RE: [Declude.Virus] scanning timeout value
Yes, IMail was processing mail through that period. We started receiving messages at our desktops that did not contain any declude headers, and that was my first indication that something was wrong. The log even shows SMTP refusals based on entries in my kill.lst file, so I'm guessing that IMail SMTP was up. Do you have a C:\Declude.gp1 or C:\Declude.gp2 file, dated when this happened (or more recent)? Unfortunately, I bounced the box before I did a whole lot more investigating at the time, so I don't have much more to go on. I did pull up the remote administrator and look at the queue, and there were many times the usual number of items in the Waiting Items box, but only a single message at a time in the processing items. That's not normal either. What I failed to do was to pull up the task manager and look at the open processes before I restarted the machine. My guess here is that IMail's SMTPD process (which listens for incoming E-mail) was working, and placing files in the spool, but never starting Declude (or the SMTP32.exe process that IMail uses to deliver the E-mail after Declude is done). That would account for why there was only 1 E-mail being processed (that would be the queue run that runs every 30 minutes or so), and a lot of E-mail in the spool. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] scanning timeout value
Nope, no c:\declude.gpx files, I looked for those first. And I agree with your conclusion about what happened, I just wish I had looked at the task manager to see if there were a boatload of smtp32.exe processes sitting in limbo. I'll bet there were. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Wednesday, 22 January 2003 1:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] scanning timeout value Yes, IMail was processing mail through that period. We started receiving messages at our desktops that did not contain any declude headers, and that was my first indication that something was wrong. The log even shows SMTP refusals based on entries in my kill.lst file, so I'm guessing that IMail SMTP was up. Do you have a C:\Declude.gp1 or C:\Declude.gp2 file, dated when this happened (or more recent)? Unfortunately, I bounced the box before I did a whole lot more investigating at the time, so I don't have much more to go on. I did pull up the remote administrator and look at the queue, and there were many times the usual number of items in the Waiting Items box, but only a single message at a time in the processing items. That's not normal either. What I failed to do was to pull up the task manager and look at the open processes before I restarted the machine. My guess here is that IMail's SMTPD process (which listens for incoming E-mail) was working, and placing files in the spool, but never starting Declude (or the SMTP32.exe process that IMail uses to deliver the E-mail after Declude is done). That would account for why there was only 1 E-mail being processed (that would be the queue run that runs every 30 minutes or so), and a lot of E-mail in the spool. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] server-based encryption
That would be ideal. But is it feasible? If so, don't forget to include me on the royalties! :) -Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jonathan Sent: Wednesday, January 22, 2003 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] server-based encryption Maybe something could be scripted and called via declude .. an external .. might not be so difficult .. Jonathan At 09:10 AM 1/22/2003 -0500, you wrote: I was initially going to implement PGP, but I have about 10 internal users (that would each need a digital certificate) sending to two or three external users (that would need to install the public keys from all of my internal users). That's a lot of administration. I even tried setting up a computer running MS Outlook 2002 with the following... Receive mail on Account A Setup a rule to forward all messages from Account A out on Account B Setup PGP on Account B Therefore internal users send mail to Account A. The rule forwards the mail to external users via encrypted Account B. It seems logical enough, but Outlook 2002 would default to sending out on Account A rather than B, because the mail was originally received on Account A. I even tried changing the default account, but it never worked correctly. -Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeff Maze - Hostmaster Sent: Wednesday, January 22, 2003 8:48 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] server-based encryption Have you tried PGP on the client side? I've used it before, but the only problem is that you have to distribute your public key to everyone that you're sending messages to. Then they have to install PGP on their machine, create a public key for them, and then install your public key to read your message. Also, there was a big security hole discovered in PGP a few months ago. I haven't heard anything about it recently as to whether they've fixed it or not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Declude Forum Sent: Wednesday, January 22, 2003 8:35 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] server-based encryption I tried a VPN between the sites, but the IT staff at the other site (different company) couldn't get their act together. I use a VPN for my own remote sites without any problems. I currently use SSL on the webmail interface, but for this instance the external users would need internal mail accounts. It would be nice if there was a simple app, like declude, that would