RE: !!!PRE RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2
Needed the q file. However if the recip.eml is working correctly use the same variable in the recip.eml but change the user to postmaster. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Thursday, June 21, 2007 6:39 PM To: declude.virus@declude.com Cc: [EMAIL PROTECTED] Subject: RE: !!!PRE RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 It should to [EMAIL PROTECTED] correct ? the email recipient gets the correct email Notification fine. The smd file is attached Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, June 21, 2007 5:23 PM To: declude.virus@declude.com Subject: !!!PRE RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 And it is going to [EMAIL PROTECTED] instead of [EMAIL PROTECTED] ? %LOCALHOST% is picking up as norad17.norad.com which I think comes from the IMail header file, as this message was quarantined could you post the content of the q*.smd file? David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Thursday, June 21, 2007 5:16 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 Here it is : Received: from SMTP32-FWD by norad17.norad.com (SMTP32) id A8F320A5CF1AE; Thu, 21 Jun 2007 10:46:11 -0400 Date: Thu, 21 Jun 2007 10:46:10 -0400 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: Postmaster [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: N.O.R.A.D. SecureTrek Virus scanner detected a Email virus X-Mailer: IMail v9.20 X-RCPT-TO: [EMAIL PROTECTED] Status: X-UIDL: 478741403 X-IMail-ThreadID: 8f320a5cf1be N.O.R.A.D. SecureTrek Virus scanner v4.3.46 detected the [Outlook 'CR' Vulnerability] virus in [No attachment] from [EMAIL PROTECTED] to: [EMAIL PROTECTED] Date: 21 Jun 2007 10:46:10 Subject:!! All medications to cure yourself Spool File: D8f0209f3707f.smd Remote IP: 83.9.68.60 Headers: [Deleted due to dangerous content] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, June 21, 2007 4:34 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 Can you post a copy of the header of one of the messages ? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Thursday, June 21, 2007 3:51 PM To: declude.virus@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 No it has [EMAIL PROTECTED] The standard template at http://shopping.declude.com/version/EVA_Notifications/postmaster.txt . _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, June 21, 2007 12:50 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 Does your postmaster.eml contain the following line ? To: [EMAIL PROTECTED] David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Thursday, June 21, 2007 12:30 PM To: declude.virus@declude.com Subject: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 The notification file postmaster.eml sends notification to the postmaster of the main IP domain of the Imail server instead of the postmaster of the actual virtual domain of the users. Any resolutions around Howard Smith --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2
Does your postmaster.eml contain the following line ? To: [EMAIL PROTECTED] David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Thursday, June 21, 2007 12:30 PM To: declude.virus@declude.com Subject: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 The notification file postmaster.eml sends notification to the postmaster of the main IP domain of the Imail server instead of the postmaster of the actual virtual domain of the users. Any resolutions around Howard Smith --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2
And it is going to [EMAIL PROTECTED] instead of [EMAIL PROTECTED] ? %LOCALHOST% is picking up as norad17.norad.com which I think comes from the IMail header file, as this message was quarantined could you post the content of the q*.smd file? David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Thursday, June 21, 2007 5:16 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 Here it is : Received: from SMTP32-FWD by norad17.norad.com (SMTP32) id A8F320A5CF1AE; Thu, 21 Jun 2007 10:46:11 -0400 Date: Thu, 21 Jun 2007 10:46:10 -0400 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: Postmaster [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: N.O.R.A.D. SecureTrek Virus scanner detected a Email virus X-Mailer: IMail v9.20 X-RCPT-TO: [EMAIL PROTECTED] Status: X-UIDL: 478741403 X-IMail-ThreadID: 8f320a5cf1be N.O.R.A.D. SecureTrek Virus scanner v4.3.46 detected the [Outlook 'CR' Vulnerability] virus in [No attachment] from [EMAIL PROTECTED] to: [EMAIL PROTECTED] Date: 21 Jun 2007 10:46:10 Subject:!! All medications to cure yourself Spool File: D8f0209f3707f.smd Remote IP: 83.9.68.60 Headers: [Deleted due to dangerous content] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, June 21, 2007 4:34 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 Can you post a copy of the header of one of the messages ? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Thursday, June 21, 2007 3:51 PM To: declude.virus@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 No it has [EMAIL PROTECTED] The standard template at http://shopping.declude.com/version/EVA_Notifications/postmaster.txt . _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, June 21, 2007 12:50 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 Does your postmaster.eml contain the following line ? To: [EMAIL PROTECTED] David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Thursday, June 21, 2007 12:30 PM To: declude.virus@declude.com Subject: [Declude.Virus] Problem with postmaster.eml and imail 2006.2 The notification file postmaster.eml sends notification to the postmaster of the main IP domain of the Imail server instead of the postmaster of the actual virtual domain of the users. Any resolutions around Howard Smith --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] False Positive ClamAV
Besides the http://www.declude.com/x-note.htm; Declude also adds txt of RBL's that were triggered on an email containing http:// to the best of my knowledge this is not restricted by the RFC's This is an issue with Clam incorrectly identifying phishing using this method. With Declude 4.x AVG is a built in commercial grade AV scanner I would suggest disabling Clam and using the built in scanner until Clam has resolved this. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karen Mitchell Sent: Monday, May 21, 2007 1:55 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] False Positive ClamAV Interesting http://forums.clamwin.com/viewtopic.php?t=1106highlight=phishing I removed these lines from my global.cfg so at least I don't get flagged. #XINHEADER X-Declude-Note: Scanned by Declude %VERSION% (http://www.declude.com/x-note.htm) for spam. #XOUTHEADER X-Declude-Note: Scanned by Declude %VERSION% (http://www.declude.com/x-note.htm) for spam. Karen M. Mitchell Senior NewMedia Systems Administrator AccuWeather, Inc. 385 Science Park Road State College, PA 16803 814-235-8698 Get the best weather on the web - http://www.accuweather.com Robert Shubert wrote: I saw on another list that a new CLAMAV (possibly windows only) is flagging emails with http:// in the header with the RB-882 Phishing Virus. There is a URL added by default to mail that goes through declude. I'm testing it now, can any one back this up? Robert *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Darrell ([EMAIL PROTECTED]) *Sent:* Monday, May 21, 2007 11:15 AM *To:* declude.virus@declude.com *Subject:* Re: [Declude.Virus] False Positive ClamAV Are you sure CLAMAV is hitting on this or is this a hit from the SANE phish database being used with CLAM? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - *From:* Bonno Bloksma mailto:[EMAIL PROTECTED] *To:* Declude.Virus@declude.com mailto:Declude.Virus@declude.com *Sent:* Monday, May 21, 2007 7:09 AM *Subject:* [Declude.Virus] False Positive ClamAV Hi, Some of our mail is getting caught bij ClamAV. I've had two reports on two completely unrelated mails. Body of message generated response: 554 5.7.1 virus Email.Phishing.RB-882 detected by ClamAV - http://www.clamav.net I submitted a virus http://cgi.clamav.net/sendvirus.cgi tagging it as a false positive report. When I hit Submit I get an error stating this virus is already known and I should fix something in the submission. :-( Can anyone tell me: 1) Whether this is normail behaviour for that page? 2) Where I can report this bug in the webpage? It's not a bug in the program so// I //don't think the Bugzilla page is the right place. If I need to report it via a mailing list, which one? 3) How I can check whether my report was received? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hotelmanagement en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] / www.tio.nl http://www.tio.nl --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. -- Insanity: doing the same thing over and over again and expecting different results. Albert Einstein, (attributed) US (German-born) physicist (1879 - 1955) Karen M. Mitchell Senior NewMedia Systems Administrator AccuWeather, Inc. 385 Science Park Road State College, PA 16803 814-235-8698 Get the best weather on the web - http://www.accuweather.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL
RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures
Gary, I will post to the list when there is a download available. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Monday, May 07, 2007 1:01 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures I received a message over the weekend from Declude stating that my ticket on this issue has been closed. When I read it, I assumed this meant that Declude has fixed the bug and has released a version that is now able to detect encrypted RAR files. When will we be able to download this newly fixed version? Gary Steiner Original Message From: David Barker [EMAIL PROTECTED] Sent: Wednesday, May 02, 2007 4:19 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures Yes I apologize I only realized the next day (Saturday) that this would not work because the message will be scanned if it is under a HOLD or DELETE threshold. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, May 02, 2007 4:03 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures I am confused as to how this would work, as BANEXT RAR in EVA will hold those files regardless of the weight. Has anyone worked out a way to ban small RAR files that would contain the virus, and pass large RAR files that most likely would not? I'm trying to find a work around until Declude figures out how to detect encrypted RAR files. Right now I'm banning all RAR files, then have to go in and manually re-submit the legitimate RAR files that my customers are sending. Gary Original Message From: David Barker [EMAIL PROTECTED] Sent: Friday, April 27, 2007 5:52 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures You may be able to do something with the MSGSIZE test in conjunction with AVAFTERJM ON eg. SIZE-10MB msgsize 10240 x -50 0 David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, April 27, 2007 4:25 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures It's not that difficult. The legitimate messages with rar attachments are big (usually 10MB and up) so it's not hard to separate them from the image spam and common viruses being held in the virus directory. As mentioned by Craig in an earlier post, it would be nice if Declude added the capability to skip banning on files of large size. Original Message From: John T \(lists\) [EMAIL PROTECTED] Sent: Friday, April 27, 2007 3:56 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures Until Declude resolves the issue with BANEXT EZIP, I've had to ban all rar files. Unfortunately some of my customers regularly send rar attachments, so I've had to check the virus hold directory on a regular basis and manually resubmit any false positives there. Gary Instead of manually checking for legit files, use the BANEXT.eml file to send a postmaster message that you get and/or the recipient and/or sender get and that notice can be reviewed a lot easier than manually checking the hold directory. John T --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives
RE: [Declude.Virus] Viruses in Spam folder
In your virus.cfg file #Change the order in which JunkMail and Declude EVA scan. The default is JunkMail followed by Declude EVA. AVAFTERJM OFF David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Kogan Sent: Friday, May 04, 2007 11:37 AM To: declude.virus@declude.com Subject: [Declude.Virus] Viruses in Spam folder Ok easy question from a newbie. All incoming mail to our mail server is scanned for viruses by an external scanner (Computer Associate's Inoculate IT (SCANFILEC:\progra~1\CA\inocmd32.exe /ARC)). Declude is also checking our incoming mail for Spam and 'holding' some based on its score. When performing a virus scan of the drive on which Declude and Imail sit, the virus scanner finds viruses in the Spam folders. Does Declude check for Spam or viruses first? Jeff Kogan --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] re: new virus with .rar attachment
