RE: [Declude.Virus] New Virus Alert mailing list for urgent virus information
> For those of us who are not full time postmasters, we may spend days, > sometime more than a couple of weeks without reading these lists. > and when we come back, we usualy do not have the time to catch up > so an emergency junkmail list would be welcomed, not necessarly to route to > sms/pager, but at least to regular email address The war on spam, being what it is, and with the amount of information on the JunkMail list, it would be prudent to monitor it on at least a twice weekly basis. I am not a full time postmaster. My main job and source of income is Network and System Support for clients. I am heavily involved in Imail solely do to the fact that I hate viruses and spam, and therefore must be prudent to keep up with things to maintain an effective server, for my own benefit and for that of my hosting service clients. Don't get me wrong, every one's situation is different. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New Virus Alert mailing list for urgent virus information
For those of us who are not full time postmasters, we may spend days, sometime more than a couple of weeks without reading these lists. and when we come back, we usualy do not have the time to catch up so an emergency junkmail list would be welcomed, not necessarly to route to sms/pager, but at least to regular email adress - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 27, 2004 12:50 AM Subject: RE: [Declude.Virus] New Virus Alert mailing list for urgent virus information > > we need a similar emergency list for spam tests going down, requiring > > changes in Global.cfg > > Not really, as those (in the past) have not occurred so rapidly that a > problem occurred. There is almost always a few days notice and is discussed > on the JunkMail list. > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus Alert mailing list for urgent virus information
> we need a similar emergency list for spam tests going down, requiring > changes in Global.cfg Not really, as those (in the past) have not occurred so rapidly that a problem occurred. There is almost always a few days notice and is discussed on the JunkMail list. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New Virus Alert mailing list for urgent virus information
we need a similar emergency list for spam tests going down, requiring changes in global.cfg - Original Message - From: "Dale McDiarmid" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 26, 2004 10:37 PM Subject: Re: [Declude.Virus] New Virus Alert mailing list for urgent virus information > > Excellent idea. Thank you very much. > > D. > > > At 01:29 PM 3/26/2004, you wrote: > >FYI, at the request of our customers, we have just set a new mailing list > >called "Virus Alert". The list is designed to let our customers know as > >soon as we find out about new, fast-spreading viruses. The goal is to > >help you be as protected as possible before virus definitions are updated. > > > >Unlike virus alert lists from AV companies, the only posts to this list > >will be ones that are urgent in nature (some people will be having this > >list forward to cell phones and pagers). We expect that this list will > >have perhaps several posts per month (as opposed to the several posts per > >day on most AV alert lists). > > > >We expect that when a new, fast-spreading virus appears, there will be > >several posts to this list. The first will be to inform that we believe a > >new, fast-spreading virus has been released. This will be posted as soon > >as we believe this to be the case. Then, if we discover information that > >can be used to block the virus before virus definitions are updated, we > >will post that. Finally, if an interim release of Declude Virus is > >required to catch the virus for some reason, we will post when that is ready. > > > >E-mails from this list will have "[Virus Alert]" in the subject. > > > >Note that this is a moderated list. > > -Scott > > > >--- > >[This E-mail was scanned for viruses by Declude Virus > >(http://www.declude.com)] > > > >--- > >This E-mail came from the Declude.Virus mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.Virus".The archives can be found > >at http://www.mail-archive.com. > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New Virus Alert mailing list for urgent virus information
Excellent idea. Thank you very much. D. At 01:29 PM 3/26/2004, you wrote: FYI, at the request of our customers, we have just set a new mailing list called "Virus Alert". The list is designed to let our customers know as soon as we find out about new, fast-spreading viruses. The goal is to help you be as protected as possible before virus definitions are updated. Unlike virus alert lists from AV companies, the only posts to this list will be ones that are urgent in nature (some people will be having this list forward to cell phones and pagers). We expect that this list will have perhaps several posts per month (as opposed to the several posts per day on most AV alert lists). We expect that when a new, fast-spreading virus appears, there will be several posts to this list. The first will be to inform that we believe a new, fast-spreading virus has been released. This will be posted as soon as we believe this to be the case. Then, if we discover information that can be used to block the virus before virus definitions are updated, we will post that. Finally, if an interim release of Declude Virus is required to catch the virus for some reason, we will post when that is ready. E-mails from this list will have "[Virus Alert]" in the subject. Note that this is a moderated list. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New Virus Alert mailing list for urgent virus information
