Re: [Declude.Virus] Is Declude Hijack run before Declude Virus - Swen virus
- Original Message - From: Adolfo Justiniano [EMAIL PROTECTED] Scott, That interim version is seriously broken, none of the Declude JunkMail tests are executed, all messages have 0 as weight, no logs are generated... I have to go back to 1.76i2. It's working fine for me (1.76i3). Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Is Declude Hijack run before Declude Virus - Swen virus
First thing to do is go to a command prompt and change to the Imail directory and type in without the quotes: declude -diag and see if there are any errors noted. Also check to see if there are any declude.gp(number) files in the C:\ drive. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Adolfo Justiniano Sent: Friday, September 26, 2003 10:07 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Is Declude Hijack run before Declude Virus - Swen virus The same thing is happening here. I have the folder HOLD2 full of messages, most of them are actually infected with Swen.A virus, few are legitimate (sent after the IP was blocked by hijack). We've made a change to the code for interim release v1.76i3 (at http://www.declude.com/release/176i/declude.exe ) that should take care of this issue. Scott, That interim version is seriously broken, none of the Declude JunkMail tests are executed, all messages have 0 as weight, no logs are generated... I have to go back to 1.76i2. Adolfo Justiniano Santa Cruz BBS e-mail: [EMAIL PROTECTED] http://www.scbbs.net --- [This E-mail was scanned for viruses by the Santa Cruz BBS anti-virus system] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Declude Virus v1.76 (beta) released
Cool ! It might allow me to truely alert on local senders - can ONLYSENDIFIP handle multiple subnets? - Original Message - o Adds ONLYSENDIFRECIP and ONLYSENDIFIP options for .eml files that should only be sent to specific recipients or IPs. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Is Declude Hijack run before Declude Virus - Swen virus
We've made a change to the code for interim release v1.76i3 (at http://www.declude.com/release/176i/declude.exe ) that should take care of this issue. That interim version is seriously broken, none of the Declude JunkMail tests are executed, all messages have 0 as weight, no logs are generated... I have to go back to 1.76i2. You are correct -- there is a new interim release v1.76i4 at the same URL that fixes this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Is Declude Hijack run before Declude Virus - Swen virus
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] You are correct -- there is a new interim release v1.76i4 at the same URL that fixes this. Strange, I have not had any problems with that interim release. What I have noticed is that all of the 1.76i* releases have a problem with creating Eicar files in the directory that you run declude -diag in, except the IMail directory. For example, if I run three times at the root C prompt: C:\m:\imail\declude -diag I will find the following in the root of C: 09/27/2003 11:54a 68 eicar.com.vir 09/27/2003 11:54a 68 eicar.com.vir1 09/27/2003 11:54a 68 eicar.com.vir2 Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Is Declude Hijack run before Declude Virus - Swen virus
You are correct -- there is a new interim release v1.76i4 at the same URL that fixes this. Thanks Scott, now it's working. Adolfo Justiniano Santa Cruz BBS e-mail: [EMAIL PROTECTED] http://www.scbbs.net --- [This E-mail was scanned for viruses by the Santa Cruz BBS anti-virus system] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Is Declude Hijack run before Declude Virus - Swen virus
Strange, I have not had any problems with that interim release. What I have noticed is that all of the 1.76i* releases have a problem with creating Eicar files in the directory that you run declude -diag in, except the IMail directory. For example, if I run three times at the root C prompt: If you don't have a gateway and don't use ipbypass in Declude JunkMail you probably wouldn't have the problem. I don't have that problem with the Eicar files when I run declude -diag in any directory. Adolfo Justiniano Santa Cruz BBS e-mail: [EMAIL PROTECTED] http://www.scbbs.net --- [This E-mail was scanned for viruses by the Santa Cruz BBS anti-virus system] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Is Declude Hijack run before Declude Virus - Swen virus
- Original Message - From: Adolfo Justiniano [EMAIL PROTECTED] If you don't have a gateway and don't use ipbypass in Declude JunkMail you probably wouldn't have the problem. I have two Redhat/Postfix gateways sitting in front of my IMail server and therefore do use IPBYPASS with Declude JunkMail. I don't have that problem with the Eicar files when I run declude -diag in any directory. Hmmm, and the matter gets even stranger, since this happens on both my production IMail server and my test server, even with the latest v1.76i4 interim release... :-\ Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Is Declude Hijack run before Declude Virus - Swen virus
What I have noticed is that all of the 1.76i* releases have a problem with creating Eicar files in the directory that you run declude -diag in, except the IMail directory. For example, if I run three times at the root C prompt: C:\m:\imail\declude -diag I will find the following in the root of C: 09/27/2003 11:54a 68 eicar.com.vir 09/27/2003 11:54a 68 eicar.com.vir1 09/27/2003 11:54a 68 eicar.com.vir2 That is intentional. The Declude diagnostics will create an eicar.com file, and try to delete it. If it can't create or delete the file, it displays a warning. This is designed for us to help discover when people have on-access virus scanners running that they don't know about. In this case, your on-access virus scanner is renaming the file with the virus in it (which prevents Declude from deleting it). But since it is not happening in the \IMail directory (and subdirectories, presumably), it will not interfere with Declude Virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.