It is on our list. I will post when I have any results. So in short it's moving along -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, May 02, 2007 3:32 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] re: new virus with .rar attachment So, how's the investigation going? Original Message From: David Barker [EMAIL PROTECTED] Sent: Wednesday, April 25, 2007 6:43 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] re: new virus with .rar attachment Not sure if it is a bug just yet, I have submitted it for investigation. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, April 25, 2007 6:28 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] re: new virus with .rar attachment Yes, junkmail is scanning before virus. I was referring to http://manuals.declude.com/proconlinehelp/eva_4.0.8_automatically_bann ing_al l_encrypted_archive_files.htm According to the manual, BANEXT EZIP should also pick up password protected RAR files. I've just been told by Declude support that the failure to pick up the password-protected RAR file is a bug, and that they are working on fixing it. Original Message From: John T [EMAIL PROTECTED] Sent: Wednesday, April 25, 2007 5:41 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] re: new virus with .rar attachment Only if you also have BANEXT rar. Do you have junkmail scanning before virus? John T -Original Message- From: Gary Steiner [EMAIL PROTECTED] Sent 4/25/2007 10:44:37 AM To: declude.virus@declude.com Subject: [Declude.Virus] re: new virus with .rar attachment As a followup to this, in my virus.cfg I have BANEXT EZIP. Shouldn't this have caught the password-protected .rar file? Declude passed the message to SmarterMail without holding it. I'm running Declude 4.3.46. Original Message From: Gary Steiner [EMAIL PROTECTED] Sent: Wednesday, April 25, 2007 1:31 PM To: declude.virus@declude.com Subject: new virus with .rar attachment I started getting some messages today that were picked up as spam, but we re not being identified as viruses. They looked suspicious, having subject lines of Virus Activity Detected! Spyware Alert! It containes a .gif message that tells the user to open the .rar file and run the patch there to protect them from the virus/spyware. I ran it on www.virustotal.com, and the only scanner that picked it up wa s McAfee, and it identified it as W32/[EMAIL PROTECTED]. http://vil.nai.com/vil/content/v_142094.htm Since this a password protected .rar file, should we now be blocking thes e? --- --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures
Yes I apologize I only realized the next day (Saturday) that this would not work because the message will be scanned if it is under a HOLD or DELETE threshold. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, May 02, 2007 4:03 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures I am confused as to how this would work, as BANEXT RAR in EVA will hold those files regardless of the weight. Has anyone worked out a way to ban small RAR files that would contain the virus, and pass large RAR files that most likely would not? I'm trying to find a work around until Declude figures out how to detect encrypted RAR files. Right now I'm banning all RAR files, then have to go in and manually re-submit the legitimate RAR files that my customers are sending. Gary Original Message From: David Barker [EMAIL PROTECTED] Sent: Friday, April 27, 2007 5:52 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures You may be able to do something with the MSGSIZE test in conjunction with AVAFTERJM ON eg. SIZE-10MB msgsize 10240 x -50 0 David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, April 27, 2007 4:25 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures It's not that difficult. The legitimate messages with rar attachments are big (usually 10MB and up) so it's not hard to separate them from the image spam and common viruses being held in the virus directory. As mentioned by Craig in an earlier post, it would be nice if Declude added the capability to skip banning on files of large size. Original Message From: John T \(lists\) [EMAIL PROTECTED] Sent: Friday, April 27, 2007 3:56 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures Until Declude resolves the issue with BANEXT EZIP, I've had to ban all rar files. Unfortunately some of my customers regularly send rar attachments, so I've had to check the virus hold directory on a regular basis and manually resubmit any false positives there. Gary Instead of manually checking for legit files, use the BANEXT.eml file to send a postmaster message that you get and/or the recipient and/or sender get and that notice can be reviewed a lot easier than manually checking the hold directory. John T --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures
You may be able to do something with the MSGSIZE test in conjunction with AVAFTERJM ON eg. SIZE-10MB msgsize 10240 x -50 0 David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, April 27, 2007 4:25 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures It's not that difficult. The legitimate messages with rar attachments are big (usually 10MB and up) so it's not hard to separate them from the image spam and common viruses being held in the virus directory. As mentioned by Craig in an earlier post, it would be nice if Declude added the capability to skip banning on files of large size. Original Message From: John T \(lists\) [EMAIL PROTECTED] Sent: Friday, April 27, 2007 3:56 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures Until Declude resolves the issue with BANEXT EZIP, I've had to ban all rar files. Unfortunately some of my customers regularly send rar attachments, so I've had to check the virus hold directory on a regular basis and manually resubmit any false positives there. Gary Instead of manually checking for legit files, use the BANEXT.eml file to send a postmaster message that you get and/or the recipient and/or sender get and that notice can be reviewed a lot easier than manually checking the hold directory. John T --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Temp files ClamAV Windows not deleting
This is a ClamAV issue and not Declude. ClamAV is locking the files. I don't know why this happens but I saw this about 18 months ago, strangly though I don't think it effects everyone, could be how clam is installed wrt user rights. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Tuesday, April 17, 2007 6:45 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Temp files ClamAV Windows not deleting Jared: That is what happened to us.. ran out of C drive space .. and that cause a ton of issues. Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jared Pickerell Sent: Tuesday, April 17, 2007 6:15 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Temp files ClamAV Windows not deleting I'm running into the same problem. I ended up with a server out of hard drive space before I figured out what was going on. What can you do to let Declude/ClamWin delete them in the first place? As the administrator I can already delete the folders/files after the fact, but that doesn't solve the problem. Who needs to have ownership of the temp directory for Declude/ClamWin to delete these on its own? Also ClamWin was using very high CPU. Is ClamWin know for high CPU usage? With the temp files not deleting and the high CPU utilization, I ended up just removing ClamWin as one of the scanners. When the AVG fix came out it wasn't really an issue, but I would like to use Clam as a secondary scanner if possible? Any thoughts? Thanks Jared From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, April 17, 2007 1:58 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Temp files ClamAV Windows not deleting You need to take ownership of the files as the administrator and then you can delete them. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Tuesday, April 17, 2007 2:41 PM To: declude.virus@declude.com Subject: [Declude.Virus] Temp files ClamAV Windows not deleting Hi; I am having problem with viruses not being deleted from the temp directory when using the ClamWin - the following is the config entries: # CLAM- 1st Scanner #SCANFILE1 C:\Progra~1\ClamWin\bin\clamscan.exe --verbose --database=C:\Progra~1\ClamWin\db --tempdir=c:\Temp --no-summary -l report.txt #VIRUSCODE1 1 Any idea what I can do to have the virus files deleted from C:\temp? Thanks -Kami --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7
I will respond to this in a few minutes. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Monday, April 16, 2007 8:37 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 Honestly, I am not sure what all the individual files are, but here are my dates incavi.avm - 4/15/2007 microavi.avg - 4/5/2007 miniavg.avg - 2/16/2007 avi7.avg - 2/21/2007 Howard - you can try this post from David from the Archive- http://www.mail-archive.com/declude.virus@declude.com/msg13473.html Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Howard Smith (N.O.R.A.D.) mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Cc: [EMAIL PROTECTED] ; 'David Barker' mailto:[EMAIL PROTECTED] Sent: Monday, April 16, 2007 6:28 AM Subject: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 I have not had a virus update from decludes AVG builtin scanner since 4/6/7 , has any one received any later updates , or suggestions to fix problem Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7
Having checked with AVG, they have made some structural changes to the database this does not effect everybody, we will be providing a fix for this today. Any customer who is running a subscription or ZEROHOUR is protected by the added layer of virus security. Declude provides the ability for multilayer protection by supporting up to 5 additional virus scanners. If you are only running AVG and are affected by this change I can suggest configuring ClamWin until you are able to do the upgrade. 1. Download and Install ClamWin to the default locations http://superb-west.dl.sourceforge.net/sourceforge/clamwin/clamwin-0.90.1.1-s etup.exe 2. Add the following lines to your virus.cfg file. #CLAMAV SCANFILE C:\Progra~1\clamwin\bin\clamscan.exe --verbose --database=C:\docume~1\alluse~1\.clamwin\db --tempdir=c:\Temp --no-summary -l report.txt VIRUSCODE 1 As far as the file dates are concerned. Not every file needs to have the latest date as the updates and new virus signatures are incremental. As long as you have a file dated 14/15 Apr 2007 you are ok, but will need to upgrade when we do the release. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, April 16, 2007 9:37 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 I will respond to this in a few minutes. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Monday, April 16, 2007 8:37 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 Honestly, I am not sure what all the individual files are, but here are my dates incavi.avm - 4/15/2007 microavi.avg - 4/5/2007 miniavg.avg - 2/16/2007 avi7.avg - 2/21/2007 Howard - you can try this post from David from the Archive- http://www.mail-archive.com/declude.virus@declude.com/msg13473.html Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Howard Smith (N.O.R.A.D.) mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Cc: [EMAIL PROTECTED] ; 'David Barker' mailto:[EMAIL PROTECTED] Sent: Monday, April 16, 2007 6:28 AM Subject: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 I have not had a virus update from decludes AVG builtin scanner since 4/6/7 , has any one received any later updates , or suggestions to fix problem Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude 4.3.46 Release
Addresses this AVG issue. If you currently only have AVG as your virus scanner I would consider this a critical update. EVA ADD Improved AVG virus database format for optimization EVA ADD Improved speed of AVG scanning by 15-20% EVA ADD Updated AVG (avgsdk.dll 1.2.449) DEC ADD Updated Commtouch ZEROHOUR (asapsdk.dll 5.03.0013) JM FIX Smartermail HELO was being picked up from the headers rather than the envelope JM FIX Fixed log entry for PCRE when matching on location SUBJECT David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hirthe, Alexander Sent: Monday, April 16, 2007 10:09 AM To: declude.virus@declude.com Subject: AW: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 Hello Darell, are you (or David :) sure with the return codes? I'm getting 0.0.0.1 and these files on both servers: DarellAlex incavi.avm - 4/15/2007 - 4/06/2007 microavi.avg - 4/5/2007 - 4/05/2007 miniavg.avg - 2/16/2007 - 2/16/2007 avi7.avg - 2/21/2007 - 21/02/2007 I stopped decludeproc, renamed the AVG Files and started decludeproc and I got the same files, all from today, but with the same size than bevor. Alex Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Darrell ([EMAIL PROTECTED]) Gesendet: Montag, 16. April 2007 14:37 An: declude.virus@declude.com Betreff: Re: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 Honestly, I am not sure what all the individual files are, but here are my dates incavi.avm - 4/15/2007 microavi.avg - 4/5/2007 miniavg.avg - 2/16/2007 avi7.avg - 2/21/2007 Howard - you can try this post from David from the Archive- http://www.mail-archive.com/declude.virus@declude.com/msg13473.html Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Howard Smith (N.O.R.A.D.) mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Cc: [EMAIL PROTECTED] ; 'David Barker' mailto:[EMAIL PROTECTED] Sent: Monday, April 16, 2007 6:28 AM Subject: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 I have not had a virus update from decludes AVG builtin scanner since 4/6/7 , has any one received any later updates , or suggestions to fix problem Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. Siller AG, Wannenäckerstraße 43, 74078 Heilbronn Vorstand: Prof. H.-F. Siller (Vorsitzender), Jörn Bülow, Ralf Michi Aufsichtsratsvorsitzender: Armin Sohler Reg. Gericht Stuttgart, HRB 107707, Ust-Id Nr. DE145782955 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Declude 4.3.46 Release