We set up emergency support aliases for exactly this purpose. They send to phones/pagers and copy standard support aliases. So you could create one and subscribe to the virus alert list with it. Darin. - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 26, 2004 4:42 PM Subject: RE: [Declude.Virus] New Virus Alert mailing list for urgent virus information > > BUT, that will not work for everything, such as a alpha/numeric pager or a > > cell phone which only had SMS on it, not e-mail. > > > > John Tolmachoff > > Engineer/Consultant/Owner > > eServices For You > > Most cell phone services provide an email address for sending SMS messages > to your phone. AT&T for example uses @mobile.att.net. > > I've simply set up a rule in my mailer to automatically forward messages > with "[Virus Alert]" in the Subject: to my phone, so it should appear in > both my inbox and on my phone. Yes, that is called the SMS address. However, in the event of something important, direct e-mail, rather than relying on a Imail Rule, is preferred. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Tim Northrup > Sent: Friday, March 26, 2004 1:23 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] New Virus Alert mailing list for urgent virus information > > > > You can send an E-mail to [EMAIL PROTECTED] with "subscribe > > virusalert > > > Your Name" in the body of the E-mail. > > > > -- Tim > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus Alert mailing list for urgent virus information
> > BUT, that will not work for everything, such as a alpha/numeric pager or a > > cell phone which only had SMS on it, not e-mail. > > > > John Tolmachoff > > Engineer/Consultant/Owner > > eServices For You > > Most cell phone services provide an email address for sending SMS messages > to your phone. AT&T for example uses @mobile.att.net. > > I've simply set up a rule in my mailer to automatically forward messages > with "[Virus Alert]" in the Subject: to my phone, so it should appear in > both my inbox and on my phone. Yes, that is called the SMS address. However, in the event of something important, direct e-mail, rather than relying on a Imail Rule, is preferred. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Tim Northrup > Sent: Friday, March 26, 2004 1:23 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] New Virus Alert mailing list for urgent virus information > > > > You can send an E-mail to [EMAIL PROTECTED] with "subscribe > > virusalert > > > Your Name" in the body of the E-mail. > > > > -- Tim > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus Alert mailing list for urgent virus information
> > You can send an E-mail to [EMAIL PROTECTED] with "subscribe > virusalert > > Your Name" in the body of the E-mail. > > BUT, that will not work for everything, such as a alpha/numeric pager or a > cell phone which only had SMS on it, not e-mail. > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You Most cell phone services provide an email address for sending SMS messages to your phone. AT&T for example uses @mobile.att.net. I've simply set up a rule in my mailer to automatically forward messages with "[Virus Alert]" in the Subject: to my phone, so it should appear in both my inbox and on my phone. -- Tim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus Alert mailing list for urgent virus information
> You can send an E-mail to [EMAIL PROTECTED] with "subscribe virusalert > Your Name" in the body of the E-mail. BUT, that will not work for everything, such as a alpha/numeric pager or a cell phone which only had SMS on it, not e-mail. In that case, you can just E-mail me the address you want added to the list, and I'll take care of it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus Alert mailing list for urgent virus information
> You can send an E-mail to [EMAIL PROTECTED] with "subscribe virusalert > Your Name" in the body of the E-mail. BUT, that will not work for everything, such as a alpha/numeric pager or a cell phone which only had SMS on it, not e-mail. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus Alert mailing list for urgent virus information
Thanks. Oh, how does one sign up on this list? John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of R. Scott Perry > Sent: Friday, March 26, 2004 12:29 PM > To: [EMAIL PROTECTED] > Subject: [Declude.Virus] New Virus Alert mailing list for urgent virus information > > FYI, at the request of our customers, we have just set a new mailing list > called "Virus Alert". The list is designed to let our customers know as > soon as we find out about new, fast-spreading viruses. The goal is to help > you be as protected as possible before virus definitions are updated. > > Unlike virus alert lists from AV companies, the only posts to this list > will be ones that are urgent in nature (some people will be having this > list forward to cell phones and pagers). We expect that this list will > have perhaps several posts per month (as opposed to the several posts per > day on most AV alert lists). > > We expect that when a new, fast-spreading virus appears, there will be > several posts to this list. The first will be to inform that we believe a > new, fast-spreading virus has been released. This will be posted as soon > as we believe this to be the case. Then, if we discover information that > can be used to block the virus before virus definitions are updated, we > will post that. Finally, if an interim release of Declude Virus is > required to catch the virus for some reason, we will post when that is ready. > > E-mails from this list will have "[Virus Alert]" in the subject. > > Note that this is a moderated list. > -Scott > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New Virus Alert mailing list for urgent virus information
