as data segments, that shouldn't be able to contain a virus. It might be that there is some sort of logic like that that is missing the virus (perhaps when a certain file extension combination is used). The "Virus Free" message should only appear if the scanner reported that no virus was present. >I'm not sure what Roger means by this.. > >We had one sneak in for the first time this last week as well. We know >it happened because the header info identified it. With the increase in >virus activity during the last week maybe we reached >the MAXATONCE 4 and it didn't 'wait' for the 5th? He is using the MAXATONCE configuration option, which lets you limit the maximum number of virus scanners that can run at the same time. This is useful if you have a high volume server, or occasionally someone sends a lot of mail at the same time, or your licensing only allows you to run a certain number of concurrent scanner processes. The default for this is "MAXATONCE 0", which will not limit the number of simultaneous scanner processes. -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: REVDNS:Re[2]: [Declude.Virus] OSDUL:sir cam
>With the increase in virus activity during the last week maybe we reached >the MAXATONCE 4 and it didn't 'wait' for the 5th? That wouldn't be it. With the MAXATONCE setting, Declude will wait for other scanner processes to finish, and then it will scan the E-mail. You can check to see if the file was scanned by first checking the IMail log to find out the queue file name, and cross-reference it with the queue file name in the Declude Virus log (which should have "Virus Free" if the scanner reported no virus; if that message isn't there, you should check for a C:\Declude.gp1 or C:\Declude.gp2 file and send them to me if they exist). -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] OSDUL:sir cam
Yes! I checked the log and everything seems to be working fine. The email came through as "virus free", however, the day before Declude nabbed it, and has been nabbing it. I'm not sure what Roger means by this.. We had one sneak in for the first time this last week as well. We know it happened because the header info identified it. With the increase in virus activity during the last week maybe we reached the MAXATONCE 4 and it didn't 'wait' for the 5th? Sharyn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Monday, July 30, 2001 9:29 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] OSDUL:sir cam >I had one today sneak in..fortunately the user didn't recognize the >sender and was smart enough to delete the email. > >The Declude/McAfee setup has been catching this virus left and right. I >don't have a clue why all of a sudden it would let this one in. Did you check the log file to see if there were any errors listed? -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged "Best in the World" at the annual San Francisco Wine and Spirits Championships, and the artisan tequilas of Porfidio 100% Agave Tequilas, judged "Best Tequila" four years running by the Wine Enthusiast magazine. For more information, please click (go to) http://www.cruzanrums.com";>http://http://www.cruzanrums";>www.cruzanrums.com This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] OSDUL:sir cam
>I had one today sneak in..fortunately the user didn't recognize the >sender and was smart enough to delete the email. > >The Declude/McAfee setup has been catching this virus left and right. I >don't have a clue why all of a sudden it would let this one in. Did you check the log file to see if there were any errors listed? -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
REVDNS:Re[2]: [Declude.Virus] OSDUL:sir cam
Reply to: Sharyn Schmidt Re: [Declude.Virus] OSDUL:sir cam on Monday 7:52:49 AM We had one sneak in for the first time this last week as well. We know it happened because the header info identified it. With the increase in virus activity during the last week maybe we reached the MAXATONCE 4 and it didn't 'wait' for the 5th? -- Roger Heath advanced internet desktop: www.activatordesk.com antivirus antispam email : www.activatormail.com master internet index: www.infogrid.com - Copy of Original Message(s): - S> I had one today sneak in..fortunately the user didn't recognize the S> sender and was smart enough to delete the email. S> The Declude/McAfee setup has been catching this virus left and right. I S> don't have a clue why all of a sudden it would let this one in. S> Sharyn Schmidt S> Network Specialist S> Florida Distillers Company