The file was pcre3.dll and this would have only effected upgrades prior to 4.3.40 of Imail, however the downloads now include pcre3.dll for all versions prior. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Monday, April 16, 2007 3:38 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Declude 4.3.46 Release Importance: High Just got off the phone with Tech Support. A file pcres.dll was not included in the original upgrade executable and if that file is not in the \Imail directory the decludeproc service will not start. She had to send me the file separately and they will now be changing the upgrade executable. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, April 16, 2007 11:24 AM To: declude.virus@declude.com Subject: [Declude.Virus] Declude 4.3.46 Release Addresses this AVG issue. If you currently only have AVG as your virus scanner I would consider this a critical update. EVA ADD Improved AVG virus database format for optimization EVA ADD Improved speed of AVG scanning by 15-20% EVA ADD Updated AVG (avgsdk.dll 1.2.449) DEC ADD Updated Commtouch ZEROHOUR (asapsdk.dll 5.03.0013) JMFIX Smartermail HELO was being picked up from the headers rather than the envelope JMFIX Fixed log entry for PCRE when matching on location SUBJECT David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hirthe, Alexander Sent: Monday, April 16, 2007 10:09 AM To: declude.virus@declude.com Subject: AW: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 Hello Darell, are you (or David :) sure with the return codes? I'm getting 0.0.0.1 and these files on both servers: DarellAlex incavi.avm - 4/15/2007 - 4/06/2007 microavi.avg - 4/5/2007 - 4/05/2007 miniavg.avg - 2/16/2007 - 2/16/2007 avi7.avg - 2/21/2007 - 21/02/2007 I stopped decludeproc, renamed the AVG Files and started decludeproc and I got the same files, all from today, but with the same size than bevor. Alex Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Darrell ([EMAIL PROTECTED]) Gesendet: Montag, 16. April 2007 14:37 An: declude.virus@declude.com Betreff: Re: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 Honestly, I am not sure what all the individual files are, but here are my dates incavi.avm - 4/15/2007 microavi.avg - 4/5/2007 miniavg.avg - 2/16/2007 avi7.avg - 2/21/2007 Howard - you can try this post from David from the Archive- http://www.mail- archive.com/declude.virus@declude.com/msg13473.html Darrell -- - - Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Howard Smith (N.O.R.A.D.) mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Cc: [EMAIL PROTECTED] ; 'David Barker' mailto:[EMAIL PROTECTED] Sent: Monday, April 16, 2007 6:28 AM Subject: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 I have not had a virus update from decludes AVG builtin scanner since 4/6/7 , has any one received any later updates , or suggestions to fix problem Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. Siller AG, Wannenäckerstraße 43, 74078 Heilbronn Vorstand: Prof. H.-F. Siller (Vorsitzender), Jörn Bülow, Ralf Michi Aufsichtsratsvorsitzender: Armin Sohler Reg
RE: [Declude.Virus] Declude 4.3.46 Release
Point taken. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, April 16, 2007 4:32 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Declude 4.3.46 Release David and Linda, Can I make a suggestion?... It would seem that you should either embed the code from pcre3.dll within Declude (if allowed), or at least modify decludeproc.exe so that it will not error out when this file is unavailable. Whenever you rely on outside files for ancillary functionality, it would be best to allow recovery from their unavailability. So if this is only used for filter files, then maybe you could just throw an error in the logs and skip all filter files. I could see locking conditions or other OS issues that could impact the availability of this file on occasion. If it is only loaded once when the service starts, then that's not such a big deal, but it is definitely better to lose regex than it is to lose Declude as these systems have to have high availability and should be designed that way. Thanks, Matt David Barker wrote: The file was pcre3.dll and this would have only effected upgrades prior to 4.3.40 of Imail, however the downloads now include pcre3.dll for all versions prior. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Monday, April 16, 2007 3:38 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Declude 4.3.46 Release Importance: High Just got off the phone with Tech Support. A file pcres.dll was not included in the original upgrade executable and if that file is not in the \Imail directory the decludeproc service will not start. She had to send me the file separately and they will now be changing the upgrade executable. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, April 16, 2007 11:24 AM To: declude.virus@declude.com Subject: [Declude.Virus] Declude 4.3.46 Release Addresses this AVG issue. If you currently only have AVG as your virus scanner I would consider this a critical update. EVA ADD Improved AVG virus database format for optimization EVA ADD Improved speed of AVG scanning by 15-20% EVA ADD Updated AVG (avgsdk.dll 1.2.449) DEC ADD Updated Commtouch ZEROHOUR (asapsdk.dll 5.03.0013) JM FIX Smartermail HELO was being picked up from the headers rather than the envelope JM FIX Fixed log entry for PCRE when matching on location SUBJECT David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hirthe, Alexander Sent: Monday, April 16, 2007 10:09 AM To: declude.virus@declude.com Subject: AW: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 Hello Darell, are you (or David :) sure with the return codes? I'm getting 0.0.0.1 and these files on both servers: DarellAlex incavi.avm - 4/15/2007 - 4/06/2007 microavi.avg - 4/5/2007 - 4/05/2007 miniavg.avg - 2/16/2007 - 2/16/2007 avi7.avg - 2/21/2007 - 21/02/2007 I stopped decludeproc, renamed the AVG Files and started decludeproc and I got the same files, all from today, but with the same size than bevor. Alex Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Darrell ([EMAIL PROTECTED]) Gesendet: Montag, 16. April 2007 14:37 An: declude.virus@declude.com Betreff: Re: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 Honestly, I am not sure what all the individual files are, but here are my dates incavi.avm - 4/15/2007 microavi.avg - 4/5/2007 miniavg.avg - 2/16/2007 avi7.avg - 2/21/2007 Howard - you can try this post from David from the Archive- http://www.mail- archive.com/declude.virus@declude.com/msg13473.html Darrell -- - - Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Howard Smith (N.O.R.A.D.) mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Cc: [EMAIL PROTECTED] ; 'David Barker' mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Sent: Monday, April 16
[Declude.JunkMail] Declude 4.3.40 Released
FIX ZEROHOUR passing weight to SM when email WHITELISTED FIX Ignore Case checking in Imail Address book 2006 FIX Improved performance when OUTBOUNDSPAMSCANNING OFF FIX Updated CommTouch ZEROHOUR Dll FIX EXITSCANONVIRUSDETECT ON works between AVG and Commtouch ADD SM allows both email addresses and domains in their trusted sender list, declude will match on either ADD Support for Regular Expressions http://support.declude.com/Customer/KBArticle.aspx?articleid=97 in the Filters using PCRE library We will also be sending an email to notify customers of important changes. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude 4.3.40 Released
FIX ZEROHOUR passing weight to SM when email WHITELISTED FIX Ignore Case checking in Imail Address book 2006 FIX Improved performance when OUTBOUNDSPAMSCANNING OFF FIX Updated CommTouch ZEROHOUR Dll FIX EXITSCANONVIRUSDETECT ON works between AVG and Commtouch ADD SM allows both email addresses and domains in their trusted sender list, declude will match on either ADD Support for Regular Expressions http://support.declude.com/Customer/KBArticle.aspx?articleid=97 in the Filters using PCRE library We will also be sending an email to notify customers of important changes. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: Warning Rescinded: RE: [Declude.Virus] WARNING -RE: [Declude.JunkMail]
All set, made minor change to the installer if you downloaded prior to Rob's email download again. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Monday, March 12, 2007 11:39 AM To: declude.virus@declude.com; declude.junkmail@declude.com Subject: Warning Rescinded: RE: [Declude.Virus] WARNING -RE: [Declude.JunkMail] Amazing. Called. Went into voicemail. 2 minutes later, got a call back. Gave them access. Diagnosed problem. Fixed problem. Amazing. The problem, the regular expressions library - PCRE.dll didn't install properly. Not sure why, I'm sure they're looking at it. I learned a wonderful thing. You don't need PERL to use the new library. That was worth the time I spent on this. Thanks Declude. Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Monday, March 12, 2007 10:12 AM To: declude.junkmail@declude.com; declude.virus@declude.com Subject: [Declude.Virus] WARNING -RE: [Declude.JunkMail] Declude 4.3.40 Released Hi We tried installing, decludeproc wouldn't start. We have fallen back to 4.3.30, successfully. Getting on the phone now with Declude. Your mileage hopefully will vary. Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, March 12, 2007 9:26 AM To: declude.junkmail@declude.com; declude.virus@declude.com Subject: [Declude.JunkMail] Declude 4.3.40 Released FIX ZEROHOUR passing weight to SM when email WHITELISTED FIX Ignore Case checking in Imail Address book 2006 FIX Improved performance when OUTBOUNDSPAMSCANNING OFF FIX Updated CommTouch ZEROHOUR Dll FIX EXITSCANONVIRUSDETECT ON works between AVG and Commtouch ADD SM allows both email addresses and domains in their trusted sender list, declude will match on either ADD Support for Regular Expressions http://support.declude.com/Customer/KBArticle.aspx?articleid=97 in the Filters using PCRE library We will also be sending an email to notify customers of important changes. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: Warning Rescinded: RE: [Declude.Virus] WARNING -RE: [Declude.JunkMail]
All set, made minor change to the installer if you downloaded prior to Rob's email download again. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Monday, March 12, 2007 11:39 AM To: declude.virus@declude.com; declude.junkmail@declude.com Subject: Warning Rescinded: RE: [Declude.Virus] WARNING -RE: [Declude.JunkMail] Amazing. Called. Went into voicemail. 2 minutes later, got a call back. Gave them access. Diagnosed problem. Fixed problem. Amazing. The problem, the regular expressions library - PCRE.dll didn't install properly. Not sure why, I'm sure they're looking at it. I learned a wonderful thing. You don't need PERL to use the new library. That was worth the time I spent on this. Thanks Declude. Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Monday, March 12, 2007 10:12 AM To: declude.junkmail@declude.com; declude.virus@declude.com Subject: [Declude.Virus] WARNING -RE: [Declude.JunkMail] Declude 4.3.40 Released Hi We tried installing, decludeproc wouldn't start. We have fallen back to 4.3.30, successfully. Getting on the phone now with Declude. Your mileage hopefully will vary. Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, March 12, 2007 9:26 AM To: declude.junkmail@declude.com; declude.virus@declude.com Subject: [Declude.JunkMail] Declude 4.3.40 Released FIX ZEROHOUR passing weight to SM when email WHITELISTED FIX Ignore Case checking in Imail Address book 2006 FIX Improved performance when OUTBOUNDSPAMSCANNING OFF FIX Updated CommTouch ZEROHOUR Dll FIX EXITSCANONVIRUSDETECT ON works between AVG and Commtouch ADD SM allows both email addresses and domains in their trusted sender list, declude will match on either ADD Support for Regular Expressions http://support.declude.com/Customer/KBArticle.aspx?articleid=97 in the Filters using PCRE library We will also be sending an email to notify customers of important changes. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Next Declude Release
Just a quick update next release scheduled for 12 March. FIX ZEROHOUR passing weight to SM when email WHITELISTED (occurred 4.3.30) FIX Ignore Case checking in Imail Address book 2006 FIX Improved performance when OUTBOUNDSPAMSCANNING OFF FIX Updated CommTouch ZEROHOUR Dll FIX EXITSCANONVIRUSDETECT ON works between AVG and Commtouch ADD Support for Regular Expressions in the Filters using PCRE library Currently testing the PCRE and it's looking good. Time to brush up on your PCRE syntax. The format will be in the filters: LOCATIONWEIGHT PCREEXPRESSION Example: BODY5 PCRE(?i:v\s*[i!|]+\s*a\s*g\s*r\s*a) David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Next Declude Release
Just a quick update next release scheduled for 12 March. FIX ZEROHOUR passing weight to SM when email WHITELISTED (occurred 4.3.30) FIX Ignore Case checking in Imail Address book 2006 FIX Improved performance when OUTBOUNDSPAMSCANNING OFF FIX Updated CommTouch ZEROHOUR Dll FIX EXITSCANONVIRUSDETECT ON works between AVG and Commtouch ADD Support for Regular Expressions in the Filters using PCRE library Currently testing the PCRE and it's looking good. Time to brush up on your PCRE syntax. The format will be in the filters: LOCATIONWEIGHT PCREEXPRESSION Example: BODY5 PCRE(?i:v\s*[i!|]+\s*a\s*g\s*r\s*a) David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] pay-pal phishing
One way you could do this is to use the following lines in a filter #PAYPAL REVDNS END ENDSWITH.paypal.com MAILFROM20 ENDSWITH@paypal.com Also as far as I know the genuine paypal IP's are listed with BONDEDSENDER David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob McGregor Sent: Thursday, February 15, 2007 5:17 PM To: Declude-List Subject: [Declude.Virus] pay-pal phishing Anyone configured a way to stop some of the pay-pal scam emails? thanks, bob --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Release Update
We had scheduled a release for 31 January 2007, which we are delaying for some changes next date is Monday 5 February 2007 Thanks David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Release Update
We had scheduled a release for 31 January 2007, which we are delaying for some changes next date is Monday 5 February 2007 Thanks David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Release Update
Sure, however this is really a minor release, ... For the next release, we are currently working on adding regex for filters. Here is a short description of what is in Mondays: 1. Additional changes to accommodate Imail 2006 multiple address formatting for AUTOWHITELIST to work corrrectly 2. New EVA directive ALLOWVULNERABILITIESTO 3. Fixed AUTOWHITELIST OFF in Smartermail, this was not working turning off even when commented out. 4. Updated AVG and AVG dll's 5. Fixed logging issue for Incoming vs.Outgoing email Declude log message is incorrect where it reports that using incoming junk mail action for outgoing e-mail when Smarter Mail is used as a Gateway -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Thursday, February 01, 2007 9:50 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Release Update Hi David, What will this release contain? -Nick David Barker wrote: We had scheduled a release for 31 January 2007, which we are delaying for some changes next date is Monday 5 February 2007 Thanks David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability
