[Declude.Virus] Virus reports not showing virus
I am having some odd reports from Virusloganalyser lately. It no longer shows I have any viruses just Outlook Vulnerabilities.. Previously, I believe when I was running the 16 bit Fprot (now running 32 bit) it reported viruses. Here is a snippet of my logs. I also do not understand the missing files? Any ideas what is going on with my logs? I posted my config after the log snippet. Thanks much Doug 06/23/2004 00:24:11 Q05e79da60042f798 Scanned: CONTAINS A VIRUS [MIME: 2 22581] 06/23/2004 00:24:11 Q05e79da60042f798 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 203.148.249.232] 06/23/2004 00:24:11 Q05e79da60042f798 Subject: Hi 06/23/2004 00:24:30 Q05eb2fe4011e08de Could not find report file C:\IMail\spool\D05eb2fe4011e08de.vir\report.txt. 06/23/2004 00:24:30 Q05eb2fe4011e08de File(s) are INFECTED [: 3] 06/23/2004 00:24:30 Q05eb2fe4011e08de Scanned: CONTAINS A VIRUS [MIME: 2 29807] 06/23/2004 00:24:30 Q05eb2fe4011e08de From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 172.195.102.75] 06/23/2004 00:24:30 Q05eb2fe4011e08de Subject: Illegal Website 06/23/2004 00:24:48 Q060c2fe8011e891a Outlook 'MIME Header' Vulnerability: type=audio/x-wav, name=message.pif. 06/23/2004 00:24:49 Q060c2fe8011e891a Could not find report file C:\IMail\spool\D060c2fe8011e891a.vir\report.txt. 06/23/2004 00:24:49 Q060c2fe8011e891a File(s) are INFECTED [[Outlook 'MIME Header' Vulnerability]: 3] 06/23/2004 00:24:49 Q060c2fe8011e891a Scanned: CONTAINS A VIRUS [MIME: 3 29141] 06/23/2004 00:24:49 Q060c2fe8011e891a From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 203.157.253.196] 06/23/2004 00:24:49 Q060c2fe8011e891a Subject: Mail System ([EMAIL PROTECTED]) 06/23/2004 00:24:52 Q06119dae00429d6e Scanned: Virus Free [MIME: 1 1798] 06/23/2004 00:25:16 Q062b2fed011e0271 Scanned: Virus Free [MIME: 1 3621] 06/23/2004 00:25:24 Q06342ff1011e22bb Scanned: Virus Free [MIME: 1 7757] 06/23/2004 00:25:33 Q06399db400423921 Scanned: Virus Free [MIME: 1 306] 06/23/2004 00:25:57 Q06509db600429386 Could not find report file C:\IMail\spool\D06509db600429386.vir\report.txt. Config # The "" in the LOGFILE option automatically gets replaced with the month/date LOGFILE spool\vir.log LOGLEVELMID # # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. # SCANFILEC:\Progra~1\FSI\F-Prot\Fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /REPORT=report.txt) VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORTInfection: # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'spool\virus' (\IMail\spool\virus). VIRDIR spool\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. MAXATONCE 0 # # The following options allow you to limit scanning to only incoming or outgoing # E-mail. # INCOMINGON OUTGOINGON # # The ONACCESS option should be set to OFF unless you have an on-access virus scanner # that will be deleting attachments with viruses. It is recommended NOT to have an # on-access scanner interfering, and to leave this at OFF. # ONACCESSOFF # # The SCANNERTIMEOUT option lets you choose the number of seconds that Declude will # wait for the virus scanner to finish. The minimum value is 10 seconds. Most # scanners will not need to take that long. This option is mainly to prevent # defective scanners (that never finish) from interfering with your outgoing E-mail. # Raising this will NOT help if your virus scanner always times out. # SCANNERTIMEOUT 60 # # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG SKIPEXT PNG # # The BANEXT option will let you ban file extensions. E-mails containing attachments # with these file extensions will be quarantined, and if you have a BANnotify.EML file, # it will be sent out. This works in the Standard and Pro versions. # BANEXT ad BANEXT adp BANEXT asp BANEXT bas BANEXT bat BANEXT CEO BANEXT chm BANEXT cmd BANEXT com BANEXT cpl BANEXT crt BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT mdb BANEXT mde BANEXT msc BANEXT msi BANEXT msp BANEXT mst BANEXT pcd BANEXT pif BANEXT reg BANEXT scr BANEXT sct BANEXT shb BANEXT
RE: [Declude.Virus] virus increment
Wow a picture is really worth thousands of words. Seeing those stats as a coloured graph is very informative. Maybe one day I will get there :) for now I am going to attempt something simpler. Goran Jovanovic The LAN Shoppe > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of Markus Gufler > Sent: Wednesday, June 23, 2004 5:28 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] virus increment > > > > Ahh and here I thought that you would have some sort of fancy > > program that would do this. > > Yes some vbscripts, but that wouldn't run out of the box on your system. > This scripts are part of our CRM and read/write data from a big database. > > It would took some hours to prepare it for public distribution and > additional hours to adapt it for your own needs. > > Attached you can see one of the resulting diagrams. > > Markus > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] SPAMTRAP:ATTN: Urgent!Verify Your Sales Now!
BUY CHEAP DRUGS,OVERNIGHT DELIVERY To be removed click here
RE: [Declude.Virus] virus increment
On 23 Jun 2004 at 15:50, Goran Jovanovic wrote: > What reporting tool do you use to figure out how many viruses you are > stopping per day? Goran, I use grep > Bill Landry is the tutor - awhile back I posted the whole script that counts connections, viruses, etal and mails it to me nightly. http://www.mail-archive.com/[EMAIL PROTECTED]/msg08938.html -Nick > > I do not have anything setup at this point and am wondering what others > do. > > > Goran Jovanovic > The LAN Shoppe > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > > [EMAIL PROTECTED] On Behalf Of Nick > > Sent: Wednesday, June 23, 2004 10:50 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.Virus] virus increment > > > > On 23 Jun 2004 at 15:49, Markus Gufler wrote: > > > Someone else has noted a drastic increment of virus/worm messages? > > Hi Markus - > > > > Yupper. We normally do 4-500 a day. However last week were were doing > > 4000 a day. Now its droped to 150 a day. Dunno. We just keep killing > > them as they arrive :) > > > > -Nick Hayer > > > > > > > > > > In the last 2 days our server has blocked more then 3 times more > > infected > > > messages as before. )No new viruses, no internal user sending out > > viruses.) > > > > > > Markus > > > > > > > > > > > > --- > > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > > > --- > > > This E-mail came from the Declude.Virus mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > type "unsubscribe Declude.Virus".The archives can be found > > > at http://www.mail-archive.com. > > > > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus".The archives can be found > > at http://www.mail-archive.com. > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] virus increment
Nice diagram, Markus. Darin. - Original Message - From: "Markus Gufler" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 23, 2004 5:27 PM Subject: RE: [Declude.Virus] virus increment > Ahh and here I thought that you would have some sort of fancy > program that would do this. Yes some vbscripts, but that wouldn't run out of the box on your system. This scripts are part of our CRM and read/write data from a big database. It would took some hours to prepare it for public distribution and additional hours to adapt it for your own needs. Attached you can see one of the resulting diagrams. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] virus increment
> Ahh and here I thought that you would have some sort of fancy > program that would do this. Yes some vbscripts, but that wouldn't run out of the box on your system. This scripts are part of our CRM and read/write data from a big database. It would took some hours to prepare it for public distribution and additional hours to adapt it for your own needs. Attached you can see one of the resulting diagrams. Markus <>