Sounds good. Now the question of the day is...how do we subscribe? Oops. :) You can send an E-mail to [EMAIL PROTECTED] with "subscribe virusalert Your Name" in the body of the E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New Virus Alert mailing list for urgent virus information
Sounds good. Now the question of the day is...how do we subscribe? Darin. - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 26, 2004 3:29 PM Subject: [Declude.Virus] New Virus Alert mailing list for urgent virus information FYI, at the request of our customers, we have just set a new mailing list called "Virus Alert". The list is designed to let our customers know as soon as we find out about new, fast-spreading viruses. The goal is to help you be as protected as possible before virus definitions are updated. Unlike virus alert lists from AV companies, the only posts to this list will be ones that are urgent in nature (some people will be having this list forward to cell phones and pagers). We expect that this list will have perhaps several posts per month (as opposed to the several posts per day on most AV alert lists). We expect that when a new, fast-spreading virus appears, there will be several posts to this list. The first will be to inform that we believe a new, fast-spreading virus has been released. This will be posted as soon as we believe this to be the case. Then, if we discover information that can be used to block the virus before virus definitions are updated, we will post that. Finally, if an interim release of Declude Virus is required to catch the virus for some reason, we will post when that is ready. E-mails from this list will have "[Virus Alert]" in the subject. Note that this is a moderated list. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] New Virus Alert mailing list for urgent virus information
FYI, at the request of our customers, we have just set a new mailing list called "Virus Alert". The list is designed to let our customers know as soon as we find out about new, fast-spreading viruses. The goal is to help you be as protected as possible before virus definitions are updated. Unlike virus alert lists from AV companies, the only posts to this list will be ones that are urgent in nature (some people will be having this list forward to cell phones and pagers). We expect that this list will have perhaps several posts per month (as opposed to the several posts per day on most AV alert lists). We expect that when a new, fast-spreading virus appears, there will be several posts to this list. The first will be to inform that we believe a new, fast-spreading virus has been released. This will be posted as soon as we believe this to be the case. Then, if we discover information that can be used to block the virus before virus definitions are updated, we will post that. Finally, if an interim release of Declude Virus is required to catch the virus for some reason, we will post when that is ready. E-mails from this list will have "[Virus Alert]" in the subject. Note that this is a moderated list. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
I was just thinking, is there a way instead of having BANEXT, to allowed EXT? We want to cut down on employees bypassing the filters by renaming an attachment Maybe if it isn't in the list it is held for review Will this stop blah.txt.exe files though if we wanted .txt's to get through Jay - Original Message - From: "Jay Calvert" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 26, 2004 10:58 AM Subject: Re: [Declude.Virus] BANEXT EXE > But if this is the case, how will a file be caught if somebody renames a > .zip to a .zio? > > Will declude know the difference. Would be wonderful if it did! > > Jay > - Original Message - > From: "R. Scott Perry" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, March 26, 2004 10:50 AM > Subject: Re: [Declude.Virus] BANEXT EXE > > > > > > >Hi all we just had a case where an email was banned because Declude said > it > > >had an exe in the email, when it only had a TXT. > > > > > >What happened here? > > > > The problem here is that the mail client (a program whose name is as poor > > as its MIME handling: "Mail A.01.77") is giving out 2 different names for > > the file. In one location, it calls the file "EPM11002.FILES.CANJET", in > > the other location it calls it "EPM11002.TXT". While Declude Virus knows > > that a TXT file is safe, it doesn't know that a CANJET file is not > > safe. To ensure that the extension gets handled properly (as the worst > > possible file extension), it is treated as an .EXE file. > > > > -Scott > > --- > > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > > since 2000. > > Declude Virus: Ultra reliable virus detection and the leader in mailserver > > vulnerability detection. > > Find out what you've been missing: Ask for a free 30-day evaluation. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus".The archives can be found > > at http://www.mail-archive.com. > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > > > > --- > [This E-mail scanned for viruses by Declude Virus] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