Eric, A vulnerability is not a virus, and cannot be detected by virus software. When a virus uses a vulnerability, it will bypass a standard mailserver virus scanner, and get delivered to the recipient. This is the benefit of using the Declude rather than the traditional virus scanner to protect you mail server. Declude detects vulnerabilities. The Outlook 'Space Gap' vulnerability occurs when there is a space in one of the MIME headers where there is not normally a space (such as Content-Type : instead of Content-Type:). This is not RFC-compliant, but Outlook will treat it as valid and be able to execute a virus that virus scanners will not usually see. There is no legitimate reason for an E-mail to be formed like this. To turn off this vulnerability check in the virus.cfg ALLOWVULNERABILITY OLSPACEGAP But be aware that you will be potentially allowing a virus to get past your av scanner if it exploits this vulnerability. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: Thursday, January 25, 2007 11:20 AM To: declude.virus@declude.com Subject: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability I see several emails with this listed as the virus detected. Is this really a problem and a virus? I did download the file and uploaded to one of the virus test sites and it did come back as no virus found. How do I turn this off? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability
I apologize I copied the wrong directive (Chris was correct), here is the full list: #ALLOWVULNERABILITY OBJECTDATA #ALLOWVULNERABILITY OLCR #ALLOWVULNERABILITY OLSPACEGAP #ALLOWVULNERABILITY OLBLANKFOLDING #ALLOWVULNERABILITY OLMIMEHEADER #ALLOWVULNERABILITY OLMIMESEGMIMEPRE #ALLOWVULNERABILITY MIMESEGMIMEPOST #ALLOWVULNERABILITY OLLONGBOUNDARY #ALLOWVULNERABILITY OLBOUNDARYSPACEGAP #ALLOWVULNERABILITY OLLONGFILENAME #ALLOWVULNERABILITY NONSTANDARDHDR -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: Thursday, January 25, 2007 11:20 AM To: declude.virus@declude.com Subject: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability I see several emails with this listed as the virus detected. Is this really a problem and a virus? I did download the file and uploaded to one of the virus test sites and it did come back as no virus found. How do I turn this off? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude 4.3.24 AVG Interim
This version is available as an interim release, for those of you who have the login to interim, it is the same, be sure to download your appropriate decludeproc and the avgsdk.dll. If want to try the interim release email me directly. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude 4.3.24 AVG Interim
This version is available as an interim release, for those of you who have the login to interim, it is the same, be sure to download your appropriate decludeproc and the avgsdk.dll. If want to try the interim release email me directly. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Declude Security Suite 4.3.23 Released / AVG Vulnerability?
Currently in testing with us, I am not waiting on adding anything else to this build as soon as we have completed testing the new AVG dll we will release. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, December 08, 2006 11:59 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Declude Security Suite 4.3.23 Released / AVG Vulnerability? Good question. David? Original Message From: Stephan [EMAIL PROTECTED] Sent: Friday, December 08, 2006 12:21 AM To: declude.virus@declude.com Subject: [Declude.Virus] Re: [Declude.Virus] Declude Security Suite 4.3.23 Released / AVG Vulnerability? Is the built-in avg version included still vulnerable? Or has it been fixed already? Very glad to see the imail 2006 authowhite is now working. Thanks. -Original Message- From: David Barker [EMAIL PROTECTED] Sent 11/24/2006 8:08:51 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AVG Vulnerability From AVG the update has been released for beta testing, if there are no troubles, we publish it as an official build during the next week. David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Friday, November 24, 2006 4:29 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] AVG Vulnerability Hi, And...? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hotelmanagement en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] / www.tio.nl - Original Message - From: David Barker To: declude.virus@declude.com Sent: Tuesday, November 21, 2006 10:24 PM Subject: RE: [Declude.Virus] AVG Vulnerability We have a request in with Grisoft remember there is a time zone difference as they are in CZ David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Reimer Sent: Tuesday, November 21, 2006 4:01 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AVG Vulnerability Any updates on this yet? Should we be turning off AVG scanning? Mark Reimer IT System Admin American CareSource 972-308-6887 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, November 21, 2006 9:24 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AVG Vulnerability Darrell, We are currently looking into this new report and are contacting AVG we will post here as soon as we have an answer. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, November 21, 2006 8:48 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] AVG Vulnerability David / Declude, Is the integrated AVG scanner vulnerable? How do we deterimine what version of AVG is embedded inside of Declude? Darrell MODERATE: Grisoft AVG Anti-Virus Multiple Vulnerabilities Affected: AVG Anti-Virus versions prior to 7.1.407 Description: AVG Anti-Virus, a popular anti-virus system, contains multiple vulnerabilities. By sending a specially-crafted file through the system, an attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the anti-virus process. No technical details for these vulnerabilities are currently available. Status: Grisoft confirmed, updates available. Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary. References: Grisoft Release Notes http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01 SecurityFocus BID http://www.securityfocus.com/bid/21029 -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http
[Declude.JunkMail] Declude Security Suite 4.3.23 Released
JM ADD WHITELIST reason shown in LOGLEVEL HIGH JM FIX Declude crashes fixed on corrupted From: line in the header part of the envelope file JM FIX Broken Headers issue fixed JM ADD AUTOWHITELIST for Imail 2006 JM FIX Revised ROUTING spamrouting Internal tables have to be updated to reflect domestic and offshore network blocks. EVA ADD MIME header mismatch, Declude assumes it is an executable. If this test is turned off then the e-mail will not be caught as vulnerability. However, there is a log message that the mismatch was found and it is ignored because it is turned off. Located in the virus.cfg, default is ON MISMATCHEDEXT ON EVA FIX Zip vulnerability, declude is holding a valid zip file as vulnerability JM FIX Default for the OUTBOUNDSCANNINGSPAM directive is ON DEC FIX New CommTouch Dll David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude Security Suite 4.3.23 Released
JM ADD WHITELIST reason shown in LOGLEVEL HIGH JM FIX Declude crashes fixed on corrupted From: line in the header part of the envelope file JM FIX Broken Headers issue fixed JM ADD AUTOWHITELIST for Imail 2006 JM FIX Revised ROUTING spamrouting Internal tables have to be updated to reflect domestic and offshore network blocks. EVA ADD MIME header mismatch, Declude assumes it is an executable. If this test is turned off then the e-mail will not be caught as vulnerability. However, there is a log message that the mismatch was found and it is ignored because it is turned off. Located in the virus.cfg, default is ON MISMATCHEDEXT ON EVA FIX Zip vulnerability, declude is holding a valid zip file as vulnerability JM FIX Default for the OUTBOUNDSCANNINGSPAM directive is ON DEC FIX New CommTouch Dll David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Log file
Does this exist on your server ? C:\Progra~1\Grisoft\AVG7\avg.exe David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Tuesday, December 05, 2006 3:16 PM To: declude.virus@declude.com Subject: [Declude.Virus] Log file Doing my daily checkup today, and this appeared in my console.txt file: 12/05/2006 13:57:55.048 qcf3b008dbefd.smd Your virus scanner DOES NOT EXIST (at C:\Progra~1\Grisoft\AVG7\avg.exe /NOBOOT / 12/05/2006 13:59:13.048 qcf8a0093bf2e.smd Vulnerability flags = 0 I have not seen this before today. Running Imail 8.22 with patch, and Declude 4.3.7. AVG is currently only scanner running. Thoughts? Todd --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Log file
Comment out the AVG SCANFILE call in your virus.cfg if you are running Declude 4.x AVG is built in. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Tuesday, December 05, 2006 4:13 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Log file Hmmm... Actually, it doesn't. I have AVG Pro running on the machine, protecting the machine (minus the spool folder). I am using the built-in AVG scanner with Declude. Would this be a conflict? The question then is, does the avg.exe file referenced below refer to the Pro version, or the scanner version? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, December 05, 2006 2:18 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Log file Does this exist on your server ? C:\Progra~1\Grisoft\AVG7\avg.exe David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Tuesday, December 05, 2006 3:16 PM To: declude.virus@declude.com Subject: [Declude.Virus] Log file Doing my daily checkup today, and this appeared in my console.txt file: 12/05/2006 13:57:55.048 qcf3b008dbefd.smd Your virus scanner DOES NOT EXIST (at C:\Progra~1\Grisoft\AVG7\avg.exe /NOBOOT / 12/05/2006 13:59:13.048 qcf8a0093bf2e.smd Vulnerability flags = 0 I have not seen this before today. Running Imail 8.22 with patch, and Declude 4.3.7. AVG is currently only scanner running. Thoughts? Todd --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Log file
Yes we do not change any config files when updating declude. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Tuesday, December 05, 2006 5:00 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Log file Thanks David. Was that left over from a previous version that didn't include AVG built in? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, December 05, 2006 3:20 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Log file Comment out the AVG SCANFILE call in your virus.cfg if you are running Declude 4.x AVG is built in. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Tuesday, December 05, 2006 4:13 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Log file Hmmm... Actually, it doesn't. I have AVG Pro running on the machine, protecting the machine (minus the spool folder). I am using the built-in AVG scanner with Declude. Would this be a conflict? The question then is, does the avg.exe file referenced below refer to the Pro version, or the scanner version? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, December 05, 2006 2:18 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Log file Does this exist on your server ? C:\Progra~1\Grisoft\AVG7\avg.exe David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Tuesday, December 05, 2006 3:16 PM To: declude.virus@declude.com Subject: [Declude.Virus] Log file Doing my daily checkup today, and this appeared in my console.txt file: 12/05/2006 13:57:55.048 qcf3b008dbefd.smd Your virus scanner DOES NOT EXIST (at C:\Progra~1\Grisoft\AVG7\avg.exe /NOBOOT / 12/05/2006 13:59:13.048 qcf8a0093bf2e.smd Vulnerability flags = 0 I have not seen this before today. Running Imail 8.22 with patch, and Declude 4.3.7. AVG is currently only scanner running. Thoughts? Todd --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Interim Release 4.3.23 - need a few volunteers
4.3.23 that has the following bug fixes: * Broken Headers * AUTOWHITELIST for Imail 2006 * Revise ROUTING spamrouting * MIME header mismatch, Declude assumes it is an executable Now you can turn on/off the MIME header mismatch test. Default: MISMATCHEDEXT ON In virus.cfg file MISMATCHEDEXT ON MISMATCHEDEXT OFF Function description: If this test is turned off then the e-mail will not be caught as vulnerability. However, there is a log message that the mismatch was found and it is ignored because it is turned off. * Zip vulnerability, declude is holding a valid zip file as vulnerability * Default for the OUTBOUNDSCANNINGSPAM directive is ON * New CommTouch Dll Email me, I cannot promise to respond to everyone, I will stop replying when I have enough volunteers. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Interim Release 4.3.23 - need a few volunteers
4.3.23 that has the following bug fixes: * Broken Headers * AUTOWHITELIST for Imail 2006 * Revise ROUTING spamrouting * MIME header mismatch, Declude assumes it is an executable Now you can turn on/off the MIME header mismatch test. Default: MISMATCHEDEXT ON In virus.cfg file MISMATCHEDEXT ON MISMATCHEDEXT OFF Function description: If this test is turned off then the e-mail will not be caught as vulnerability. However, there is a log message that the mismatch was found and it is ignored because it is turned off. * Zip vulnerability, declude is holding a valid zip file as vulnerability * Default for the OUTBOUNDSCANNINGSPAM directive is ON * New CommTouch Dll Email me, I cannot promise to respond to everyone, I will stop replying when I have enough volunteers. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AVG Vulnerability
_ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Friday, November 24, 2006 4:29 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] AVG Vulnerability Hi, And...? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hotelmanagement en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] / http://www.tio.nl www.tio.nl - Original Message - From: David mailto:[EMAIL PROTECTED] Barker To: declude.virus@declude.com Sent: Tuesday, November 21, 2006 10:24 PM Subject: RE: [Declude.Virus] AVG Vulnerability We have a request in with Grisoft remember there is a time zone difference as they are in CZ David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Reimer Sent: Tuesday, November 21, 2006 4:01 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AVG Vulnerability Any updates on this yet? Should we be turning off AVG scanning? Mark Reimer IT System Admin American CareSource 972-308-6887 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, November 21, 2006 9:24 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AVG Vulnerability Darrell, We are currently looking into this new report and are contacting AVG we will post here as soon as we have an answer. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, November 21, 2006 8:48 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] AVG Vulnerability David / Declude, Is the integrated AVG scanner vulnerable? How do we deterimine what version of AVG is embedded inside of Declude? Darrell MODERATE: Grisoft AVG Anti-Virus Multiple Vulnerabilities Affected: AVG Anti-Virus versions prior to 7.1.407 Description: AVG Anti-Virus, a popular anti-virus system, contains multiple vulnerabilities. By sending a specially-crafted file through the system, an attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the anti-virus process. No technical details for these vulnerabilities are currently available. Status: Grisoft confirmed, updates available. Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary. References: Grisoft Release Notes http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01 SecurityFocus BID http://www.securityfocus.com/bid/21029 Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AVG Vulnerability
From AVG the update has been released for beta testing, if there are no troubles, we publish it as an official build during the next week. David B www.declude.com _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Friday, November 24, 2006 4:29 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] AVG Vulnerability Hi, And...? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hotelmanagement en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] / http://www.tio.nl www.tio.nl - Original Message - From: David mailto:[EMAIL PROTECTED] Barker To: declude.virus@declude.com Sent: Tuesday, November 21, 2006 10:24 PM Subject: RE: [Declude.Virus] AVG Vulnerability We have a request in with Grisoft remember there is a time zone difference as they are in CZ David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Reimer Sent: Tuesday, November 21, 2006 4:01 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AVG Vulnerability Any updates on this yet? Should we be turning off AVG scanning? Mark Reimer IT System Admin American CareSource 972-308-6887 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, November 21, 2006 9:24 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] AVG Vulnerability Darrell, We are currently looking into this new report and are contacting AVG we will post here as soon as we have an answer. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, November 21, 2006 8:48 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] AVG Vulnerability David / Declude, Is the integrated AVG scanner vulnerable? How do we deterimine what version of AVG is embedded inside of Declude? Darrell MODERATE: Grisoft AVG Anti-Virus Multiple Vulnerabilities Affected: AVG Anti-Virus versions prior to 7.1.407 Description: AVG Anti-Virus, a popular anti-virus system, contains multiple vulnerabilities. By sending a specially-crafted file through the system, an attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the anti-virus process. No technical details for these vulnerabilities are currently available. Status: Grisoft confirmed, updates available. Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary. References: Grisoft Release Notes http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01 SecurityFocus BID http://www.securityfocus.com/bid/21029 Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Hijack Question
Stop/Start the decludeproc will reset the hijack counter. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 9:42 AM To: declude.virus@declude.com Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. Regards Mario Antonio --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Hijack Question
There should not be orphan files I would think you are running some type of virus scanner that is removing the D*.smd files from the \work directory. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 11:50 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, One more question, I am seeing that some Q files remain in the spool\proc\work folder, is this normal? why? Should I clean them manually? Where are the corresponding D files? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 10:18 AM Subject: RE: [Declude.Virus] Hijack Question Stop/Start the decludeproc will reset the hijack counter. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 9:42 AM To: declude.virus@declude.com Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. Regards Mario Antonio --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Hijack Question
1. Make sure that the Real-Time scanner of F-prot is disabled 2. At a minimum you should be running Declude 3.11 David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 2:38 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, I am running f-prot 3.16f Take a look at my configs SCANFILE C:\f-prot_windows\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /PACKED /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection: Any suggestions? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 1:58 PM Subject: RE: [Declude.Virus] Hijack Question There should not be orphan files I would think you are running some type of virus scanner that is removing the D*.smd files from the \work directory. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 11:50 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, One more question, I am seeing that some Q files remain in the spool\proc\work folder, is this normal? why? Should I clean them manually? Where are the corresponding D files? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 10:18 AM Subject: RE: [Declude.Virus] Hijack Question Stop/Start the decludeproc will reset the hijack counter. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 9:42 AM To: declude.virus@declude.com Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. Regards Mario Antonio --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Hijack Question
DEBUG logs for this would be extremely helpful David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Tuesday, October 31, 2006 3:23 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question -David Since it is out there, I also have seen rare D* messages without Q* file stranded in the work folder also. For me about 2 a month. They tend to be spam (of course so does 80% of all mail). If it is a legit message, I'll just forge up a corresponding Q* message and reprocess them. I'm running Declude 4.3.14 I'm quite confident that it isn't a real-time scanning problem here. I think the virus program would probable quarantine a D* file and leave the q* file. Instead the Q* file is gone, elaving the D* file. The next time I get one, I'll check the logs for that message for anything unusual. - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 1:52 PM Subject: RE: [Declude.Virus] Hijack Question 1. Make sure that the Real-Time scanner of F-prot is disabled 2. At a minimum you should be running Declude 3.11 David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 2:38 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, I am running f-prot 3.16f Take a look at my configs SCANFILE C:\f-prot_windows\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /PACKED /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection: Any suggestions? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 1:58 PM Subject: RE: [Declude.Virus] Hijack Question There should not be orphan files I would think you are running some type of virus scanner that is removing the D*.smd files from the \work directory. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 11:50 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, One more question, I am seeing that some Q files remain in the spool\proc\work folder, is this normal? why? Should I clean them manually? Where are the corresponding D files? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 10:18 AM Subject: RE: [Declude.Virus] Hijack Question Stop/Start the decludeproc will reset the hijack counter. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 9:42 AM To: declude.virus@declude.com Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. Regards Mario Antonio --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http
RE: [Declude.Virus] ALLOWVULNERABILITIES Directive
Currently this only works on a fully qualified email address. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Stillwell Sent: Thursday, October 12, 2006 3:46 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] ALLOWVULNERABILITIES Directive Was this ever fixed, becuase I just used it, and well... Its doesn't appear to work? ALLOWVULNERABILITIESFROM @priderockholdings.com See: Declude Virus v4.3.7 caught the [Outlook 'MIME segment in MIME Preamble' Vulnerability] virus in [No attachment] from [EMAIL PROTECTED] to: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ralph Krausse Sent: Wednesday, May 04, 2005 9:11 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] ALLOWVULNERABILITIES Directive We are currently looking into a possible issue with this directive. We will be shortly releasing a incremental version with some enhancements and fixes. If ALLOWVULNERABILITIES does have an issue, it will be dealt with and documented. Thank you Declude Development --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Release 4.3.14 and 3.1.3
No why ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shaun Patterson Sent: Thursday, September 28, 2006 12:04 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Release 4.3.14 and 3.1.3 Is there something wrong with the ones up there? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, September 28, 2006 11:39 AM To: declude.junkmail@declude.com; declude.virus@declude.com Subject: [Declude.Virus] Release 4.3.14 and 3.1.3 Declude Security Suite 4.3.14 --- DEC ADD BANCHARSET defined in the declude.cfg quarentines listed character sets Example: BANCHARSET iso-2022-jp BANCHARSET koi8-r EVA ADD With AVAFTERJM ON the JM Log displays message moved to virus folder JM ADD Spam checking for inbound/outbound scanning can be turned on/off. Located as a directive in the global.cfg file, below are the default settings. OUTBOUNDSCANNINGSPAMOFF INBOUNDSCANNINGSPAM ON JM FIX IPBYPASS now takes place before WHITELIST JM FIX Using HOLD action in the $default$.junkmail file, if an extra space was after %DATE% incorrect behaviour was observed, this is not been normalized JM FIX X-COUNTRYCHAIN log entry no longer truncated JM FIX DELETE_RECIPIENT removes the specified email address as per-user action only DEC FIX On occasion ZEROHOUR initialized two overlaping threads causing decludeproc crash HI FIX CONCATENATELOGS with KEEPINDIVIDUALLOGS works correctly Declude Security Suite 3.1.3 --- SM FIX Decludeproc will not start without a valid domainlist.xml HI FIX CONCATENATELOGS with KEEPINDIVIDUALLOGS works correctly JM FIX Declude crash fix. Buffer Overflow reading the From: line in the Headers JM FIX With HOLD if extra space after %DATE% incorrect behaviour was observed this is not been normalized David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Release 4.3.14 and 3.1.3
Harry, The files are most likely still in the process of being uploaded. Should be there in a short while. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Thursday, September 28, 2006 12:25 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Release 4.3.14 and 3.1.3 When I go to download I get 437??? Harry Vanderzand inTown Internet Computer Services 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, September 28, 2006 11:39 AM To: declude.junkmail@declude.com; declude.virus@declude.com Subject: [Declude.Virus] Release 4.3.14 and 3.1.3 Declude Security Suite 4.3.14 --- DEC ADD BANCHARSET defined in the declude.cfg quarentines listed character sets Example: BANCHARSET iso-2022-jp BANCHARSET koi8-r EVA ADD With AVAFTERJM ON the JM Log displays message moved to virus folder JMADD Spam checking for inbound/outbound scanning can be turned on/off. Located as a directive in the global.cfg file, below are the default settings. OUTBOUNDSCANNINGSPAMOFF INBOUNDSCANNINGSPAM ON JMFIX IPBYPASS now takes place before WHITELIST JMFIX Using HOLD action in the $default$.junkmail file, if an extra space was after %DATE% incorrect behaviour was observed, this is not been normalized JMFIX X-COUNTRYCHAIN log entry no longer truncated JMFIX DELETE_RECIPIENT removes the specified email address as per-user action only DEC FIX On occasion ZEROHOUR initialized two overlaping threads causing decludeproc crash HIFIX CONCATENATELOGS with KEEPINDIVIDUALLOGS works correctly Declude Security Suite 3.1.3 --- SMFIX Decludeproc will not start without a valid domainlist.xml HIFIX CONCATENATELOGS with KEEPINDIVIDUALLOGS works correctly JMFIX Declude crash fix. Buffer Overflow reading the From: line in the Headers JMFIX With HOLD if extra space after %DATE% incorrect behaviour was observed this is not been normalized David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AVG?