encrypt outgoing emails. A suggestion for a future release ;-) -Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jonathan Sent: Tuesday, January 21, 2003 10:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] server-based encryption In our case, its a many to many, and not all the sites will be on our mail servers. I'd rather not have all those sites tunneling into our server, just for management overhead. But mostly, we need a way to let end-users send secure messages to people on a variety of ISPs etc. One being AOL! ick .. hence my self-extracting file, or client pgp. Jonathan At 03:50 PM 1/21/2003 -0800, you wrote: If you are looking at just 2 primary sites, why not use a site to site vpn to encrypt date between your locations. Jim - Original Message - From: Jonathan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 21, 2003 3:47 PM Subject: RE: [Declude.Virus] server-based encryption oops .. responded too quickly. I guess that wouldn't be server-side, would it? :) Sorry .. We've been using webmail in secure mode (yuck), and dabbling a bit with SSL POP and SMTP.. but of course this doesn't help with remote users. I was playing with just having the server pgp up any file that goes to an outside address, or some self-extracting file .. didn't come up with anything else. I'm interested to see what everyone else is working on, though.. Jonathan At 05:40 PM 1/21/2003 -0600, you wrote: There's always PGP, but both sides need the plugins .. Jonathan At 03:30 PM 1/21/2003 -0800, you wrote: I work for the healthcare division of Siemens, and we are currently beta testing our secure message delivery products (including e-mail) with some our healthcare customers. Depending on how soon you need it, our offering should be publicly available in a couple of months. Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Declude Forum Sent: Tuesday, January 21, 2003 10:12 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] server-based encryption Greetings, Does anyone use an application to encrypt outgoing email messages? I work for a medical related company, and we need a way to encrypt some outgoing
[Declude.Virus] log expansion
I loaded 1.66 and the copy of fpcmd.exe from out of fp-win_312d_m.exe on Monday morning. Since then my log files have grown dramatically, mostly from the inclusion of countless lines like these: 01/20/2003 12:55:00 Q37e6146 Could not find parse string Infection in report.txt 01/20/2003 12:55:01 Q37e6146 Error 0 in virus scanner. 01/20/2003 12:55:01 Q37e6146 Scanned: Error in virus scanner. [MIME: 1 2331] Since I'm still investigating the failure I experienced this morning, I'm concerned. I reverted the fpcmd.exe back to the 3.12C version, just to see what happens, but has anyone else seen this pattern occur? -- John Shacklett www.continentaloffice.com [EMAIL PROTECTED] [EMAIL PROTECTED] You read about all these terrorists--most of them came here legally, but they hung around on these expired visas, some for as long as 10 to 15 years. Now, compare that to Blockbuster: you're two days late with a video and those people are all over you. Let's put Blockbuster in charge of Homeland Security. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] log expansion
I loaded 1.66 and the copy of fpcmd.exe from out of fp-win_312d_m.exe on Monday morning. Since then my log files have grown dramatically, mostly from the inclusion of countless lines like these: 01/20/2003 12:55:00 Q37e6146 Could not find parse string Infection in report.txt 01/20/2003 12:55:01 Q37e6146 Error 0 in virus scanner. 01/20/2003 12:55:01 Q37e6146 Scanned: Error in virus scanner. [MIME: 1 2331] Since I'm still investigating the failure I experienced this morning, I'm concerned. I reverted the fpcmd.exe back to the 3.12C version, just to see what happens, but has anyone else seen this pattern occur? Is the SCANFILE line in the \IMail\Declude\virus.cfg file pointing to the correct location for the fpcmd.exe file? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] server-based encryption
I actually don't think it'd be too bad .. the keys would be stored on the mail server, the program you call would find the body, encrypt it, pass declude a return true, or however it's handled, and away it goes out to the world. You are, of course, assuming that the user isn't using webmail, and that they're using the imail box to send mail (relay). The other catch would be decryption .. maybe not so difficult either. Jonathan At 04:56 PM 1/22/2003 -0500, you wrote: That would be ideal. But is it feasible? If so, don't forget to include me on the royalties! :) -Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jonathan Sent: Wednesday, January 22, 2003 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] server-based encryption Maybe something could be scripted and called via declude .. an external .. might not be so difficult .. Jonathan At 09:10 AM 1/22/2003 -0500, you wrote: I was initially going to implement PGP, but I have about 10 internal users (that would each need a digital certificate) sending to two or three external users (that would need to install the public keys from all of my internal users). That's a lot of administration. I even tried setting up a computer running MS Outlook 2002 with the following... Receive mail on Account A Setup a rule to forward all messages from Account A out on Account B Setup PGP on Account B Therefore internal users send mail to Account A. The rule forwards the mail to external users via encrypted Account B. It seems logical enough, but Outlook 2002 would default to sending out on Account A