RE: [Declude.Virus] F-Prot Updater via AT Scheduler Problem
Sorry, I didn't see nt or 2k specified in the post. :-) I can 'testify' that 2k works while logged off, I am 99.9% sure NT does too. NT help file should answer that question for you. - Tony 1) On win2k Server, scheduled tasks DO run even if logged out. Sure - but the original question was for WinNT Since there's a GUI on the windows version will this run while the console is logged off? It's working for me - the updater is run every three hours. /Rasmus --- [Denne E-mail blev scannet for virus af Declude Virus] [This E-mail was scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by http://www.intouchmi.com] --- [This E-mail was scanned for viruses by http://www.intouchmi.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Updater via AT Scheduler Problem
What's NT 4.0? :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tony Gray - Network Administrator Sent: Thursday, December 19, 2002 9:35 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-Prot Updater via AT Scheduler Problem Sorry, I didn't see nt or 2k specified in the post. :-) I can 'testify' that 2k works while logged off, I am 99.9% sure NT does too. NT help file should answer that question for you. - Tony 1) On win2k Server, scheduled tasks DO run even if logged out. Sure - but the original question was for WinNT Since there's a GUI on the windows version will this run while the console is logged off? It's working for me - the updater is run every three hours. /Rasmus --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Updater via AT Scheduler Problem
We have NT IIS servers running (with Progress Webspeed as well), and they start up automatically without anyone logged in.. So I assume it's true for NT4 as well.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tony Gray - Network Administrator Sent: Thursday, December 19, 2002 9:35 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-Prot Updater via AT Scheduler Problem Sorry, I didn't see nt or 2k specified in the post. :-) I can 'testify' that 2k works while logged off, I am 99.9% sure NT does too. NT help file should answer that question for you. - Tony 1) On win2k Server, scheduled tasks DO run even if logged out. Sure - but the original question was for WinNT Since there's a GUI on the windows version will this run while the console is logged off? It's working for me - the updater is run every three hours. /Rasmus --- [Denne E-mail blev scannet for virus af Declude Virus] [This E-mail was scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by http://www.intouchmi.com] --- [This E-mail was scanned for viruses by http://www.intouchmi.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] bogus files.....
Hey guys, While going through my logs, I noticed a lot of lines like this: 12/19/2002 09:14:11 Qd43109d000d4e8d9 Found a bogus .jpg file 12/19/2002 09:14:11 Qd43109d000d4e8d9 Found a bogus .jpg file 12/19/2002 09:14:11 Qd43109d000d4e8d9 Found a bogus .jpg file 12/19/2002 09:14:11 Qd43109d000d4e8d9 Found a bogus .jpg file 12/19/2002 09:14:11 Qd43109d000d4e8d9 Found a bogus .jpg file 12/19/2002 09:14:11 Qd43109d000d4e8d9 Found a bogus .jpg file I see it's pointing to the same message, but was just curious to know how common this is? Is this the .jpg.exe setup it's finding? What got me on this was yesterday my NAV snagged a magistr virus that came through that Declude missed. I've also seen alot of these: 12/19/2002 09:48:25 Qdc38012d013e4431 Outlook 'MIME segment in MIME Preamble' vulnerability in line 17 layer 1 [Content-Type: multipart/altern] 12/19/2002 09:48:25 Qdc38012d013e4431 File(s) are INFECTED [0] So far all of these seem to be spam, but it's amazing the amount of these in there Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] bogus files.....
While going through my logs, I noticed a lot of lines like this: 12/19/2002 09:14:11 Qd43109d000d4e8d9 Found a bogus .jpg file I see it's pointing to the same message, but was just curious to know how common this is? What version of Declude Virus are you running? That log file entry is part of an experimental system in Declude Virus designed to find files that aren't what they claim to be (for example, if someone renamed an .exe file to a .jpg extension). However, I believe there was a recent beta that would falsely detect these bogus files. In any case, the only damage is the extra log file entries. What got me on this was yesterday my NAV snagged a magistr virus that came through that Declude missed. Have you checked the Declude Virus log file to see what it says about that E-mail? I've also seen alot of these: 12/19/2002 09:48:25 Qdc38012d013e4431 Outlook 'MIME segment in MIME Preamble' vulnerability in line 17 layer 1 [Content-Type: multipart/altern] 12/19/2002 09:48:25 Qdc38012d013e4431 File(s) are INFECTED [0] So far all of these seem to be spam, but it's amazing the amount of these in there Yes, there are a lot of spammers who apparently write their own spamware, and send out incorrectly formatted E-mails that contain some of the recently discovered vulnerabilities. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Treatment of double layered extension files
Title: Treatment of double layered extension files Scott, I saw a few weeks ago about a thread discussion that talked about the 'catching' of double layered extension files (i.e. file.shs.txt), however I couldn't find it in the archive. I wanted to see if these indeed get caught as banext (i.e. shs) , as I think this maybe a dull point if they contain a virus as the scanner should catch it and thus tip Declude to quarantine it, however my thoughts were if it was not a virus file. Thanks for the info. ___ Keith Johnson, MCP Network Engineer Network Advocates, Inc. Tel: 502.412.1050 Fax: 502.412.1058 Email: [EMAIL PROTECTED] Good pings come in small packets
Re: [Declude.Virus] Treatment of double layered extension files
I saw a few weeks ago about a thread discussion that talked about the 'catching' of double layered extension files (i.e. file.shs.txt), however I couldn't find it in the archive. I wanted to see if these indeed get caught as banext (i.e. shs) , as I think this maybe a dull point if they contain a virus as the scanner should catch it and thus tip Declude to quarantine it, however my thoughts were if it was not a virus file. Thanks for the info. If there is a virus, the E-mail will get caught. If there is no virus, but the extension is banned (for example, a file named file.txt.shs will get banned if you use BANEXT SHS). If you do not ban the file extension, and no virus is detected, the E-mail will be allowed through. This is the part where some people have requested a change, so that you would be able to ban any file with double extensions. However, this gets tricky to implement with such filenames as yahoo.com.url and ones with 4-character extensions (file.jpeg.exe versus my.program.exe). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Customized Footer for domain
Title: Customized Footer for domain Scott, Thanks for the aid on other question. We currently have the virus footer disabled, but I have one client who would like a footer added to his email that it was scanned for viruses. Is there a way to do this except globally in the virus.cfg file? Again, thank you. ___ Keith Johnson, MCP Network Engineer Network Advocates, Inc. Tel: 502.412.1050 Fax: 502.412.1058 Email: [EMAIL PROTECTED] Good pings come in small packets
Re: [Declude.Virus] bogus files.....