Title: AVG? AVG is scanner 0 run your logs on DEBUG and you will see it there. David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hirthe, AlexanderSent: Friday, September 22, 2006 11:25 AMCc: declude.virus@declude.comSubject: [Declude.Virus] AVG? Hello, I'm not shure, If AVG is running, how can I verify this? (After upgrading to 4.3.7) In the logfile I see this: 09/22/2006 15:08:37.046 qe051017b01b9.smd Outlook 'Space Gap' Vulnerability in line 36 09/22/2006 15:08:37.875 qe051017b01b9.smd Virus scanner 1 reports exit code of 0 09/22/2006 15:08:41.718 qe051017b01b9.smd Virus scanner 2 reports exit code of 0 09/22/2006 15:08:41.718 qe051017b01b9.smd Found a bogus .com file ?? Scanners are #1 = Clam, #2 = Fprot, and where is AVG? :-) Alex ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
RE: [Declude.Virus] New feature needed
BanNotify.eml is sent out to people who try sending a banned file extension. BounceNotify.eml is used with the BOUNCEONLYIFYOUMUST ACTION which will send a bounce message - this should NOT be used except in rare cases. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, August 11, 2006 1:09 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New feature needed I'm just trying to narrow these files down. I don't want to stick something in the Declude directory and have it exhibit unexpected behavior. Also there are many other files in the Declude directory that are unexplained and may be left over from older versions, but I have no way to know if I can delete them or not. BounceNotify.eml is there, it was installed by Declude. Though I just tested it by sending myself a banned file, and it did not work, so maybe Declude discontinued it at some point (David?). There is no file called Vulnerabilty.eml in the Declude directory, so I assume Declude does not install this by default. Original Message From: John T \(Lists\) [EMAIL PROTECTED] Sent: Friday, August 11, 2006 3:56 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New feature needed Sorry, forgot to make an all inclusive list: To my knowledge, there is no BounceNotify.eml. JunkMail uses the following eml files ONLY: SpamAttach.eml Confirm uses the following eml file ONLY: Confirm.eml When EVA finds a vulnerability (list in the EVA manual further down from the allow section) it uses the following file ONLY: Vulnerability.eml When EVA finds a banned attachment and the associated email is not found to be virus laden or contain a vulnerability, EVA will use the following file ONLY: BanNotify.eml ANY OTHER eml file contained in the \declude directory will be used by EVA when a virus is found according to parameters within each file. So, if you have 50 eml files aside from the above specifically mentioned 4, EVA will try to use all 50 when it finds a virus. The reason for this along with the original 4 other eml files normally found (postmaster.eml, otherpostmaster.eml, sender.eml and recipient.eml) was so that a appropriately worded notice be set to each respective party as desired. However, that also allows for plenty of customization. Example, I have a client that the manager wants a copy of each notice sent. So I have created 2 specific eml files for that client, one for if the infected email is incoming and one for if the infected email is outgoing. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Thursday, August 10, 2006 9:05 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New feature needed But what defines a vulnerability? Are you referring to the list of vulnerabilities associated with the ALLOWVULNERABILITY statement in the EVA manual? I'm confused by the various .eml files Declude provides and how it decides to use them, whether EVA or Junkmail. None of the .eml files that come with Declude have the name of a vulnerability. Here is a list of the E-mail template files that came with the Declude 4.x installation and how I guess that they are used (since there doesn't seem to be some centralized description/list of what these files are and how they are used): spamattach.eml - Used by Junkmail when ATTACH action is implemented. postmaster.eml - Used by EVA to warn the postmaster of the local machine that a virus was detected. BOUNCEnotify.eml - Used by EVA to warn the local sender that his (outgoing) E-mail attachment contained a banned extension. BANnotify.eml - Used by EVA to warn the sender that his (incoming) E-mail attachment contained a banned extension. otherpostmaster.eml - Used by EVA to warn the postmaster of a host that a virus came from his server (typically not used due to virus forging). sender.eml - Used by EVA to warn the sender that an E-mail sent by him was detected as a virus (typically not used due to virus forging). recip.eml - Used by EVA to warn the recipient that Declude detected a virus send to him. confirm.eml - Used by Declude Confirm (http://www.declude.com/Articles.asp?ID=127). Is this a discontinued product? If not, does it work with SmarterMail? So it seems that most of the files are used by EVA, one by Junkmail and one by Confirm. Does that mean that Junkmail and Confirm only use their one specific .eml file and ignore all the others? If I create a randomly named .eml file, will it only be used by EVA? Original Message From: John T \(Lists\) [EMAIL PROTECTED] Sent: Thursday, August 10, 2006 9:37 PM
RE: [Declude.Virus] Upcoming Declude Release
Hi Tim, The AUTOWHITELIST for Imail 2006 is not on this release but we are working on it and I hope to possibly get it in the next release. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Moore Sent: Wednesday, July 26, 2006 1:43 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Upcoming Declude Release Hi David, Thanks for the update. Is the AUTOWHITELIST fixed in the new version, we need to upgrade to Imail 2006 before our Imail SA runs out. We did one of our small servers and it is a pain to have to manually update aliases.txt file for our customers. The next server has over 2000 customers that are using the AUTOWHITELIST. The tech support would go through the roof if we had to update the aliases.txt for that many customers. Thanks Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, July 26, 2006 6:10 AM To: declude.junkmail@declude.com; declude.virus@declude.com Subject: [Declude.Virus] Upcoming Declude Release This is just an FYI. Our next release is scheduled for 2 Aug and we are aiming to add the following fixes for 4.3.x: Fix - Hijack - HOLD/DELETE to prevent spam items going to \Spool Fix - Failed .hdr to be DELETED rather than move to the \error directory Fix - COPYFILE not working correctly Fix - Add x-header for CT RefID Fix - Buffer Overflow fix In conjunction with this we will release a 3.1.x with several of the fixes already added to 4.x David Barker Product Manager Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] DrWatson errors
Make sure you have a virus.cfg file in your \Declude directory with the VIRDIR set. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Dobbin Sent: Tuesday, July 18, 2006 5:07 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] DrWatson errors We were seeing those too until we upgraded to 4.2.20 - now no Dr. Watsons, but the virus catches are being put in the root of our system drive - UGHH! John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Strother Sent: Tuesday, July 18, 2006 3:46 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] DrWatson errors I'm also seeing 3 or 4 application errors a day. I see the following in our event logs: Faulting application decludeproc.exe, version 0.0.0.0, faulting module decludeproc.exe, version 0.0.0.0, fault address 0x8cf6. Any thoughts? Mark Strother Pacific Online Phone: 604-638-6010 ext. 222 Fax: 604-638-6020 Toll Free: 1-877-503-9870 http://www.pacificonline.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Weber Sent: Tuesday, July 18, 2006 1:01 PM To: declude.virus@declude.com Subject: [Declude.Virus] DrWatson errors I just activated Declude 4.2 with SmarterMail on Windows 2003 server - Virus only. I activated it last night and there have been 3 DrWatson errors already today. The Declude Virus logs look fine, and it appears to be working correctly. Except for these DrWatsons. :(( And ideas, anyone? I searched the Declude Virus users list but did not find anything related to this. And also sent the same information to Declude Support. Thought maybe someone else had already hit this and resolved it. Thank you, David Weber Windows 2000 MCP http://www.orcsweb.com/ Managed Complex Hosting #1 in Service and Support --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.20 Error in Log
BUILTINSCANNEROFF Located in Virus.cfg. Will disable the internal AVG scanner. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, July 13, 2006 8:34 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] 4.2.20 Error in Log Andy, Besides AVG I have 3 scanners: listed in order (F-Prot, Clam AV, McAfee). I do think its an AVG issue like you suggested. I am trying to find a way to disable the built in AVG virus scanner to see if this message goes away. Darrell Andy Schmidt writes: Do you have a second/external scanner defined. May be the internal scanner (AVG) deletes an attachment and then Declude complains that its gone when it tries to launch the secondary? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, July 12, 2006 05:46 PM To: declude.virus@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.Virus] 4.2.20 Error in Log Since upgrading to 4.2.20 I started seeing the following error: 07/12/2006 00:34:41.812 q7bca020f6715.smd 1 [1 of 2 not deleted] files were deleted. You should not use an on-access virus scanner that scans the \IMail directory or sub-directories.07/12/2006 00:34:41.328 This only happens when AVG catches a virus. It did not get logged under 3.x version. Nor do I have an On Access Virus Scanner. Anyone else seeing this? Darrell See the log snippet below. 07/12/2006 00:34:41.328 q7bca020f6715.smd Vulnerability flags = 0 07/12/2006 00:34:41.328 q7bca020f6715.smd MIME file: [text/html][7bit; Length=733 Checksum=67160] 07/12/2006 00:34:41.328 q7bca020f6715.smd MIME file: email-details.zip [base64; Length=108312 Checksum=13182423] 07/12/2006 00:34:41.781 q7bca020f6715.smd AVG Reports VIRUS: IRC/BackDoor.SdBot.PMS 07/12/2006 00:34:41.781 q7bca020f6715.smd File(s) are INFECTED [IRC/BackDoor.SdBot.PMS: 7] 07/12/2006 00:34:41.812 q7bca020f6715.smd 1 [1 of 2 not deleted] files were deleted. You should not use an on-access virus scanner that scans the \IMail directory or sub-directories.07/12/2006 00:34:41.328 q7bca020f6715.smd Vulnerability flags = 0 07/12/2006 00:34:41.328 q7bca020f6715.smd MIME file: [text/html][7bit; Length=733 Checksum=67160] 07/12/2006 00:34:41.328 q7bca020f6715.smd MIME file: email-details.zip [base64; Length=108312 Checksum=13182423] 07/12/2006 00:34:41.781 q7bca020f6715.smd AVG Reports VIRUS: IRC/BackDoor.SdBot.PMS 07/12/2006 00:34:41.781 q7bca020f6715.smd File(s) are INFECTED [IRC/BackDoor.SdBot.PMS: 7] 07/12/2006 00:34:41.812 q7bca020f6715.smd 1 [1 of 2 not deleted] files were deleted. You should not use an on-access virus scanner that scans the \IMail directory or sub-directories. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Ambiguous Virus Scanner ID in log
The External McAfee Scanner, if you run logs on DEBUG you will see that the AVG (Internal) Scanner reports as AVG. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Wednesday, July 12, 2006 5:38 PM To: declude.virus@declude.com Subject: [Declude.Virus] Ambiguous Virus Scanner ID in log Hi Dave, My log indicates: 07/12/2006 17:34:20.625 q6ad4014a0137.smd Vulnerability flags = 0 07/12/2006 17:34:21.593 q6ad4014a0137.smd Virus scanner 1 reports exit code of 0 Which one is considered Virus scanner 1 - the INTERNAL (AVG) scanner that comes with Declude 4.2.20 - or my EXTERNAL McAfee Scanner? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] 4.2 build 20 Released 6 July 2006
EVA ADD New NONSTANDARDHDR vulnerability test. Messages found to have broken headers are moved to the \virus folder EVA FIX ALLOWVULNERABILITIESFROM (for user) EVA FIX BANEXT buffer overflow SM ADD When an error is found in the envelope (.hdr) file the message is moved to the \error folder SM ADD Decludeproc will not start without a valid domainlist.xml SM FIX QUEUEFILE_SAVEFILE the log is showing the correct directory path SM FIX Allows admin to set VIRDIR to any directory path in the virus.cfg David Barker Product Manager Your Email security is our businessT 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.Virus] 4.2 build 20 Released 6 July 2006
EVA ADD New NONSTANDARDHDR vulnerability test. Messages found to have broken headers are moved to the \virus folder EVA FIX ALLOWVULNERABILITIESFROM (for user) EVA FIX BANEXT buffer overflow SM ADD When an error is found in the envelope (.hdr) file the message is moved to the \error folder SM ADD Decludeproc will not start without a valid domainlist.xml SM FIX QUEUEFILE_SAVEFILE the log is showing the correct directory path SM FIX Allows admin to set VIRDIR to any directory path in the virus.cfg David Barker Product Manager Your Email security is our businessT 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2 build 20 Released 6 July 2006
ALLOWVULNERABILITY NONSTANDARDHDR David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, July 07, 2006 11:08 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] 4.2 build 20 Released 6 July 2006 David, In reference the the NONSTANDARDHDR vulnerability, did you include the ability to turn this off? Thanks, Matt David Barker wrote: EVAADD New NONSTANDARDHDR vulnerability test. Messages found to have broken headers are moved to the \virus folder EVAFIX ALLOWVULNERABILITIESFROM (for user) EVAFIX BANEXT buffer overflow SM ADD When an error is found in the envelope (.hdr) file the message is moved to the \error folder SM ADD Decludeproc will not start without a valid domainlist.xml SM FIX QUEUEFILE_SAVEFILE the log is showing the correct directory path SM FIX Allows admin to set VIRDIR to any directory path in the virus.cfg David Barker Product Manager Your Email security is our businessT 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
