RE: [Declude.Virus] Imail and Spyware Protection
Checking for Spyware would be the responsibility of a desktop application, not at the e-mail server level. Most Spyware is installed as the result of user internet browser use. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Bridges, Samantha Sent: Monday, January 26, 2004 7:13 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.Virus] Imail and Spyware Protection Recently, I read an article about spyware. Does Declude or Imail address this issue with their product(s)? A quote from an article states: Network Associates will become the latest security software maker to address the growing problem of stealth surveillance software known as spyware. How do you know if spyware is on a PC? Does Declude or Imail identify and remove sneakly applications such as these? Here is the full article: MCAFEE ADDS SPYWARE PROTECTION Software will identify and remove sneaky applications. http://www.pcworld.com/news/article/0,aid,114421,tk,dn012304X,00.asp Thanks and I look forward to any responses. Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Imail and Spyware Protection
How do you know if spyware is on a PC? Does Declude or Imail identify and remove sneakly applications such as these? That is up to the AV program. Most AV programs do not attempt to detect spyware. However, if the AV program you use with Declude Virus is capable of detecting spyware, then it will get caught with Declude Virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Imail and Spyware Protection
Thanks scott. I use F-Prot and I don't know if they block this. I will check it out. Samantha -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Monday, January 26, 2004 10:20 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Imail and Spyware Protection How do you know if spyware is on a PC? Does Declude or Imail identify and remove sneakly applications such as these? That is up to the AV program. Most AV programs do not attempt to detect spyware. However, if the AV program you use with Declude Virus is capable of detecting spyware, then it will get caught with Declude Virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Imail and Spyware Protection
I use F-Prot and I don't know if they block this. I will check it out. They do not. Very, very few AV programs detect spyware. If you want to detect spyware sent in E-mail, it may be best to use a program like PestPatrol with Declude Virus in addition to F-Prot. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Imail and Spyware Protection
Pest Patrol is a spyware application that is support by Declude Virus, at least it is shown in the manual at http://www.declude.com/virus/manual.htm. Bill - Original Message - From: Bridges, Samantha [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 7:49 AM Subject: RE: [Declude.Virus] Imail and Spyware Protection Thanks scott. I use F-Prot and I don't know if they block this. I will check it out. Samantha -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Monday, January 26, 2004 10:20 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Imail and Spyware Protection How do you know if spyware is on a PC? Does Declude or Imail identify and remove sneakly applications such as these? That is up to the AV program. Most AV programs do not attempt to detect spyware. However, if the AV program you use with Declude Virus is capable of detecting spyware, then it will get caught with Declude Virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Imail and Spyware Protection
Doesn't all spyware that comes via email run as an executable? I assume you can tell Imail to ditch all *.exe files and this would slow spyware down from the mail side. Since most spyware comes through Internet browsing on the desktop, I would recommend Lavasoft's Ad Aware. It's good and free. -Rob At 07:56 AM 1/26/2004 -0800, you wrote: Pest Patrol is a spyware application that is support by Declude Virus, at least it is shown in the manual at http://www.declude.com/virus/manual.htm. Bill - Original Message - From: Bridges, Samantha [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 7:49 AM Subject: RE: [Declude.Virus] Imail and Spyware Protection Thanks scott. I use F-Prot and I don't know if they block this. I will check it out. Samantha -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Monday, January 26, 2004 10:20 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Imail and Spyware Protection How do you know if spyware is on a PC? Does Declude or Imail identify and remove sneakly applications such as these? That is up to the AV program. Most AV programs do not attempt to detect spyware. However, if the AV program you use with Declude Virus is capable of detecting spyware, then it will get caught with Declude Virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. Robert T. Jackson Product Management Rackspace Managed Hosting (210) 892-4000 ext. 1518
RE: [Declude.Virus] Imail and Spyware Protection
