Re: [Declude.Virus] DLAnalyzer 4.0 Released (Virus and Junkmail Processing Integrated)
Karl, Comment's inline. Darrell IS - Systems Eng. (Karl Drugge) writes: Nice tool. I can see a lot of time went into it. Very configurable, lots of options. Thanks. I'd like to make a suggestion, though. Most of my people just want a quick and dirty report with just one button click. Is there a way to set up some of this as pre-generated stuff ? Yes, email me off list and I will walk you through on how to set this kind of stuff up. They just want a quick report, telling them how much came in, what went out, how many hits, and what percentage of the filters are working.. Maybe add an option to check the logs within a time period to search for a particular user or email address. Everything that you asked for is possible with DLAnalyzer. Email me offlist and I will work with you on getting this type of stuff setup. Will the lite version do that ? The lite version will allow you to do basic overall reporting for the server. I hope this helps. Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Monday, December 13, 2004 10:28 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.Virus] DLAnalyzer 4.0 Released (Virus and Junkmail Processing Integrated) DLAnalyzer version 4.0 is now released. With version 4.0 we have integrated Declude Virus log processing into DLAnalyzer giving you the ability to generate one report that encompasses both spam and virus statistics. In addition, to the virus processing we have added many other features to the core application. Some of the features require the application to be registered - but we also have a FREE LITE version available. Release Notes: http://www.invariantsystems.com/download/current/readme.txt Download: http://www.invariantsystems.com/dlanalyzer/download.asp New Features in Version 4.0 1.) Ability to process multiple servers 2.) Overall Server Virus Report 3.) Virus Scanner Report 4.) File Extension Report 5.) File Extension Virus Report 6.) IP Virus Summary Report 7.) Recipient Virus Report 8.) Sender Virus Report 9.) Banned File Extension Report 10.) Per Domain Virus Overview Report 11.) Per Domain Detailed Virus Report 12.) Per Domain Recipient Virus Report 13.) Per Domain IP Virus Summary Report 14.) Advanced Virus Reporting Thanks Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. -- PLEASE NOTE : Florida has a very broad public records law. Most written communications to or from City officials regarding City business are public records available to the public and media upon request. Your E-mail communications may be subject to public disclosure. PLEASE NOTE : Florida has a very broad public records law. Most written communications to or from City officials regarding City business are public records available to the public and media upon request. Your E-mail communications may be subject to public disclosure. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot 3.14 causing server freezes
Matthew, You should use the 32bit version its much faster and may be more stable for you. Here is the cfg line I use. Of course update the scanner number for your configuration. SCANFILE2 C:\PROGRA~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /SERVER /REPORT=report.txt VIRUSCODE2 3 VIRUSCODE2 6 REPORT2 Infection: Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. Matthew Brandes writes: I am using the DOS version of F-Prot 3.14 and am having problems with F-Prot freezing the server which forces me to do a hard reset of the system. The event log entry reads: Application popup: 16 bit MS-DOS Subsystem : D:\FProt\F-Prot.exe X#=0D, CS=01CF IP=5703. The NTVDM CPU has encountered an unhandled exception. Choose 'Close' to terminate the application. I searched the archives and found some messages but they were too old to view. Are other users of F-Prot experiencing this problem? Is there a better alternative to F-Prot for virus checking that won't cause these problems? Matthew Brandes, MCSE, CCA IT Manager Integra Realty Resources, Inc. 1901 W. 47th Place, #300 Westwood, KS 66205 T. 913-748-4720 F. 913-236-4307 http://www.irr.com http://www.irr.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Virus MRTG
[Also I believe Darrell ([EMAIL PROTECTED]) is working on a mrtg ver of a virus analyzer which does this and more... No idea of a release date - ] -Nick For the most part its done. I just havent posted it to the web site yet because I havent had a chance to create documentation for it. I will have it posted by the end of the week. Darrell http://www.invariantsystems.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] log file grepping
Nick, What is your time table on this? If you can wait a couple days I will add virus graphing to the mrtg stuff I already make available. I would have it sooner, but I am just trying to wrap up the final touches on DLAnalyzer 4.0 which I hope to have out sometime over the next day or two. Let me know, Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. Nick writes: Bill?.. or anyone :) Is there a way in a single line to use grep or a similar tool on a virus log file and have it return 2 values: total_scanned and viruses found? I have been able to do this in multiple lines with temp files but am stuck trying to do it on a single command line. The purpose here is to use mrtg to graph virus traffic - I can do it with one value but when I try to combine both I am lost. Thanks in advance - -Nick --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Stop When a scanner finds a virus
When running multiple scanners is their a way to prevent the other configured virus scanners from scanning the message if the first virus scanner finds a virus? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Stop When a scanner finds a virus
This would be a great benefit as in times when a large volume of mail comes in I often see several scan.exe from mcafee listed taking 20% cpu. Where as my other scanner (F-Prot) hardly ever pops up in the task manager. It would be nice to have all virus processing stop when F-Prot finds a virus and if not move on to the next scanner. Darrell R. Scott Perry writes: When running multiple scanners is their a way to prevent the other configured virus scanners from scanning the message if the first virus scanner finds a virus? No, there is not. Given that all non-virus E-mails will be sent through all scanners, the extra time used is minimal unless a high percentage of your traffic is viruses. We are considering an option to let you stop scanning after the first virus is detected. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Blocking the files in mydoom
Jim, The BOUNCE action was changed to BOUNCEONLYIFYOUMUST in the newer releases. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. Jim Nitterauer writes: Question: My declude log contains the following cryptic message: 07/26/2004 15:32:21 Q6a3e178601c0f0dc Warning: misconfiguration in following line in configuration file (BOUNCE is not an ACTION). May be a duplicate test definition? I have checked both config files and cannot find any duplicates. I recently installed the MTLDB test. I am using 1.79i8 Thanks Any ideas? Jim Nitterauer President Creative Data Concepts Limited, Inc. 3 W. Garden Street Suite 326 Pensacola, FL 32502 http://www.creativedata.net 850-434-7645 800-607-6168 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, July 26, 2004 3:22 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Blocking the files in mydoom Something must be broken or something must be unusual about this file. I just added BANEXT ZIP It is catching other files that I have banned. And I was able to forward this file ([EMAIL PROTECTED])to myself from a user that sent it to me. Does declude treat a forwarded file differently somehow? CRAP. No, the forwarded files are not treated differently. Does the E-mail you received (the one you forwarded) have a .ZIP file attachment? Are you sure it is .ZIP? I am using F-protect and I updated it about noon and I'm using an interim downloaded about three days ago. Noon EST? If so, I would recommend downloading the virus definitions again. The date of them should be July 26 or later. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. - [This E-mail scanned for viruses courtesy of Creative Data Concepts http://www.creativedata.net] - [This E-mail scanned for viruses courtesy of Creative Data Concepts http://www.creativedata.net] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Scott, what do you use to generate this report
If your looking for a reporting tool that can generate that type of report as well as many other types of reporting including domain breakdowns and user breakdowns. In addition to the ability to automate and email those reports... Please check out DLAnalyzer... http://www.invariantsystems.com Darrell Mike Hyslip writes: Sell it :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, April 12, 2004 6:48 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Scott, what do you use to generate this report While I have your attention, what do you use to generate this report from your log files? Each month, we go through our spamtraps (E-mail addresses designed to collect spam), to find out which spam tests were most effective at catching spam. snip WEIGHT1099.48% ... We actually have a custom setup here that records the information on tests that an E-mail fails to a special log file (which is how we get the live stats on the web site), and have a program to go through that log file to come up with the stats. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.