Re: [Declude.Virus] Virus report and log entry question
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] This is indeed due to an issue with Declude Virus -- it will be fixed in the next interim release. Scott, I upgraded to Declude v1.77i26 and that took care of the file name issue - thanks! However, I am now noticing that about 1 in 10 postmaster messages is displaying virus in Unknown File, even though most times the file name is correctly identified in the virus log (see attachment). Not that big a deal, just an FYI... Bill Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in Unknown File from [Forged] to: [removed] Date: 02/01/2004 09:26:43 Subject:Mail System Error - Returned Mail Spool File: D36d2853b009e5f08.SMD 02/01/2004 09:26:43 Q36d2853b009e5f08 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=doc.zip [13] O 02/01/2004 09:26:43 Q36d2853b009e5f08 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D36D28~1.VIR\1.zip,(doc.scr) Attachment= [13] O 02/01/2004 09:26:43 Q36d2853b009e5f08 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/01/2004 09:26:43 Q36d2853b009e5f08 Scanned: CONTAINS A VIRUS [MIME: 4 25840] 02/01/2004 09:26:43 Q36d2853b009e5f08 From: [Forged] To: [removed] [outgoing from 204.189.38.4] 02/01/2004 09:26:43 Q36d2853b009e5f08 Subject: Mail System Error - Returned Mail === Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in Unknown File from [Forged] to: [removed] Date: 02/01/2004 09:32:06 Subject:Delivery Status Notification (Failure) Spool File: D3816855d009e4e46.SMD 02/01/2004 09:32:06 Q3816855d009e4e46 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=body.zip [13] O 02/01/2004 09:32:06 Q3816855d009e4e46 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D38168~1.VIR\1.zip,(body.txt 02/01/2004 09:32:06 Q3816855d009e4e46 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/01/2004 09:32:06 Q3816855d009e4e46 Scanned: CONTAINS A VIRUS [MIME: 4 25206] 02/01/2004 09:32:06 Q3816855d009e4e46 From: [Forged] To: [removed] [outgoing from 204.189.38.4] 02/01/2004 09:32:06 Q3816855d009e4e46 Subject: Delivery Status Notification (Failure) === Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in Unknown File from [Forged] to: [removed] Date: 02/01/2004 09:37:06 Subject:failure notice Spool File: D394063ce005add44.SMD 02/01/2004 09:37:05 Q394063ce005add44 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment= [13] O 02/01/2004 09:37:06 Q394063ce005add44 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D39406~1.VIR\0,(document.htm 02/01/2004 09:37:06 Q394063ce005add44 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/01/2004 09:37:06 Q394063ce005add44 Scanned: CONTAINS A VIRUS 02/01/2004 09:37:06 Q394063ce005add44 From: [Forged] To: [removed] [outgoing from 204.189.38.4] 02/01/2004 09:37:06 Q394063ce005add44 Subject: failure notice === Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in Unknown File from [Forged] to: [removed] Date: 02/01/2004 09:44:28 Subject:Delivery Status Notification (Failure) Spool File: D3af9338a00289760.SMD 02/01/2004 09:44:27 Q3af9338a00289760 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=file.pif [13] O 02/01/2004 09:44:28 Q3af9338a00289760 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D3AF93~1.VIR\1.pif Attachment= [13] O 02/01/2004 09:44:28 Q3af9338a00289760 Found a bogus .pif file 02/01/2004 09:44:28 Q3af9338a00289760 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/01/2004 09:44:28 Q3af9338a00289760 Scanned: CONTAINS A VIRUS [MIME: 4 2] 02/01/2004 09:44:28 Q3af9338a00289760 From: [Forged] To: [removed] [outgoing from 204.189.38.3] 02/01/2004 09:44:28 Q3af9338a00289760 Subject: Delivery Status Notification (Failure) === Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in Unknown File from [Forged] to: [removed] Date: 02/01/2004 09:45:46 Subject:Returned mail: see transcript for details Spool File: D3b499bcf0082ceb7.SMD 02/01/2004 09:45:45 Q3b499bcf0082ceb7 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=doc.zip [13] O 02/01/2004 09:45:46 Q3b499bcf0082ceb7 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D3B499~1.VIR\1.zip,(doc.htm 02/01/2004 09:45:46 Q3b499bcf0082ceb7 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/01/2004 09:45:46 Q3b499bcf0082ceb7 Scanned: CONTAINS A VIRUS [MIME: 4 24197] 02/01/2004 09:45:46 Q3b499bcf0082ceb7 From: [Forged] To: [removed] [outgoing from 204.189.38.3] 02/01/2004 09:45:46 Q3b499bcf0082ceb7 Subject: Returned mail: see transcript for details === Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in Unknown File from [Forged] to: [removed] Date: 02/01/2004 09:51:31 Subject:Delivery Status Notification (Failure) Spool File: D3ca335a6002e14ff.SMD 02/01/2004 09:51:31 Q3ca335a6002e14ff Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=readme.zip [13] O 02/01/2004 09:51:31
Re: [Declude.Virus] log file analyzer
Hi Andy, Not sure if you got a reply...but you need to set Declude Virus LogLevel to MID. It's in the Readme.txt. I did the same thing...ran the utility before looking at the doc... Darin. - Original Message - From: andyb To: [EMAIL PROTECTED] Sent: Friday, January 30, 2004 11:13 PM Subject: Fw: [Declude.Virus] log file analyzer Hi everyone, Scott, anybody, does the log file analyzer work? Am I chasing my tail here? Is there a log file analyzer out there that IS working? If so can someone point the way? I've looked in the archives and haven't found anything. This the 3rd post, and haven't even gotten a grunt from anyone yet Thanks, Andy - Original Message - From: andyb To: [EMAIL PROTECTED] Sent: Friday, January 30, 2004 5:12 PM Subject: [Declude.Virus] log file analyzer HI, The log file analyzer 3.0 is counting the carriage return vulnerablity, but not the virus. There are hundreds of virus in log files. It also appears that the .txt file is properly formed (no garbage, it is just saying there are - 0 - virus found) I'm using declude 1.77. I've tried installing the analyzer on4 different computers, 3 different operating systems so it appears that there may be an issue with the log files,not with the analyzer. There is nothing about this in the archives that I could find. What does the log analyzer need to have in the logs to count the virus? Guidance please. thanks, Andy Thumpernet
Re: [Declude.Virus] BANEXT
Good list, John. Thanks for sharing. Darin. - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 28, 2004 3:55 PM Subject: RE: [Declude.Virus] BANEXT What are the recommended extensions to BAN? http://www.eservicesforyou.com/documents/emailattachments.pdf How do you handle it if someone needs to send a file through...sometimes there will be legitimate files that need to be send through. I tell them to zip it. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT
That was a great list. I have the following extensions blocked as well: BANEXT data BANEXT link BANEXT unk BANEXT uue I wish I remember why - but I imagine it won't hurt... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Sunday, February 01, 2004 9:23 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] BANEXT Good list, John. Thanks for sharing. Darin. - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 28, 2004 3:55 PM Subject: RE: [Declude.Virus] BANEXT What are the recommended extensions to BAN? http://www.eservicesforyou.com/documents/emailattachments.pdf How do you handle it if someone needs to send a file through...sometimes there will be legitimate files that need to be send through. I tell them to zip it. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.