Remember though, most Spyware gets onto a users computer via Internet browsing usage and security configuration on the computer and in the browser, not through e-mail. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Monday, January 26, 2004 7:56 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Imail and Spyware Protection Pest Patrol is a spyware application that is support by Declude Virus, at least it is shown in the manual at http://www.declude.com/virus/manual.htm. Bill - Original Message - From: Bridges, Samantha [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 7:49 AM Subject: RE: [Declude.Virus] Imail and Spyware Protection Thanks scott. I use F-Prot and I don't know if they block this. I will check it out. Samantha -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Monday, January 26, 2004 10:20 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Imail and Spyware Protection How do you know if spyware is on a PC? Does Declude or Imail identify and remove sneakly applications such as these? That is up to the AV program. Most AV programs do not attempt to detect spyware. However, if the AV program you use with Declude Virus is capable of detecting spyware, then it will get caught with Declude Virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] New, fast-spreading virus
FYI, there is a new fast-spreading virus out there, that is too new to be caught by AV programs yet. So far we have seen filenames of body, data, document, file, glszfj, message, readme, test, text, vgsu042a, and vncexdl, with extensions of .pif, .scr, .zip. It may be a wise idea to temporarily ban .pif and .scr files (and possibly .zip as well), if you do not already. You can use BANEXT PIF and BANEXT SCR in the virus.cfg file to do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New, fast-spreading virus
Yep - just gone one. The readme.zip contains a readme.scr screen saver. No doubt a virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 04:34 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New, fast-spreading virus FYI, there is a new fast-spreading virus out there, that is too new to be caught by AV programs yet. So far we have seen filenames of body, data, document, file, glszfj, message, readme, test, text, vgsu042a, and vncexdl, with extensions of .pif, .scr, .zip. It may be a wise idea to temporarily ban .pif and .scr files (and possibly .zip as well), if you do not already. You can use BANEXT PIF and BANEXT SCR in the virus.cfg file to do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New, fast-spreading virus
Hm - just got this mail with an attached README.ZIP (which I didn't open): From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, January 26, 2004 04:32 PM Subject: The message contains Unicode characters and has been sent as a binary attachment. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 04:34 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New, fast-spreading virus FYI, there is a new fast-spreading virus out there, that is too new to be caught by AV programs yet. So far we have seen filenames of body, data, document, file, glszfj, message, readme, test, text, vgsu042a, and vncexdl, with extensions of .pif, .scr, .zip. It may be a wise idea to temporarily ban .pif and .scr files (and possibly .zip as well), if you do not already. You can use BANEXT PIF and BANEXT SCR in the virus.cfg file to do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New, fast-spreading virus
This is going to be a bad one. The file I got was fssgf.zip with a fssgf.scr inside of it. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, January 26, 2004 1:46 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New, fast-spreading virus Yep - just gone one. The readme.zip contains a readme.scr screen saver. No doubt a virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 04:34 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New, fast-spreading virus FYI, there is a new fast-spreading virus out there, that is too new to be caught by AV programs yet. So far we have seen filenames of body, data, document, file, glszfj, message, readme, test, text, vgsu042a, and vncexdl, with extensions of .pif, .scr, .zip. It may be a wise idea to temporarily ban .pif and .scr files (and possibly .zip as well), if you do not already. You can use BANEXT PIF and BANEXT SCR in the virus.cfg file to do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New, fast-spreading virus
FYI, I just received a suspicious email with a zipped SCR in it. Sent to virus trap for verification. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 1:34 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New, fast-spreading virus FYI, there is a new fast-spreading virus out there, that is too new to be caught by AV programs yet. So far we have seen filenames of body, data, document, file, glszfj, message, readme, test, text, vgsu042a, and vncexdl, with extensions of .pif, .scr, .zip. It may be a wise idea to temporarily ban .pif and .scr files (and possibly .zip as well), if you do not already. You can use BANEXT PIF and BANEXT SCR in the virus.cfg file to do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New, fast-spreading virus
I've trapped three of these in the last half hour (we always ban SCR and PIF files). I've seen three different subjects (it must be a Bagel variant): Hi Hello MAIL DELIVERY SYSTEM The bodies all have that one line in them that you quoted. The only other notable sign that I can see is a Message ID that uses MMDDhhmm and then three numbers, i.e.: Message-Id: [EMAIL PROTECTED] ID is also uses the wrong capitalization, but I don't think we can filter for that. Matt Andy Schmidt wrote: Hm - just got this mail with an attached README.ZIP (which I didn't open): From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, January 26, 2004 04:32 PM Subject: The message contains Unicode characters and has been sent as a binary attachment. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 04:34 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New, fast-spreading virus FYI, there is a new fast-spreading virus out there, that is too new to be caught by AV programs yet. So far we have seen filenames of body, data, document, file, glszfj, message, readme, test, text, vgsu042a, and vncexdl, with extensions of .pif, .scr, .zip. It may be a wise idea to temporarily ban .pif and .scr files (and possibly .zip as well), if you do not already. You can use BANEXT PIF and BANEXT SCR in the virus.cfg file to do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New, fast-spreading virus: MyDoom