What version of Declude Virus are you running? 1.65. That log file entry is part of an experimental system in Declude Virus designed to find files that aren't what they claim to be (for example, if someone renamed an .exe file to a .jpg extension). However, I believe there was a recent beta that would falsely detect these bogus files. In any case, the only damage is the extra log file entries. Ok, that's what I figured it had to be, as it appeared no actions are taken. Is that planned for a later release? If the attachment is bogus to hold/warn/delete? Have you checked the Declude Virus log file to see what it says about that E-mail? No, I missed it when it came in and NAV canned it before I could see it. So I don't know the exact time. I would've looked it up tho. Yes, there are a lot of spammers who apparently write their own spamware, and send out incorrectly formatted E-mails that contain some of the recently discovered vulnerabilities. I guess this makes good use of holds for vulnerabilities. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Customized Footer for domain
Thanks for the aid on other question. We currently have the virus footer disabled, but I have one client who would like a footer added to his email that it was scanned for viruses. Is there a way to do this except globally in the virus.cfg file? Again, thank you. Unfortunately, there isn't any way to do it except globally. However, having footers configurable per domain is already in the suggestion database. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] bogus files.....
That log file entry is part of an experimental system in Declude Virus designed to find files that aren't what they claim to be (for example, if someone renamed an .exe file to a .jpg extension). However, I believe there was a recent beta that would falsely detect these bogus files. In any case, the only damage is the extra log file entries. Ok, that's what I figured it had to be, as it appeared no actions are taken. Is that planned for a later release? If the attachment is bogus to hold/warn/delete? That's planned for a future release. We haven't decided yet how the E-mails would be handled (HOLD/WARN/DELETE sound like they would be good options). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] bogus files.....
That log file entry is part of an experimental system in Declude Virus designed to find files that aren't what they claim to be (for example, if someone renamed an .exe file to a .jpg extension). However, I believe there was a recent beta that would falsely detect these bogus files. In any case, the only damage is the extra log file entries. Ok, that's what I figured it had to be, as it appeared no actions are taken. Is that planned for a later release? If the attachment is bogus to hold/warn/delete? That's planned for a future release. We haven't decided yet how the E-mails would be handled (HOLD/WARN/DELETE sound like they would be good options). Hold with postmaster and possible recipient notification sounds good. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Problem in Config
I have turned BANCRVIRUSES OFF but it is still catching the Mime header vulnerability. I know I should not turn it off but until the developer fixes the code I have got to let this stuff get through. Any ideas why it wouldn't be working? I know it is reading the current config because the change to my footer is in place. CA --- [This Email scanned for viruses by Declude Virus provided by http://www.enSYNC-Corp.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Problem in Config
I have turned BANCRVIRUSES OFF but it is still catching the Mime header vulnerability. I know I should not turn it off but until the developer fixes the code I have got to let this stuff get through. Any ideas why it wouldn't be working? I know it is reading the current config because the change to my footer is in place. Could that be the MIME segment in MIME preamble vulnerability (which it turns out would get caught even with the BANCRVIRUSES OFF setting)? We have an interim release at http://www.declude.com/release/165i/declude.exe that will take care of that. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] bogus files.....
I got this same bogus file showing up in the log (MID) when I sent the eicar virus (zipped format) off the eicar.com website to our server. Keith -Original Message- From: John Tolmachoff [mailto:[EMAIL PROTECTED]] Sent: Thu 12/19/2002 7:14 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.Virus] bogus files. That log file entry is part of an experimental system in Declude Virus designed to find files that aren't what they claim to be (for example, if someone renamed an .exe file to a .jpg extension). However, I believe there was a recent beta that would falsely detect these bogus files. In any case, the only damage is the extra log file entries. Ok, that's what I figured it had to be, as it appeared no actions are taken. Is that planned for a later release? If the attachment is bogus to hold/warn/delete? That's planned for a future release. We haven't decided yet how the E-mails would be handled (HOLD/WARN/DELETE sound like they would be good options). Hold with postmaster and possible recipient notification sounds good. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. winmail.dat