I have added the request to the wish list. We are focusing on replicating problems and fixing items from the list I had posted earlier last week. We are looking to do a release Thursday 8 July it is currently under going testing. This is all obviously subject to change just trying to keep you informed. Items in next release: 1. Fix - ALLOWVULNERABILITIESFROM - full email address only 2. Fix - QUEUEFILE_SAVEFILE log shows incorrect directory path 3. Add - Error in SM envelope file: if errors are found the mail will be moved to the error directory 4. Add - If the headers files are not found then the data file is moved to error directory. 5. Add - A new vulnerability test NONSTANDARDCRLF will be included to check for the end of the headers. David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Tuesday, June 27, 2006 7:04 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus John, Not to say that this wouldn't be something that is nice to have, I can think of dozens of things that are very largely useful on a much more regular basis. In fact, the current functionality provides an appropriate mechanism for blocking these as-is. I would just simply like to see Declude catch up by fixing the known bugs first. When they catch up, then certainly they should consider feature requests, but it would make sense focus on new tests and improving existing ones, along with refining functionality. I will personally continue to hold back from such discussions until it is clear that they are capable of handling the bugs. Sorry to make an example of you here; that's not the intention of course. I just thought that it would be constructive to point this stuff out for the benefit of Declude and it's customers alike. Matt John T (Lists) wrote: I know. :( Declude, this is a feature who's time has come. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Tuesday, June 27, 2006 3:10 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus As I know yes but BANNAME my_notebook.doc wouldn't work for files within zip-archives. Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Tuesday, June 27, 2006 11:48 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus Is the word document only named that? John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Tuesday, June 27, 2006 11:32 AM To: declude.virus@declude.com Subject: [Declude.Virus] New Virus: zipped word doc with Macro-Virus Some of us has noted in the past two hours that messages with an zip-file as attachment has passed our virus filters It's a zip-file containing a MS Word Document named my_notebook.doc Most Virus-Scanners can't catch it. Virustotal has returned only two scanners with positive results Sophos has found WM97/Kukudro-A UNA has found a Macro Virus No other AV-Engine has catched the suspicious file.
RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
Matt, Headers not using proper CRLF line breaks is currently being tested using the new vulnerability NONSTANDARDCRLF test. As for these items they are on the list for engineers to confirm and test and fix if they are bugs. 1. Invalid characters in the Mail FROM 2. Long base 64 encoding causing Declude EVA to fail decoding 3. WHITELIST IP being applied before IPBYPASS David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Wednesday, June 28, 2006 1:49 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus David, I'm just wondering about the issue with the invalid characters in the Mail From's that caused massive spam leakage almost a month ago. Is this too supposed to be fixed? I'm also very, very curious about the other bugs such as long base 64 encoding causing Declude Virus to fail decoding, WHITELIST IP being applied before IPBYPASS, and the issue where Declude's headers are inserted at the bottom of the message when the headers don't use proper CRLF line breaks? Thanks, Matt David Barker wrote: I have added the request to the wish list. We are focusing on replicating problems and fixing items from the list I had posted earlier last week. We are looking to do a release Thursday 8 July it is currently under going testing. This is all obviously subject to change just trying to keep you informed. Items in next release: 1. Fix - ALLOWVULNERABILITIESFROM - full email address only 2. Fix - QUEUEFILE_SAVEFILE log shows incorrect directory path 3. Add - Error in SM envelope file: if errors are found the mail will be moved to the error directory 4. Add - If the headers files are not found then the data file is moved to error directory. 5. Add - A new vulnerability test NONSTANDARDCRLF will be included to check for the end of the headers. David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Tuesday, June 27, 2006 7:04 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus John, Not to say that this wouldn't be something that is nice to have, I can think of dozens of things that are very largely useful on a much more regular basis. In fact, the current functionality provides an appropriate mechanism for blocking these as-is. I would just simply like to see Declude catch up by fixing the known bugs first. When they catch up, then certainly they should consider feature requests, but it would make sense focus on new tests and improving existing ones, along with refining functionality. I will personally continue to hold back from such discussions until it is clear that they are capable of handling the bugs. Sorry to make an example of you here; that's not the intention of course. I just thought that it would be constructive to point this stuff out for the benefit of Declude and it's customers alike. Matt John T (Lists) wrote: I know. :( Declude, this is a feature who's time has come. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Tuesday, June 27, 2006 3:10 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus As I know yes but BANNAME my_notebook.doc wouldn't work for files within zip-archives. Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Tuesday, June 27, 2006 11:48 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus Is the word document only named that? John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Tuesday, June 27, 2006 11:32 AM To: declude.virus@declude.com Subject: [Declude.Virus] New Virus: zipped word doc with Macro
RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
Matt, The CRLF problem has more to do with the email server and not Declude, emails that are so badly broken should be either rejected by the email server or these headers should be standardized by the email server. Eitherway this is a much more complex issue than you make it out to be, by just fixing it with a simple regexp, if it was as easy as that, do you not think we would have done this already ? Introducing tests to score conditions that one's software does not handle correctly is not a fix, it's a work-around. This is not how we are dealing with this issue, it is not an additional Spam test as I clearly stated we are dealing with this as a vulnerability because this should be addressed at the email server level and not Declude, therefore the message will be quarentined - as every instance we have seen of this has been invalid email. The Long base 64 encoding is a similar issue whereby the mail server should deal with these before they get to Declude as such emails are clearly in violation of the RFC's and should be treated as suspect from the very beginning. To conclude, we are making every effort to address these issues because it is not being done at the server level, have you contacted Imail and asked for their response and/or fix ? David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Wednesday, June 28, 2006 2:48 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus David, The CRLF thing doesn't affect me since I have my own solution, however for those that use Subject tagging, adding another test won't help unless they decide to just simply delete such messages. The header boundary could be programatically determined with a great deal of ease (a simple regexp), and Declude could insert it's headers into the correct place if this was done. Introducing tests to score conditions that one's software does not handle correctly is not a fix, it's a work-around. Regarding the other things, I'm very alarmed that the official position is still not even recognizing that these bugs surely exist, much less fixed at this point. This concerns me greatly since I rely on this product for my business, and if it takes months to just confirm a bug, especially one that is widely reported, I can't responsibly rely on that product. It is pretty much the same thing as having a virus scanner that takes months to catch a particular virus, or having a Web browser that is never patch for a critical flaw. I consider both the Mail From issue and the base 64 encoding issues to be critical flaws that warrant immediate fixes. I am not alone in this. If you don't have a lot of people still griping about this stuff, it is because they are either not aware of the flaws, or they have already given up on trying to get you guys to fix them, or given up on relying on Declude altogether. These things should be fixed in hours or days and not weeks or months when they occur. I assume that you are not the person making these development decisions, so this isn't directed at you, but those that make the calls need to fully understand the critical nature of these flaws, and their role in making sure that Declude can respond rapidly to such things not just now, but as they occur in the future. Thanks, Matt David Barker wrote: Matt, Headers not using proper CRLF line breaks is currently being tested using the new vulnerability NONSTANDARDCRLF test. As for these items they are on the list for engineers to confirm and test and fix if they are bugs. 1. Invalid characters in the Mail FROM 2. Long base 64 encoding causing Declude EVA to fail decoding 3. WHITELIST IP being applied before IPBYPASS David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Wednesday, June 28, 2006 1:49 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus David, I'm just wondering about the issue with the invalid characters in the Mail From's that caused massive spam leakage almost a month ago. Is this too supposed to be fixed? I'm also very, very curious about the other bugs such as long base 64 encoding causing Declude Virus to fail decoding, WHITELIST IP being applied before IPBYPASS, and the issue where Declude's headers are inserted at the bottom of the message when the headers don't use proper CRLF line breaks? Thanks, Matt David Barker wrote: I have added the request to the wish list. We are focusing on replicating
RE: [Declude.Virus] New feature needed
Added to the development wish list. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, June 20, 2006 2:12 PM To: declude.virus@declude.com Subject: [Declude.Virus] New feature needed Hi, I would like to suggest a new feature to be added to the virus notification capabilities. Right now to notify a recipient that I stopped a virus I have a recip.eml file in my main delude directory. There is another recip-vulnerability.eml file that is used if the virus is a vulnerability. These two files are all or nothing files. Meaning that all recipients for all the domains that I process are in the same file. I need to be able to specify a per domain recip.eml file. This way I can tailor the notifications to each domain as appropriate. These files should be in the domain subdirectory along with the $default$.junkfile etc. I am faced with the challenge right now for a single domain to send all virus notification to one person only or to stop all notifications to that domain. To the best of my knowledge I cannot redirect all the notifications to the one person for that domain and to the original recipients for all the other domains. Another feature that should be added to the *.eml files is the ability to do a BCC to a monitoring address. This is a good way to monitor what is happening with banned files, viruses or whatever notification processes we have setup. So can you please add this to the to do list Thank you Goran Jovanovic Omega Network Solutions --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New feature needed
Not sure yet, but not for at least the next 60 days. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, June 20, 2006 3:23 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New feature needed David, Any idea when it might make it as a feature in the code? Goran Jovanovic Omega Network Solutions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, June 20, 2006 2:58 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New feature needed Added to the development wish list. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, June 20, 2006 2:12 PM To: declude.virus@declude.com Subject: [Declude.Virus] New feature needed Hi, I would like to suggest a new feature to be added to the virus notification capabilities. Right now to notify a recipient that I stopped a virus I have a recip.eml file in my main delude directory. There is another recip-vulnerability.eml file that is used if the virus is a vulnerability. These two files are all or nothing files. Meaning that all recipients for all the domains that I process are in the same file. I need to be able to specify a per domain recip.eml file. This way I can tailor the notifications to each domain as appropriate. These files should be in the domain subdirectory along with the $default$.junkfile etc. I am faced with the challenge right now for a single domain to send all virus notification to one person only or to stop all notifications to that domain. To the best of my knowledge I cannot redirect all the notifications to the one person for that domain and to the original recipients for all the other domains. Another feature that should be added to the *.eml files is the ability to do a BCC to a monitoring address. This is a good way to monitor what is happening with banned files, viruses or whatever notification processes we have setup. So can you please add this to the to do list Thank you Goran Jovanovic Omega Network Solutions --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] new virus
If they are encrypted zips ensure you have: BANEXT EZIP in your virus.cfg David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce LoughlinSent: Friday, June 16, 2006 4:31 PMTo: declude.virus@declude.comSubject: [Declude.Virus] new virus Is anyone else seeing new virus zip files getting past F-Prot? the last one was just numbers.zip Earlier a few came through with name.zip Bruce Loughlin ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
RE: [Declude.Virus] AVG not updating?