F-prot just had an update too, waiting to see if we catch any. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 2:06 PM Subject: RE: [Declude.Virus] New, fast-spreading virus: MyDoom Hi, I just got my hourly update - it's now detected by McAfee as: w32/[EMAIL PROTECTED] Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, January 26, 2004 05:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New, fast-spreading virus This is going to be a bad one. The file I got was fssgf.zip with a fssgf.scr inside of it. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, January 26, 2004 1:46 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New, fast-spreading virus Yep - just gone one. The readme.zip contains a readme.scr screen saver. No doubt a virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 04:34 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New, fast-spreading virus FYI, there is a new fast-spreading virus out there, that is too new to be caught by AV programs yet. So far we have seen filenames of body, data, document, file, glszfj, message, readme, test, text, vgsu042a, and vncexdl, with extensions of .pif, .scr, .zip. It may be a wise idea to temporarily ban .pif and .scr files (and possibly .zip as well), if you do not already. You can use BANEXT PIF and BANEXT SCR in the virus.cfg file to do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New, fast-spreading virus
Well, that's a good sign then that JunkMail will at least add a few points to it. If I'm correct, that error also causes BADHEADERS to trip as well, and if you have LOSSENSPAMHEADERS ON, it will skip this test. These messages will also fail CMDSPACE. Matt R. Scott Perry wrote: The bodies all have that one line in them that you quoted. The only other notable sign that I can see is a Message ID that uses MMDDhhmm and then three numbers, i.e.: Message-Id: [EMAIL PROTECTED] Actually, that's an IMail Message-ID: header -- it's coming in with no Message-ID: header (triggering SPAMHEADERS in Declude JunkMail), and IMail is then adding the header. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New, fast-spreading virus: MyDoom
So much for the latest update from F-Prot, it does not pick up the new virus, I just received one a few seconds ago, failed spam headers but made it right through virus. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] BANNAME in virus.cfg
Does the BANNAME entry in virus.cfg support a comment on the end of the line? We are banning a number of specific filenames due to specific virus threats and I would like to put the virus name next to the BANNAME entry. Thanks, Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New, fast-spreading virus: MyDoom
F-Prot just released new Definitions that pick up W32/[EMAIL PROTECTED] as well. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 2:06 PM Subject: RE: [Declude.Virus] New, fast-spreading virus: MyDoom Hi, I just got my hourly update - it's now detected by McAfee as: w32/[EMAIL PROTECTED] Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, January 26, 2004 05:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New, fast-spreading virus This is going to be a bad one. The file I got was fssgf.zip with a fssgf.scr inside of it. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, January 26, 2004 1:46 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New, fast-spreading virus Yep - just gone one. The readme.zip contains a readme.scr screen saver. No doubt a virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 04:34 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New, fast-spreading virus FYI, there is a new fast-spreading virus out there, that is too new to be caught by AV programs yet. So far we have seen filenames of body, data, document, file, glszfj, message, readme, test, text, vgsu042a, and vncexdl, with extensions of .pif, .scr, .zip. It may be a wise idea to temporarily ban .pif and .scr files (and possibly .zip as well), if you do not already. You can use BANEXT PIF and BANEXT SCR in the virus.cfg file to do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New, fast-spreading virus: MyDoom
This brings up one additional thought for blocking this sort of virus in the future, would there be anyway to have declude be able to detect that a zip file includes a .scr file inside and block it when you use the :banext scr option in the virus.cfg file? Is this possible, perhaps in a future release? Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: Jim Matuska [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 2:33 PM Subject: Re: [Declude.Virus] New, fast-spreading virus: MyDoom F-Prot just released new Definitions that pick up W32/[EMAIL PROTECTED] as well. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 2:06 PM Subject: RE: [Declude.Virus] New, fast-spreading virus: MyDoom Hi, I just got my hourly update - it's now detected by McAfee as: w32/[EMAIL PROTECTED] Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, January 26, 2004 05:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New, fast-spreading virus This is going to be a bad one. The file I got was fssgf.zip with a fssgf.scr inside of it. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, January 26, 2004 1:46 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New, fast-spreading virus Yep - just gone one. The readme.zip contains a readme.scr screen saver. No doubt a virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 04:34 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New, fast-spreading virus FYI, there is a new fast-spreading virus out there, that is too new to be caught by AV programs yet. So far we have seen filenames of body, data, document, file, glszfj, message, readme, test, text, vgsu042a, and vncexdl, with extensions of .pif, .scr, .zip. It may be a wise idea to temporarily ban .pif and .scr files (and possibly .zip as well), if you do not already. You can use BANEXT PIF and BANEXT SCR in the virus.cfg file to do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New, fast-spreading virus: MyDoom
We have been stopping them since about 2:30 CST. F-Prot updates 4 times daily. Jim Nitterauer President Creative Data Concepts Limited, Inc. 3 W. Garden Street Suite 326 Pensacola, FL 32502 http://www.creativedata.net 850-434-7645 800-607-6168 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Matuska Sent: Monday, January 26, 2004 4:34 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] New, fast-spreading virus: MyDoom F-Prot just released new Definitions that pick up W32/[EMAIL PROTECTED] as well. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 2:06 PM Subject: RE: [Declude.Virus] New, fast-spreading virus: MyDoom Hi, I just got my hourly update - it's now detected by McAfee as: w32/[EMAIL PROTECTED] Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, January 26, 2004 05:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New, fast-spreading virus This is going to be a bad one. The file I got was fssgf.zip with a fssgf.scr inside of it. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, January 26, 2004 1:46 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New, fast-spreading virus Yep - just gone one. The readme.zip contains a readme.scr screen saver. No doubt a virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 04:34 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New, fast-spreading virus FYI, there is a new fast-spreading virus out there, that is too new to be caught by AV programs yet. So far we have seen filenames of body, data, document, file, glszfj, message, readme, test, text, vgsu042a, and vncexdl, with extensions of .pif, .scr, .zip. It may be a wise idea to temporarily ban .pif and .scr files (and possibly .zip as well), if you do not already. You can use BANEXT PIF and BANEXT SCR in the virus.cfg file to do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. - [This E-mail scanned for viruses courtesy of Creative Data Concepts http://www.creativedata.net] - [This E-mail scanned for viruses courtesy of Creative Data Concepts http://www.creativedata.net] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New, fast-spreading virus
Well, that's a good sign then that JunkMail will at least add a few points to it. If I'm correct, that error also causes BADHEADERS to trip as well... No (this is important). If an E-mail has headers that are [1] common in spam, and [2] rare in legitimate E-mail, it will fail either the SPAMHEADERS *or* BADHEADERS test. If the headers are legal, it fails the SPAMHEADERS test; otherwise, it fails the BADHEADERS test. An E-mail will only fail both if there are 2 or more problems (one legal, one not). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANNAME in virus.cfg
Thanks. That will work just fine. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] BANNAME in virus.cfg Does the BANNAME entry in virus.cfg support a comment on the end of the line? No. We are banning a number of specific filenames due to specific virus threats and I would like to put the virus name next to the BANNAME entry. In this case, I would recommend adding a comment line before it, such as: # blah.exe is banned because... BANNAME blah.exe -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANNAME in virus.cfg
Does the BANNAME entry in virus.cfg support a comment on the end of the line? No. We are banning a number of specific filenames due to specific virus threats and I would like to put the virus name next to the BANNAME entry. In this case, I would recommend adding a comment line before it, such as: # blah.exe is banned because... BANNAME blah.exe -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New, fast-spreading virus
I forgot that this was due to a combination of issues that can occurr when IMail inserts a header if it receives a message with an IP for the HELO and replied as if that was always the case. You've been through this before with me, and I do understand. Thanks, Matt R. Scott Perry wrote: Well, that's a good sign then that JunkMail will at least add a few points to it. If I'm correct, that error also causes BADHEADERS to trip as well... No (this is important). If an E-mail has headers that are [1] common in spam, and [2] rare in legitimate E-mail, it will fail either the SPAMHEADERS *or* BADHEADERS test. If the headers are legal, it fails the SPAMHEADERS test; otherwise, it fails the BADHEADERS test. An E-mail will only fail both if there are 2 or more problems (one legal, one not). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] MyDoom and Mcafee
F-Prot Windows, was never able to resolve this so we disabled until today since we're not catching mydoom with mcafee PV - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 7:12 PM Subject: RE: [Declude.Virus] MyDoom and Mcafee Are you using F-Prot DOS, or Windows? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mailing Lists Sent: Monday, January 26, 2004 4:08 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] MyDoom and Mcafee Anyone using Mcafee catching Mydoom? We're running declude with Mcafee and is not catching new virus. Adding F-Prot as second scanner now catches it but we're having other unrelated BSOD issues with F-PROT. Any suggestions? Peter --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] HELP! Problem with Declude
There I was today adding some new BANNAME's to the virus.cfg file when I notice .vir directories starting to stack up... Running declude 1.76i14 Is there any help out there? Yes -- run the latest release, latest beta, or latest interim release. Any of the above should fix your problem. :) That is one of the dangers of running an old interim release. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New, fast-spreading virus: MyDoom
Just MyDoom. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Monday, January 26, 2004 4:22 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New, fast-spreading virus: MyDoom John, Did you add: Mydoom or Mydoom.A or the full W32/[EMAIL PROTECTED] to your SKIP... Keith -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Mon 1/26/2004 6:32 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.Virus] New, fast-spreading virus: MyDoom I have now added this to the list of forging viruses in the virus.cfg and added SKIPIFVIRUSNAMEHAS in the recip.eml file. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, January 26, 2004 3:19 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New, fast-spreading virus: MyDoom Confirmed here that F-Prot is now catching. 01/26/2004 15:16:56 Q9fe7039901d8f7c9 MIME file: readme.scr [base64; Length=22528 Checksum=2535504] 01/26/2004 15:16:56 Q9fe7039901d8f7c9 Banning file with scr extension [application/octet-stream]. 01/26/2004 15:16:56 Q9fe7039901d8f7c9 Scanner 1: Virus=: W32/[EMAIL PROTECTED] Attachment=readme.scr [11] O 01/26/2004 15:16:56 Q9fe7039901d8f7c9 File(s) are INFECTED [: W32/[EMAIL PROTECTED]: 3] 01/26/2004 15:16:57 Q9fe7039901d8f7c9 Scanned: CONTAINS A VIRUS [MIME: 2 22775] 01/26/2004 15:16:57 Q9fe7039901d8f7c9 From: x To: yy[outgoing from 12.124.150.50] 01/26/2004 15:16:57 Q9fe7039901d8f7c9 Subject: TEST John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, January 26, 2004 2:57 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New, fast-spreading virus: MyDoom Hi, would there be anyway to have declude be able to detect that a zip file includes a .scr file inside and block it when you use the :banext scr option in the virus.cfg file? Well - this warrants further disucssions. So far, we have been instructing/educating users that they SHOULD zip their SCR EXE and other banned file extensions into ZIP files. If we now ban ZIP files because they contain the very files that we told customers to ZIP, then we have customers in a catch-22. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. attachment: winmail.dat
RE: [Declude.Virus] New, fast-spreading virus: MyDoom
You know, for how fast spreading this appears to be, I am wondering if it is not being propagated by all those zombies out there. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New, fast-spreading virus: MyDoom
My F-Prot caught one already. Make sure you have the 1/26 application defs and not just the macro defs. When I updated earlier I only got 1/26 macro virus defs. Then I got the application defs when I tried a little later -- Joshua Levitsky, MCSE, CISSP System Engineer Time Inc. Information Technology [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] - Original Message - From: Jim Matuska [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 5:18 PM Subject: Re: [Declude.Virus] New, fast-spreading virus: MyDoom So much for the latest update from F-Prot, it does not pick up the new virus, I just received one a few seconds ago, failed spam headers but made it right through virus. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Good Scanners
Charles, I am a big fan of F-Prot for scanning email on my server. I have been very happy with it and it is very cheap. (I would not simply have gone with it for cheapness but it is a plus once you've decided you like it.) -Josh -- Joshua Levitsky, MCSE, CISSP System Engineer Time Inc. Information Technology [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] - Original Message - From: Charles Frolick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 6:53 PM Subject: [Declude.Virus] Good Scanners I just purchased Virus to add to my server. I have been using F-Prot to scan, but I want to add additional scanners (I bought Pro). Just looking for feedback on quality and price, I don't want to buy a corporate suite just to run AV on the mail server (we only have 3 workstations, and run Norton at the other Windows servers). Thanks, Chuck Frolick ArgoLink.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] HELP! Problem with Declude