> The problem here is that the mail client (a program whose name is as poor > as its MIME handling: "Mail A.01.77") is giving out 2 different names for > the file. In one location, it calls the file "EPM11002.FILES.CANJET", in > the other location it calls it "EPM11002.TXT". While Declude Virus knows > that a TXT file is safe, it doesn't know that a CANJET file is not > safe. To ensure that the extension gets handled properly (as the worst > possible file extension), it is treated as an .EXE file. But if this is the case, how will a file be caught if somebody renames a .zip to a .zio? Will declude know the difference. Would be wonderful if it did! That's something very different. In the case here, the mail client is calling the E-mail both "file.zip" and "file.zio" (in which case Declude Virus assumes the worst, and treats it as a .exe). In the case you are talking about, the file is named just "file.zio" (in which case it is handled as a .zio file -- and delivered, unless you block .zio files). We are considering an option to automatically detect .ZIP files, even if they are renamed, just in case future viruses try asking their victims to rename the file before extracting and running the virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
But if this is the case, how will a file be caught if somebody renames a .zip to a .zio? Will declude know the difference. Would be wonderful if it did! Jay - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 26, 2004 10:50 AM Subject: Re: [Declude.Virus] BANEXT EXE > > >Hi all we just had a case where an email was banned because Declude said it > >had an exe in the email, when it only had a TXT. > > > >What happened here? > > The problem here is that the mail client (a program whose name is as poor > as its MIME handling: "Mail A.01.77") is giving out 2 different names for > the file. In one location, it calls the file "EPM11002.FILES.CANJET", in > the other location it calls it "EPM11002.TXT". While Declude Virus knows > that a TXT file is safe, it doesn't know that a CANJET file is not > safe. To ensure that the extension gets handled properly (as the worst > possible file extension), it is treated as an .EXE file. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? The problem here is that the mail client (a program whose name is as poor as its MIME handling: "Mail A.01.77") is giving out 2 different names for the file. In one location, it calls the file "EPM11002.FILES.CANJET", in the other location it calls it "EPM11002.TXT". While Declude Virus knows that a TXT file is safe, it doesn't know that a CANJET file is not safe. To ensure that the extension gets handled properly (as the worst possible file extension), it is treated as an .EXE file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
Scott, Did you receive the second email? Jay - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 26, 2004 9:39 AM Subject: Re: [Declude.Virus] BANEXT EXE > > >I have several examples of that from last night as well, all the txt > >attachments were anti-virus generated attachments > > > >03/25/2004 19:11:00 Q751409530072c4c8 MIME file: DELETED0.TXT > >[quoted-printable; Length=113 Checksum=12852] > >03/25/2004 19:11:00 Q751409530072c4c8 Banning file deleted0.txt. > >03/25/2004 19:11:01 Q751409530072c4c8 Scanned: Banned file extension. [MIME: > >3 1052] > > > >Is there an explanation? > > Yes, there is an explanation. My guess is that the AV programs didn't > handle the MIME correctly, and said that it was an .exe file (or > .pif/.scr/whatever) in one place and a .txt file in another. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
I have several examples of that from last night as well, all the txt attachments were anti-virus generated attachments 03/25/2004 19:11:00 Q751409530072c4c8 MIME file: DELETED0.TXT [quoted-printable; Length=113 Checksum=12852] 03/25/2004 19:11:00 Q751409530072c4c8 Banning file deleted0.txt. 03/25/2004 19:11:01 Q751409530072c4c8 Scanned: Banned file extension. [MIME: 3 1052] Is there an explanation? Yes, there is an explanation. My guess is that the AV programs didn't handle the MIME correctly, and said that it was an .exe file (or .pif/.scr/whatever) in one place and a .txt file in another. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
I have several examples of that from last night as well, all the txt attachments were anti-virus generated attachments 03/25/2004 19:11:00 Q751409530072c4c8 MIME file: DELETED0.TXT [quoted-printable; Length=113 Checksum=12852] 03/25/2004 19:11:00 Q751409530072c4c8 Banning file deleted0.txt. 03/25/2004 19:11:01 Q751409530072c4c8 Scanned: Banned file extension. [MIME: 3 1052] Is there an explanation? Rick Davidson National Systems Manager North American Title Group 440-953-9346 - Office 440-953-0925 - Fax 440-487-7344 - Mobile [EMAIL PROTECTED] - - Original Message - From: "Jay Calvert" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 26, 2004 11:56 AM Subject: [Declude.Virus] BANEXT EXE > Hi all we just had a case where an email was banned because Declude said it > had an exe in the email, when it only had a TXT. > > What happened here? > > Thanks. > > --- > [This E-mail scanned for viruses by Declude Virus] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