rather than B, because the mail was originally received on Account A. I even tried changing the default account, but it never worked correctly. -Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeff Maze - Hostmaster Sent: Wednesday, January 22, 2003 8:48 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] server-based encryption Have you tried PGP on the client side? I've used it before, but the only problem is that you have to distribute your public key to everyone that you're sending messages to. Then they have to install PGP on their machine, create a public key for them, and then install your public key to read your message. Also, there was a big security hole discovered in PGP a few months ago. I haven't heard anything about it recently as to whether they've fixed it or not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Declude Forum Sent: Wednesday, January 22, 2003 8:35 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] server-based encryption I tried a VPN between the sites, but the IT staff at the other site (different company) couldn't get their act together. I use a VPN for my own remote sites without any problems. I currently use SSL on the webmail interface, but for this instance the external users would need internal mail accounts. It would be nice if there was a simple app, like declude, that would encrypt outgoing emails. A suggestion for a future release ;-) -Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jonathan Sent: Tuesday, January 21, 2003 10:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] server-based encryption In our case, its a many to many, and not all the sites will be on our mail servers. I'd rather not have all those sites tunneling into our server, just for management overhead. But mostly, we need a way to let end-users send secure messages to people on a variety of ISPs etc. One being AOL! ick .. hence my self-extracting file, or client pgp. Jonathan At 03:50 PM 1/21/2003 -0800, you wrote: If you are looking at just 2 primary sites, why not use a site to site vpn to encrypt date between your locations. Jim - Original Message - From: Jonathan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 21, 2003 3:47 PM Subject: RE: [Declude.Virus] server-based encryption oops .. responded too quickly. I guess that wouldn't be server-side, would it? :) Sorry .. We've been using webmail in secure mode (yuck), and dabbling a bit with SSL POP and SMTP.. but of course this doesn't help with remote users. I was playing with just having the server pgp up any file that goes to an outside address, or some self-extracting file .. didn't come up with anything else. I'm interested to see what everyone else is working on, though.. Jonathan At 05:40 PM 1/21/2003 -0600, you wrote: There's always PGP, but both sides need the plugins .. Jonathan At 03:30 PM 1/21/2003 -0800, you wrote: I work for the healthcare division of Siemens, and we are currently beta testing our secure message delivery products (including e-mail) with some our healthcare customers. Depending on how soon you need it, our offering should
RE: [Declude.Virus] log expansion
Yep. I changed the name of the old one and dropped the new one right in its place. I'm going to get a fresh copy of 3.12D and repeat the install, and do some more Eicar testing and get this right. Thanks for the insights. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Wednesday, 22 January 2003 5:11 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] log expansion I loaded 1.66 and the copy of fpcmd.exe from out of fp-win_312d_m.exe on Monday morning. Since then my log files have grown dramatically, mostly from the inclusion of countless lines like these: 01/20/2003 12:55:00 Q37e6146 Could not find parse string Infection in report.txt 01/20/2003 12:55:01 Q37e6146 Error 0 in virus scanner. 01/20/2003 12:55:01 Q37e6146 Scanned: Error in virus scanner. [MIME: 1 2331] Since I'm still investigating the failure I experienced this morning, I'm concerned. I reverted the fpcmd.exe back to the 3.12C version, just to see what happens, but has anyone else seen this pattern occur? Is the SCANFILE line in the \IMail\Declude\virus.cfg file pointing to the correct location for the fpcmd.exe file? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] log expansion
Yep. I changed the name of the old one and dropped the new one right in its place. I'm going to get a fresh copy of 3.12D and repeat the install, and do some more Eicar testing and get this right. If you want, you can use the debug mode (LOGLEVEL DEBUG) until at least one E-mail is scanned, and then E-mail me the log file off-list, and I can probably figure out what is happening. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] log expansion
I think I have things back to normal. I'm writing this off to a buggered fpcmd.exe file. As soon as I reinstalled f-prot, things started working properly. I even caught a klez by happenstance in the middle of the eicars, all with both scanners, so I'm going home. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Wednesday, 22 January 2003 6:10 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] log expansion Yep. I changed the name of the old one and dropped the new one right in its place. I'm going to get a fresh copy of 3.12D and repeat the install, and do some more Eicar testing and get this right. If you want, you can use the debug mode (LOGLEVEL DEBUG) until at least one E-mail is scanned, and then E-mail me the log file off-list, and I can probably figure out what is happening. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.