About 40K, but Scott's suggestion about updating the exe seems to have worked...I just don't know what happened. Iguess I should not 'play' so much. Thanks anyways John, I hope its fixed. Robert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, January 26, 2004 7:33 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] HELP! Problem with Declude What is your normal volume? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Robert Forsyth Sent: Monday, January 26, 2004 4:22 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] HELP! Problem with Declude There I was today adding some new BANNAME's to the virus.cfg file when I notice .vir directories starting to stack up... I removed the entries from the cfg file and update the defs on F-Prot (dos version...and I know I need the Windows version) All of the sudden, I'm getting 12-14 declude processes, tons of .vir directories and the overflow directoy starts to fill up. No email is being processed. I put the log file into debug mode, but it does not help because the log file stops updating too. Its only when I defeat the virus calls by putting in a bogus CODE in the virus.cfg file does the overflow go down but the .vir directories do not go away. All I did today is update the virus defs in hopes to get ahead of the new virus, but now my server is messed up with no clues on what is happening. Running declude 1.76i14 Is there any help out there? Thanks Robert --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New, fast-spreading virus: MyDoom
ROFLOL!! Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 26, 2004 5:19 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] New, fast-spreading virus: MyDoom You mean as opposed to being propagated by lonely housewives? :) John Tolmachoff (Lists) wrote: You know, for how fast spreading this appears to be, I am wondering if it is not being propagated by all those zombies out there. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MyDoom and Mcafee
Title: Message Yes, since 5 PM. They do have an "extra.dat" - or just get the "dailydats" which are updated many times daily. Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mailing ListsSent: Monday, January 26, 2004 07:08 PMTo: [EMAIL PROTECTED]Subject: [Declude.Virus] MyDoom and Mcafee Anyone using Mcafee catching Mydoom? We're running decludewith Mcafee and is not catching new virus. Adding F-Prot as second scanner now catches it but we're having other unrelated BSOD issues with F-PROT. Any suggestions? Peter
RE: [Declude.Virus] Incredible.. W32/Mydoom.A@mm
Title: Message Have you told your scanner to scan inside zip files? Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami RazvanSent: Monday, January 26, 2004 06:27 PMTo: [EMAIL PROTECTED]Subject: [Declude.Virus] Incredible.. W32/[EMAIL PROTECTED] Hi; We have 3 virus scanners and yet... this one came right through.. A zip file named Doc.zip and inside it a file: doc.doc .pif the only reason I picked up peculiarity of the file was inside the zip window the icon was that of a program and not a Word document. We have auto-update every 4 hours and after receipt of this I manually updated the scanners and emailed this back to myself and it got caught.. who knows how many has gone through.. Regards, Kami
[Declude.Virus] BANEXT
Thanks to all for the quick notification of the new virus. We seemed to have escaped any harm. We immediately put BANEXT zip into our virus.cfg file, and that seemed to be a good thing. Now I'm thinking about lowering our protection back to where it was. Is it possible, with Virus Standard, and/or Junkmail Pro, to ban by extension for just some users? Or, better yet, conversely ban an extension for all user EXCEPT certain power users? Inquring minds want to know. Thanks in advance Rob www.iGive.com Turn your online shopping into cash for your charity. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT
Geeze.. So you want the virus to only effect certain users? ~Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Monday, January 26, 2004 9:19 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] BANEXT Thanks to all for the quick notification of the new virus. We seemed to have escaped any harm. We immediately put BANEXT zip into our virus.cfg file, and that seemed to be a good thing. Now I'm thinking about lowering our protection back to where it was. Is it possible, with Virus Standard, and/or Junkmail Pro, to ban by extension for just some users? Or, better yet, conversely ban an extension for all user EXCEPT certain power users? Inquring minds want to know. Thanks in advance Rob www.iGive.com Turn your online shopping into cash for your charity. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Imail and Spyware Protection
Recently, I read an article about spyware. Does Declude or Imail address this issue with their product(s)? A quote from an article states: Network Associates will become the latest security software maker to address the growing problem of stealth surveillance software known as spyware. How do you know if spyware is on a PC? Does Declude or Imail identify and remove sneakly applications such as these? Here is the full article: MCAFEE ADDS SPYWARE PROTECTION Software will identify and remove sneaky applications. http://www.pcworld.com/news/article/0,aid,114421,tk,dn012304X,00.asp Thanks and I look forward to any responses. Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Alert! - fraudulent e-mail - FBI and FDIC
Title: Message Hello. Has anyone heard about the fraudulent email claiming to be from the FDIC? Below is a snippet from the FBI on this new threat. Has anyone seen this before or recently? What actions did you take as messaging administrators to rectify this? Upon investigation I have learned that the FBI and the FDIC have received a number of complaints about this e-mail scam and are investigating it. The scam is based in Korea so there is little that can be done except to be aware of it and let friends and family members know. The following link http://www.fdic.gov/news/news/press/2004/pr0604.html will take you to the real FDIC site where you can read the joint press release from the FBI and FDIC. Thanks everyone, Samantha