S> (863) 956-1116 x139 S> -Original Message- S> From: [EMAIL PROTECTED] S> [mailto:[EMAIL PROTECTED]] On Behalf Of Madscientist S> Sent: Friday, July 27, 2001 3:56 PM S> To: [EMAIL PROTECTED] S> Subject: RE: [Declude.Virus] OSDUL:sir cam S> We had one client get infected... turned out the original infection came S> in under an outside service (hotmail)... then our service caught it S> trying to deliver payload elsewhere... saved many thousands of $ of S> cleanup, well justifying our per-mailbox price. Thanks Declude. S> :-) S> _M S> | -Original Message- S> | From: [EMAIL PROTECTED] S> | [mailto:[EMAIL PROTECTED]]On Behalf Of John Shacklett S> | Sent: Friday, July 27, 2001 12:18 PM S> | To: [EMAIL PROTECTED] S> | Subject: [Declude.Virus] OSDUL:sir cam S> | S> | S> | We've had a handful of Sir*Cam critters sneak in under the S> | declude/mcafee shield. Has anyone else noticed anything similar? S> | S> | S> | -- S> | S> | John Shacklett S> | S> | www.continentaloffice.com S> | S> | [EMAIL PROTECTED] S> | [EMAIL PROTECTED] S> | S> | -- S> | Ancient Chinese curse: S> | "May you live in interesting times." S> | S> | Somewhat more contemporary curse: S> | "May you putt on interesting greens." S> | S> | This E-mail came from the Declude.Virus mailing list. To unsubscribe, S> | just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe S> | Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. S> | You can visit our web site at http://www.declude.com . S> | S> This E-mail came from the Declude.Virus mailing list. To unsubscribe, S> just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe S> Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. S> You can visit our web site at http://www.declude.com . S> We are the worldwide producer and marketer of the award winning Cruzan S> Single Barrel Rum, judged "Best in the World" at the annual S> San Francisco Wine and Spirits Championships, and the S> artisan tequilas of Porfidio 100% Agave Tequilas, judged "Best S> Tequila" four years running by the Wine Enthusiast magazine. For S> more information, please click (go to) http://www.cruzanrums.com";>http://http://www.cruzanrums";>www.cruzanrums.com S> This E-mail came from the Declude.Virus mailing list. To S> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and S> type "unsubscribe Declude.Virus". You can E-mail S> [EMAIL PROTECTED] for assistance. You can visit our web S> site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] OSDUL:sir cam
I had one today sneak in..fortunately the user didn't recognize the sender and was smart enough to delete the email. The Declude/McAfee setup has been catching this virus left and right. I don't have a clue why all of a sudden it would let this one in. Sharyn Schmidt Network Specialist Florida Distillers Company (863) 956-1116 x139 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Madscientist Sent: Friday, July 27, 2001 3:56 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] OSDUL:sir cam We had one client get infected... turned out the original infection came in under an outside service (hotmail)... then our service caught it trying to deliver payload elsewhere... saved many thousands of $ of cleanup, well justifying our per-mailbox price. Thanks Declude. :-) _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]]On Behalf Of John Shacklett | Sent: Friday, July 27, 2001 12:18 PM | To: [EMAIL PROTECTED] | Subject: [Declude.Virus] OSDUL:sir cam | | | We've had a handful of Sir*Cam critters sneak in under the | declude/mcafee shield. Has anyone else noticed anything similar? | | | -- | | John Shacklett | | www.continentaloffice.com | | [EMAIL PROTECTED] | [EMAIL PROTECTED] | | -- | Ancient Chinese curse: | "May you live in interesting times." | | Somewhat more contemporary curse: | "May you putt on interesting greens." | | This E-mail came from the Declude.Virus mailing list. To unsubscribe, | just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe | Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. | You can visit our web site at http://www.declude.com . | This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged "Best in the World" at the annual San Francisco Wine and Spirits Championships, and the artisan tequilas of Porfidio 100% Agave Tequilas, judged "Best Tequila" four years running by the Wine Enthusiast magazine. For more information, please click (go to) http://www.cruzanrums.com";>http://http://www.cruzanrums";>www.cruzanrums.com This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .