Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG
Hi, (Open mail request) Dear Declude people. I have asked this before and with the current spam levels kan we PLEASE have this feature now ASAP? We all want to use AVAFTERJM but could you PLEASE make it scan all mail which is not deleted? If that is a to big step at first becasue of all the possible copy, routeto, etc statements can we at least have it for the HOLD action asap? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] / www.tio.nl - Original Message - From: Kevin Bilbee To: declude.virus@declude.com Sent: Friday, June 13, 2008 5:25 PM Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Be careful with this setting. If a message gets held as spam it will not be virus scanned. Make sure you scan any message moved back into the delivery queue for viruses before placing it in the delivery queue folder. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, June 13, 2008 6:10 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG AVAFTERJM has been around a long time. I don't remember what version, but it was a 1.x version. Are you familiar with the setting? It tells Declude to run Anti-Virus after Junkmail. It then only runs AV after checking to see if the message is spam. With the spam load these days, I would expect that to be the desired config, resulting in AV scanning on only about 10% of incoming mail instead of 100%. However, it is not the default setting, which runs AV first, then Junkmail. That could easily account for yours and Kathy's 70-100% CPU. Darin. - Original Message - From: Brian Lin [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 8:55 AM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG No, I am still using antique version declude and imail. - Original Message - From: Darin Cox [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 8:07 PM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Interesting that you are also seeing the 70-100% CPU with F-Prot 6, where we are not. Are you running AVAFTERJM? Darin. - Original Message - From: Brian Lin [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 5:23 AM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG I just terminate my F-Prot 6, and installed ClamAV SOSDG Before that, my CPU usage is always run to skyhigh, at around 70%-100%, now using ClamAV, reduce to 5%-20%, still catching all the testing virus. F-prot 6 do not provide option like noboot, nomem, I guess these become the default setting, and cause very high CPU and harddisk usage. Alex instruction dated at 6 June 2008 for ClamAV installation is very helpful, thanks! The main tricks in clamav are: 1: need to install the contributors' tools, then get two dedicated tools for declude, can run the clamdscan as service. 2: need to remove --mbox, if this is there, it will not function. Brian - Original Message - From: Brian Lin [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 10:02 AM Subject: Re: [Declude.Virus] F-PROT 6 I think VIRUSCODE 1 need to be added too? http://www.f-prot.com/support/windows/fpwin_faq/310.html Anyway, using F-Prot 6 seems very slow compare with previous F-Prot 3, I do not know the exact reason. I have try to reduce scanlevel, heulevel, archive to 0 or 1, still very slow, I guess it is now scanning memory by default? Another question is , for REPORT=report.txt do we need ? REPORT=report.txt from instruction here, looks like need http://www.f-prot.com/support/windows/fpwin_faq/445.html but most users online post seems is not necessary. - Original Message - From: Darin Cox [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Wednesday, June 04, 2008 2:34 AM Subject: Re: [Declude.Virus] F-PROT 6 Assuming the default location for program installation, here you go. SCANFILE C:\PROGRA~1\FRISKS~1\F-PROT~1\fpscan.exe /VERBOSE=0 /ARCHIVE=5 /scanlevel=4 /heurlevel=3 /REPORT=report.txt /VERBOSE=0 corresponds to the old /SILENT switch /TYPE is assumed now /ARCHIVE has changed to /ARCHIVE=5 /NOMEM, /NOBOOT, /DUMB, /AI, and /SERVER are defunct /SCANLEVEL and /HEURLEVEL are new switches. The values above are recommended See the FProt 6 manual
[Declude.Virus] automated response
I will be on vacation 6/23 through 6/27 and will not have access to email. = However, I will be available by cell phone if needed @ 412-418-8008. Earl Dean ([EMAIL PROTECTED]) from Oxford International will be help= ing out the IT department until I return. Please see John Hultgren or Earl = Dean for any IT related issues. For GMI issues please contact Elaine McDermott or Jeff Stazer. Thank you. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG
Dear Bonno, It is not that we can't do this. We have chosen not to do this otherwise your users will end up with viruses in their junkmail folders. AVAFTERJM will skip messages on DELETE and HOLD actions only. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Monday, June 23, 2008 4:20 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Hi, (Open mail request) Dear Declude people. I have asked this before and with the current spam levels kan we PLEASE have this feature now ASAP? We all want to use AVAFTERJM but could you PLEASE make it scan all mail which is not deleted? If that is a to big step at first becasue of all the possible copy, routeto, etc statements can we at least have it for the HOLD action asap? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] / http://www.tio.nl www.tio.nl - Original Message - From: Kevin Bilbee mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 5:25 PM Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Be careful with this setting. If a message gets held as spam it will not be virus scanned. Make sure you scan any message moved back into the delivery queue for viruses before placing it in the delivery queue folder. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, June 13, 2008 6:10 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG AVAFTERJM has been around a long time. I don't remember what version, but it was a 1.x version. Are you familiar with the setting? It tells Declude to run Anti-Virus after Junkmail. It then only runs AV after checking to see if the message is spam. With the spam load these days, I would expect that to be the desired config, resulting in AV scanning on only about 10% of incoming mail instead of 100%. However, it is not the default setting, which runs AV first, then Junkmail. That could easily account for yours and Kathy's 70-100% CPU. Darin. - Original Message - From: Brian Lin [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 8:55 AM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG No, I am still using antique version declude and imail. - Original Message - From: Darin Cox [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 8:07 PM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Interesting that you are also seeing the 70-100% CPU with F-Prot 6, where we are not. Are you running AVAFTERJM? Darin. - Original Message - From: Brian Lin [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 5:23 AM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG I just terminate my F-Prot 6, and installed ClamAV SOSDG Before that, my CPU usage is always run to skyhigh, at around 70%-100%, now using ClamAV, reduce to 5%-20%, still catching all the testing virus. F-prot 6 do not provide option like noboot, nomem, I guess these become the default setting, and cause very high CPU and harddisk usage. Alex instruction dated at 6 June 2008 for ClamAV installation is very helpful, thanks! The main tricks in clamav are: 1: need to install the contributors' tools, then get two dedicated tools for declude, can run the clamdscan as service. 2: need to remove --mbox, if this is there, it will not function. Brian - Original Message - From: Brian Lin [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 10:02 AM Subject: Re: [Declude.Virus] F-PROT 6 I think VIRUSCODE 1 need to be added too? http://www.f-prot.com/support/windows/fpwin_faq/310.html Anyway, using F-Prot 6 seems very slow compare with previous F-Prot 3, I do not know the exact reason. I have try to reduce scanlevel, heulevel, archive to 0 or 1, still very slow, I guess it is now scanning memory by default? Another question is , for REPORT=report.txt do we need ? REPORT=report.txt from instruction here, looks like need http://www.f-prot.com/support/windows/fpwin_faq/445.html but most users online post seems is not necessary. - Original Message - From: Darin Cox [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Wednesday, June 04, 2008 2:34 AM Subject: Re: [Declude.Virus] F-PROT 6 Assuming the default location for program installation, here you go. SCANFILE C:\PROGRA~1\FRISKS~1\F-PROT~1\fpscan.exe /VERBOSE=0 /ARCHIVE=5 /scanlevel=4 /heurlevel=3 /REPORT=report.txt /VERBOSE=0 corresponds to the old
Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG
Hi David, Could you explain this: We have chosen not to do this otherwise your users will end up with viruses in their junkmail folders By NOT scanning held junkmail the virus WILL end up in a users mailbox if I have to reque the mail because it was a FP. Of course you don't have to scan deleted mail. Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] / www.tio.nl - Original Message - From: David Barker To: declude.virus@declude.com Sent: Monday, June 23, 2008 4:28 PM Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Dear Bonno, It is not that we can't do this. We have chosen not to do this otherwise your users will end up with viruses in their junkmail folders. AVAFTERJM will skip messages on DELETE and HOLD actions only. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Monday, June 23, 2008 4:20 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Hi, (Open mail request) Dear Declude people. I have asked this before and with the current spam levels kan we PLEASE have this feature now ASAP? We all want to use AVAFTERJM but could you PLEASE make it scan all mail which is not deleted? If that is a to big step at first becasue of all the possible copy, routeto, etc statements can we at least have it for the HOLD action asap? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] / www.tio.nl - Original Message - From: Kevin Bilbee To: declude.virus@declude.com Sent: Friday, June 13, 2008 5:25 PM Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Be careful with this setting. If a message gets held as spam it will not be virus scanned. Make sure you scan any message moved back into the delivery queue for viruses before placing it in the delivery queue folder. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, June 13, 2008 6:10 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG AVAFTERJM has been around a long time. I don't remember what version, but it was a 1.x version. Are you familiar with the setting? It tells Declude to run Anti-Virus after Junkmail. It then only runs AV after checking to see if the message is spam. With the spam load these days, I would expect that to be the desired config, resulting in AV scanning on only about 10% of incoming mail instead of 100%. However, it is not the default setting, which runs AV first, then Junkmail. That could easily account for yours and Kathy's 70-100% CPU. Darin. - Original Message - From: Brian Lin [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 8:55 AM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG No, I am still using antique version declude and imail. - Original Message - From: Darin Cox [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 8:07 PM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Interesting that you are also seeing the 70-100% CPU with F-Prot 6, where we are not. Are you running AVAFTERJM? Darin. - Original Message - From: Brian Lin [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 5:23 AM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG I just terminate my F-Prot 6, and installed ClamAV SOSDG Before that, my CPU usage is always run to skyhigh, at around 70%-100%, now using ClamAV, reduce to 5%-20%, still catching all the testing virus. F-prot 6 do not provide option like noboot, nomem, I guess these become the default setting, and cause very high CPU and harddisk usage. Alex instruction dated at 6 June 2008 for ClamAV installation is very helpful, thanks! The main tricks in clamav are: 1: need to install the contributors' tools, then get two dedicated tools for declude, can run the clamdscan as service. 2: need to remove --mbox, if this is there, it will not function. Brian - Original Message - From: Brian Lin [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday,
RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG
Correct if you send held email directly to the spool there is a potential for a virus to bypass if running AVAFTERJM this is why it is important to correct the issue that caused the false positive then reprocess via Declude. OR alternately ensure you virus scan your HOLD folders. If you are asking to only to apply AVAFTERJM only to Deleted emails this would reduce it's effectiveness as not every Declude customer uses Delete. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Monday, June 23, 2008 11:30 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Hi David, Could you explain this: We have chosen not to do this otherwise your users will end up with viruses in their junkmail folders By NOT scanning held junkmail the virus WILL end up in a users mailbox if I have to reque the mail because it was a FP. Of course you don't have to scan deleted mail. Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] / http://www.tio.nl/ www.tio.nl - Original Message - From: David Barker mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Sent: Monday, June 23, 2008 4:28 PM Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Dear Bonno, It is not that we can't do this. We have chosen not to do this otherwise your users will end up with viruses in their junkmail folders. AVAFTERJM will skip messages on DELETE and HOLD actions only. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Monday, June 23, 2008 4:20 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Hi, (Open mail request) Dear Declude people. I have asked this before and with the current spam levels kan we PLEASE have this feature now ASAP? We all want to use AVAFTERJM but could you PLEASE make it scan all mail which is not deleted? If that is a to big step at first becasue of all the possible copy, routeto, etc statements can we at least have it for the HOLD action asap? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] / http://www.tio.nl www.tio.nl - Original Message - From: Kevin Bilbee mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 5:25 PM Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Be careful with this setting. If a message gets held as spam it will not be virus scanned. Make sure you scan any message moved back into the delivery queue for viruses before placing it in the delivery queue folder. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, June 13, 2008 6:10 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG AVAFTERJM has been around a long time. I don't remember what version, but it was a 1.x version. Are you familiar with the setting? It tells Declude to run Anti-Virus after Junkmail. It then only runs AV after checking to see if the message is spam. With the spam load these days, I would expect that to be the desired config, resulting in AV scanning on only about 10% of incoming mail instead of 100%. However, it is not the default setting, which runs AV first, then Junkmail. That could easily account for yours and Kathy's 70-100% CPU. Darin. - Original Message - From: Brian Lin [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 8:55 AM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG No, I am still using antique version declude and imail. - Original Message - From: Darin Cox [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 8:07 PM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Interesting that you are also seeing the 70-100% CPU with F-Prot 6, where we are not. Are you running AVAFTERJM? Darin. - Original Message - From: Brian Lin [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 5:23 AM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG I just terminate my F-Prot 6, and installed ClamAV SOSDG Before that, my CPU usage is always run to skyhigh, at around 70%-100%, now using ClamAV, reduce to 5%-20%, still catching all the testing virus. F-prot 6 do not provide option like noboot, nomem, I guess these become the default setting, and cause very high CPU and harddisk usage. Alex instruction dated at 6 June 2008 for ClamAV installation is very helpful, thanks! The main
RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG
For what it's worth, I never move messages from HOLD to SPOOL. When I do move false positives out, I fix the problem in my configuration, so that the same circumstance doesn't happen again, and then I move the files from the HOLD to the PROC folder. By re-scanning them, they get virus scanned and I am sure that I have saved time by getting spam scanned as well; it would cost me more time to repeat the procedure next time than it takes me to override my text filters and re-queue the messages now. Very few messages get pulled out of the HOLD folder, so not scanning those messages for viruses saves me a lot of processing power. Andrew. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, June 23, 2008 9:00 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Correct if you send held email directly to the spool there is a potential for a virus to bypass if running AVAFTERJM this is why it is important to correct the issue that caused the false positive then reprocess via Declude. OR alternately ensure you virus scan your HOLD folders. If you are asking to only to apply AVAFTERJM only to Deleted emails this would reduce it's effectiveness as not every Declude customer uses Delete. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Monday, June 23, 2008 11:30 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Hi David, Could you explain this: We have chosen not to do this otherwise your users will end up with viruses in their junkmail folders By NOT scanning held junkmail the virus WILL end up in a users mailbox if I have to reque the mail because it was a FP. Of course you don't have to scan deleted mail. Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] / www.tio.nl http://www.tio.nl/ - Original Message - From: David Barker mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Sent: Monday, June 23, 2008 4:28 PM Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Dear Bonno, It is not that we can't do this. We have chosen not to do this otherwise your users will end up with viruses in their junkmail folders. AVAFTERJM will skip messages on DELETE and HOLD actions only. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Monday, June 23, 2008 4:20 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Hi, (Open mail request) Dear Declude people. I have asked this before and with the current spam levels kan we PLEASE have this feature now ASAP? We all want to use AVAFTERJM but could you PLEASE make it scan all mail which is not deleted? If that is a to big step at first becasue of all the possible copy, routeto, etc statements can we at least have it for the HOLD action asap? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] / www.tio.nl http://www.tio.nl - Original Message - From: Kevin Bilbee mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 5:25 PM Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Be careful with this setting. If a message gets held as spam it will not be virus scanned. Make sure you scan any message moved back into the delivery queue for viruses before placing it in the delivery queue folder. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, June 13, 2008 6:10 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG AVAFTERJM has been around a long time. I don't remember what version, but it was a 1.x version. Are you familiar with the setting? It tells Declude to run Anti-Virus after Junkmail. It then only runs AV after checking to see if the message is spam.
RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG
I have complained about this for a while now. This process of fix the configuration the place in the proc folder only works if you are constantly pouring through your hold folders. We do not do that. We send an email to our users with the message they have in their hold. They then have the option to deliver the message to their inbox, when they click the recover link the message is placed in the spool folder and a copy of the raw email is sent to our admin to then look at the configuration. This process makes the hold folder completely hands off. How about an option to VIRUSSCANONHOLD. This would make everyone happy. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Monday, June 23, 2008 9:57 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG For what it's worth, I never move messages from HOLD to SPOOL. When I do move false positives out, I fix the problem in my configuration, so that the same circumstance doesn't happen again, and then I move the files from the HOLD to the PROC folder. By re-scanning them, they get virus scanned and I am sure that I have saved time by getting spam scanned as well; it would cost me more time to repeat the procedure next time than it takes me to override my text filters and re-queue the messages now. Very few messages get pulled out of the HOLD folder, so not scanning those messages for viruses saves me a lot of processing power. Andrew. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, June 23, 2008 9:00 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Correct if you send held email directly to the spool there is a potential for a virus to bypass if running AVAFTERJM this is why it is important to correct the issue that caused the false positive then reprocess via Declude. OR alternately ensure you virus scan your HOLD folders. If you are asking to only to apply AVAFTERJM only to Deleted emails this would reduce it’s effectiveness as not every Declude customer uses Delete. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Monday, June 23, 2008 11:30 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Hi David, Could you explain this: We have chosen not to do this otherwise your users will end up with viruses in their junkmail folders By NOT scanning held junkmail the virus WILL end up in a users mailbox if I have to reque the mail because it was a FP. Of course you don't have to scan deleted mail. Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] / http://www.tio.nl/ www.tio.nl - Original Message - From: David Barker mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Sent: Monday, June 23, 2008 4:28 PM Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Dear Bonno, It is not that we can’t do this. We have chosen not to do this otherwise your users will end up with viruses in their junkmail folders. AVAFTERJM will skip messages on DELETE and HOLD actions only. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Monday, June 23, 2008 4:20 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Hi, (Open mail request) Dear Declude people. I have asked this before and with the current spam levels kan we PLEASE have this feature now ASAP? We all want to use AVAFTERJM but could you PLEASE make it scan all mail which is not deleted? If that is a to big step at first becasue of all the possible copy, routeto, etc statements can we at least have it for the HOLD action asap? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] / http://www.tio.nl www.tio.nl - Original Message - From: Kevin Bilbee mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 5:25 PM Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Be careful with this setting. If a message gets held as spam it will not be virus scanned. Make sure you scan any message moved back into the delivery queue for viruses before placing it in the delivery queue folder. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, June 13, 2008 6:10 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG AVAFTERJM has been around a long time. I don't remember
RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG
I will see what we can do for a new directive for the HOLD to be excluded or included by the admin. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, June 23, 2008 2:17 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG I have complained about this for a while now. This process of fix the configuration the place in the proc folder only works if you are constantly pouring through your hold folders. We do not do that. We send an email to our users with the message they have in their hold. They then have the option to deliver the message to their inbox, when they click the recover link the message is placed in the spool folder and a copy of the raw email is sent to our admin to then look at the configuration. This process makes the hold folder completely hands off. How about an option to VIRUSSCANONHOLD. This would make everyone happy. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Monday, June 23, 2008 9:57 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG For what it's worth, I never move messages from HOLD to SPOOL. When I do move false positives out, I fix the problem in my configuration, so that the same circumstance doesn't happen again, and then I move the files from the HOLD to the PROC folder. By re-scanning them, they get virus scanned and I am sure that I have saved time by getting spam scanned as well; it would cost me more time to repeat the procedure next time than it takes me to override my text filters and re-queue the messages now. Very few messages get pulled out of the HOLD folder, so not scanning those messages for viruses saves me a lot of processing power. Andrew. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, June 23, 2008 9:00 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Correct if you send held email directly to the spool there is a potential for a virus to bypass if running AVAFTERJM this is why it is important to correct the issue that caused the false positive then reprocess via Declude. OR alternately ensure you virus scan your HOLD folders. If you are asking to only to apply AVAFTERJM only to Deleted emails this would reduce it’s effectiveness as not every Declude customer uses Delete. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Monday, June 23, 2008 11:30 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Hi David, Could you explain this: We have chosen not to do this otherwise your users will end up with viruses in their junkmail folders By NOT scanning held junkmail the virus WILL end up in a users mailbox if I have to reque the mail because it was a FP. Of course you don't have to scan deleted mail. Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] / http://www.tio.nl/ www.tio.nl - Original Message - From: David Barker mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Sent: Monday, June 23, 2008 4:28 PM Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Dear Bonno, It is not that we can’t do this. We have chosen not to do this otherwise your users will end up with viruses in their junkmail folders. AVAFTERJM will skip messages on DELETE and HOLD actions only. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Monday, June 23, 2008 4:20 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Hi, (Open mail request) Dear Declude people. I have asked this before and with the current spam levels kan we PLEASE have this feature now ASAP? We all want to use AVAFTERJM but could you PLEASE make it scan all mail which is not deleted? If that is a to big step at first becasue of all the possible copy, routeto, etc statements can we at least have it for the HOLD action asap? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] / http://www.tio.nl www.tio.nl - Original Message - From: Kevin Bilbee mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, June 13, 2008 5:25 PM Subject: RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Be careful with this setting. If a message gets held as spam it will not be virus scanned. Make sure you scan any message moved back into the delivery queue for viruses before placing it in the delivery queue
Re[2]: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG
On Monday, June 23, 2008, 2:16:47 PM, Kevin wrote: I have complained about this for a while now. This process of fix the configuration the place in the proc folder only works if you are constantly pouring through your hold folders. We do not do that. We send an email to our users with the message they have in their hold. They then have the option to deliver the message to their inbox, when they click the recover link the message is placed in the spool folder and a copy of the raw email is sent to our admin to then look at the configuration. This process makes the hold folder completely hands off. How about an option to VIRUSSCANONHOLD. This would make everyone happy. My $0.02 - Virus scanning after JM is a way to maximize efficiency by NOT scanning messages that will not be delivered. If you add a feature to scan on hold -- you are essentially defeating AVAFTERJM. What you want is simply a mechanism that does virus scanning before returning the message to spool for delivery. If you've already automated your quarantine recovery mechanism then that should be fairly easy for you to add. If Declude were to add a feature to facilitate this then the best bet would be a folder that accepts quarantine recovery messages and performs virus scanning (perhaps full scanning) on those messages before they are returned to spool for delivery. That facility might then provide special handling for messages in that case so that if a message released from quarantine was found to contain a virus you could perhaps deliver a notification message in it's stead for safety-- or some other option that would be unique to the recovery case. Such a feature would not dilute the AVAFTERJM feature but would provide a recovery mechanism as simple as dropping the recovered message (both files) into a folder -- it just wouldn't be the spool ;-) The feature would also provide a new pathway for handling this special case efficiently. Hope this helps, _M ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG
One side note - if this feature is added please make sure this feature is configurable so we can disable it if we choose (which I would). I have customers who hold all spam for a certain period of time and than we delete. If anything needs to be returned to the queue it is scanned manually or returned to the proc for reprocessing. Virus scanning on all messages held would defeat the whole purpose of AVAFTERJM for their implementation. Darrell -- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Bonno Bloksma wrote: Hi, (Open mail request) Dear Declude people. I have asked this before and with the current spam levels kan we PLEASE have this feature now ASAP? We all want to use AVAFTERJM but could you PLEASE make it scan all mail which is not deleted? If that is a to big step at first becasue of all the possible copy, routeto, etc statements can we at least have it for the HOLD action asap? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] / www.tio.nl http://www.tio.nl - Original Message - *From:* Kevin Bilbee mailto:[EMAIL PROTECTED] *To:* declude.virus@declude.com mailto:declude.virus@declude.com *Sent:* Friday, June 13, 2008 5:25 PM *Subject:* RE: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Be careful with this setting. If a message gets held as spam it will not be virus scanned. Make sure you scan any message moved back into the delivery queue for viruses before placing it in the delivery queue folder. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, June 13, 2008 6:10 AM To: declude.virus@declude.com mailto:declude.virus@declude.com Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG AVAFTERJM has been around a long time. I don't remember what version, but it was a 1.x version. Are you familiar with the setting? It tells Declude to run Anti-Virus after Junkmail. It then only runs AV after checking to see if the message is spam. With the spam load these days, I would expect that to be the desired config, resulting in AV scanning on only about 10% of incoming mail instead of 100%. However, it is not the default setting, which runs AV first, then Junkmail. That could easily account for yours and Kathy's 70-100% CPU. Darin. - Original Message - From: Brian Lin [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: declude.virus@declude.com mailto:declude.virus@declude.com Sent: Friday, June 13, 2008 8:55 AM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG No, I am still using antique version declude and imail. - Original Message - From: Darin Cox [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: declude.virus@declude.com mailto:declude.virus@declude.com Sent: Friday, June 13, 2008 8:07 PM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG Interesting that you are also seeing the 70-100% CPU with F-Prot 6, where we are not. Are you running AVAFTERJM? Darin. - Original Message - From: Brian Lin [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: declude.virus@declude.com mailto:declude.virus@declude.com Sent: Friday, June 13, 2008 5:23 AM Subject: Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG I just terminate my F-Prot 6, and installed ClamAV SOSDG Before that, my CPU usage is always run to skyhigh, at around 70%-100%, now using ClamAV, reduce to 5%-20%, still catching all the testing virus. F-prot 6 do not provide option like noboot, nomem, I guess these become the default setting, and cause very high CPU and harddisk usage. Alex instruction dated at 6 June 2008 for ClamAV installation is very helpful, thanks! The main tricks in clamav are: 1: need to install the contributors' tools, then get two dedicated tools for declude, can run the clamdscan as service. 2: need to remove --mbox, if this is there, it will not function. Brian - Original Message - From: Brian Lin [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: declude.virus@declude.com mailto:declude.virus@declude.com Sent: Friday,