Scott, I just sent it to you, please look for it, it came from our systems account. Jay - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 26, 2004 9:17 AM Subject: Re: [Declude.Virus] BANEXT EXE > > >Hi all we just had a case where an email was banned because Declude said it > >had an exe in the email, when it only had a TXT. > > > >What happened here? > > What happened is that either it contained an .exe file, or it had multiple > extensions (in which case Declude Virus assumes the worst, that it is an > .exe file). > > If you send me the D*.SMD file that was quarantined, I can let you know > exactly why it was blocked as an .exe file. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? What happened is that either it contained an .exe file, or it had multiple extensions (in which case Declude Virus assumes the worst, that it is an .exe file). If you send me the D*.SMD file that was quarantined, I can let you know exactly why it was blocked as an .exe file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] How to stop BANNAME notifications in BANnotify.eml
I have a problem. I just noticed that since adding the line "BANNAME DELETED0.TXT" to my Virus.cfg, my BANnotify.eml file is bouncing notifications in response to these files. I tried SKIPIFVIRUSNAMEHAS DELETED0.TXT, but that didn't work. The problem of course is that these files aren't in fact infected, and don't get trapped by the virus scanner. Is there any way to turn this off for a BANNAME? No, but we are looking into adding an option like that. > I wondering if an Declude change to give the option to ban length 0 files would be any good. We will be looking into this, too (although it might be more appropriate in Declude JunkMail, since a 0-byte file isn't going to be dangerous). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT EXE
Double check the D file. There might be more than one attachment. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Jay Calvert > Sent: Friday, March 26, 2004 8:57 AM > To: [EMAIL PROTECTED] > Subject: [Declude.Virus] BANEXT EXE > > Hi all we just had a case where an email was banned because Declude said it > had an exe in the email, when it only had a TXT. > > What happened here? > > Thanks. > > --- > [This E-mail scanned for viruses by Declude Virus] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] netsky p ?
Is there any thought about changing this? IE removing the attachment and passing the email through. That is not likely to happen soon, as it requires MIME encoding (which Declude doesn't do at all -- it only does MIME decoding). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] BANEXT EXE
Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? Thanks. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] How to stop BANNAME notifications in BANnotify.eml
I know Matt @ Mailpure has suggested this in the past. I would also like to vote for this feature in an upcoming release. Matt's original e-mail: I have a problem. I just noticed that since adding the line "BANNAME DELETED0.TXT" to my Virus.cfg, my BANnotify.eml file is bouncing notifications in response to these files. I tried SKIPIFVIRUSNAMEHAS DELETED0.TXT, but that didn't work. The problem of course is that these files aren't in fact infected, and don't get trapped by the virus scanner. Is there any way to turn this off for a BANNAME? Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Banning files by size
I was researching a pif file that got banned today and found it to be a length=0 file. I remember a discussion that the Netsky variant was generating these 0 length files. I wondering if an Declude change to give the option to ban length 0 files would be any good. While we are on the topic of banning by size, a maximum file size could be a useful tool also. When I was a McAfee WebShield user, there was this option. Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] netsky p ?
Is there any thought about changing this? IE removing the attachment and passing the email through. Or is the case I gave very rare?? IE a legitimate email with the Quarantined Attachment.txt. And if not blocked it will come through, I am aware as I do not block them. Why add "Quarantined Attachment.txt" to the list of banned names? Who cares if it gets through? It is not a virus anymore, and if it is it will be detected. Basically I am asking if anyone knows whether the percentage of the emails that have been cleaned and replaced with this ridiculous text file, viruses or just attachments that are not allowed. Thanks guys Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, March 25, 2004 9:11 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] netsky p ? >So again the question is does banname block the attachment or the email >and the attachement??? It should treat the E-mail the same way as a banned file extension, sending out the \IMail\Declude\bannotify.eml file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Bagle.U from open relays
Maybe some hard evidence this was spread by spammers At around 3:40AM to 4:00AM ET I caught over 125 Bagle.U viruses in my spam folder that catches mail held by the CBL blacklist, they were all sent through open relays like spam and were caught because the hosts they were sent through were blacklisted as spam sources... havent seen this before, suspicious if you ask me. At least they were stopped since at 6PM last night upper management mandated me to allow exe attachments through again sigh. Anyone else see this? Rick Davidson National Systems Manager North American Title Group 440-953-9346 - Office 440-953-0925 - Fax 440-487-7344 - Mobile [EMAIL PROTECTED] - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Bagle now at U
John Tolmachoff (Lists) wrote: > 5 letters left. Then we'll get W32/Bagle.aa, W32/Bagle.ab etc, like we had with Yaha. Erminio --- [This E-mail has been scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.