Dave, What is the IP address of you mail server ? David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Dodell Sent: Wednesday, May 31, 2006 7:17 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] AVG not updating? I have the latest version of Declude installed ... have the new virus set to update every 2 hours ... but my latest DB files are dated 5/25/06 ... I've seen F-Prot update several times in the past 6 days ... but nothing from AVG ... doesn't make sense ... is there still a problem with the internal scanner not updating, or something I need to check? David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] AVG Database file dates?
When we do a build we include the latest database files provided by AVG, the files consist of the main database file and the incremental updates, depending on when you get updates certain files will have later dates than others, over time the incrementals are added to the main database, that is why there are files with different dates. David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David DodellSent: Friday, May 26, 2006 6:47 PMTo: Declude.Virus@declude.comSubject: Re: [Declude.Virus] AVG Database file dates? This makes no sense why we shouldn't be all on the same dates ... it gets me nervous that the AVG system is not updating correctly, and stuff may pass through ... Hopefully someone from Declude can lend an answer?David-Original Message-From: "John Dobbin" [EMAIL PROTECTED]Sent 5/26/2006 5:41:18 AMTo: Declude.Virus@declude.comSubject: RE: [Declude.Virus] AVG Database file dates?Mine are:Avi7.avg 2/21Incavi.avg 5/25Microavi.avg 5/18Miniavi.avg 5/22We just upgraded to declude 4.2.12. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Dodell Sent: Thursday, May 25, 2006 10:23 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] AVG Database file dates? We just started to use the AVG internal scanner with F-Prot as a backup ... since I have no comparison, just wanted to make sure my files were up to date; I have avi.avg 2/21 incavi.avm 5/25 microavi.avg 5/10 miniavi.avg 5/25 Does that match? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.Virus] reque slips by Declude?
I Remove the x and place the files in the \proc directory. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, May 18, 2006 7:59 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] reque slips by Declude? With older versions of Declude and Smartermail you used to have to do the X rename to skip Declude processing. If you left the X off it would be rescanned by Declude. However, now that Declude is intergrated into Smartermail v3 what is the correct requeing process? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dean Lawrence [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, May 18, 2006 7:48 AM Subject: Re: [Declude.Virus] reque slips by Declude? Gary, I do believe that messages that have been re-queued do not get scanned a second time. If they did, you would never be able to re-queue anything since it would be continually caught. Dean On 5/18/06, Gary Steiner [EMAIL PROTECTED] wrote: Back on May 9 my server was hit by the Feebs virus. I am using F-Prot, which did not detect it. But I am using BANEXT hta which caught it. Two days ago I upgraded to SmarterMail 3.1 and Declude 4.2.3. Among other things, I've been looking at the addition of AVG to Declude. I noticed that F-Prot still doesn't detect that version of the Feebs virus, but AVG does. So I thought I would test it. I still have a copy of the virus I received on May 9, so I requed it unchanged and unrenamed to let it got through the new Declude to see what would happen. To my surprise it was delivered! No new Declude headers were added to the message. Though SmarterMail did modify it because it detected it as spam. I checked the virus logs (LOGLEVEL set to HIGH) and there was no listing at all for this message. Naturally I am now quite nervous. Why did this happen? Have any other Feebs viruses slipped through? Unfortunately the eicar tests don't have an hta to use, so the only way I have to test this is with a live virus. The Feebs virus isn't one of the more common ones, but all it takes is one to get through to spoil the day of one of my customers. Gary Steiner --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- __ Dean Lawrence, CIO/Partner Internet Data Technology 888.GET.IDT1 ext. 701 * fax: 888.438.4381 http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
That is true except for the built in scanner which if it finds a virus does not call the additional scanners. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 9:49 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner I sent myself a test virus after installing the update, and it was stopped by my existing scanner. I don't see any indication of additional log lines as a result of adding AVG. The default virus.cfg file states that The default behavior is for Declude to call all scanners and I have the EXITSCANONVIRUSDETECT OFF line still completely commented out, but looking at the logs it appears that the default behavior is just the opposite. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, 09 May 2006 9:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
Uwe, I will look into this - what I do know that if Unknown Virus in Unknown File means that the virus scanner is not reporting the name of the virus, I see this a lot with Clamav however I will have to check on the AVG David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Info Wind Sent: Tuesday, May 09, 2006 12:39 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] 4.2.3 Built-in scanner Dear David, since I use 4.2.3 I get always Unknown Virus in Unknown File in the message. It seems that the Virusname variables have a problem. Could you check this? Thank you, Uwe - Original Message - From: David Barker [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, May 09, 2006 3:13 PM Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] (re)Installing Declude v1.65 on Imail 8.22?
IMail made some significant changes to their product from IMail 8.2x causing issues when working with Declude as a single application. Any version of Declude prior to the new Decludeservice will NOT work correctly with IMail 8.2x and up. The minimum to be used is Declude 3.1 David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric MametSent: Monday, May 08, 2006 8:59 AMTo: Declude.Virus@declude.comSubject: RE: [Declude.Virus] (re)Installing Declude v1.65 on Imail 8.22? Well, yes, we just re-installed everything and may not have used the same domain as the main Imail domain I will get in touch with declude support. Many thanks for your help Eric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED])Sent: 08 May 2006 13:55To: Declude.Virus@declude.comSubject: Re: [Declude.Virus] (re)Installing Declude v1.65 on Imail 8.22? The activation code goes into the virus.cfg file. Did your official hostname change (assuming your running imail) if so contact declude support to resolve this issue. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Eric Mamet To: Declude.Virus@declude.com Sent: Monday, May 08, 2006 8:51 AM Subject: RE: [Declude.Virus] (re)Installing Declude v1.65 on Imail 8.22? You might have put the finger on it Found this in the log 05/08/2006 14:40:27 Q3c3b0eecfd47 Declude Virus NOT running due to invalid activation code. 05/08/2006 14:40:27 Q3c3b0eecfd47 Error: Invalid Declude Virus activation code for open-resources.co.uk. The activation code in the Virus.Cfg file is the one I have in my original email from declude. Our main domain name may not have been the same at the time. Where does it gets this open-resources.co.uk from? Is this what I should change? Thanks Eric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED])Sent: 08 May 2006 13:34To: Declude.Virus@declude.comSubject: Re: [Declude.Virus] (re)Installing Declude v1.65 on Imail 8.22? Eric, Are you only using Declude Virus? If not are there other Declude headers in the message? In the Virus logs does this message exist? Is there virus logs (virMMdd.log). Did you uninstall Declude because of this issue or is this a new server? If this is a new server did you double click on the declude.exe first? In the Imail SMTP tab for the delivery application does it specific declude.exe? If yes, is the path correct? 2 things to note - [1] there have been reports of folks having to click the declude.exe multiple times for it to reinstall for some reason and [2] there are some issues with the old declude architecture under imail 8.2x the new version 3.x / 4.x fixes those issues. The issue is related to imail's multithreaded smtp engine. I never had the issue, but a lot of folks did. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Eric Mamet To: declude.virus@declude.com Sent: Monday, May 08, 2006 8:16 AM Subject: [Declude.Virus] (re)Installing Declude v1.65 on Imail 8.22? I am trying to re-install Declude v1.65 onto Imail 8.22. I tried to send an eicarplain pseudo virus (http://www.declude.com/Articles.asp?ID=99) and it went right through to my inbox! It look s like Declude is not involved at all Has anybody tried that? Eric PS: I am using F-Prot anti-virus
RE: [Declude.Virus] Built in virus detector
Guys, As you know I have been posting new releases to the board when there has been a new release, I have held off doing this a couple of days as I wanted to make sure that those who had the new release were getting updates as they should for the virus DB. Which they are, and that is a good thing. Obviously there is no reason to post now to the boards regarding the new release, however I will send out an email to the Declude.Releases address today. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Wednesday, May 03, 2006 4:54 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Built in virus detector (Another country heard from) Release announcements? Why, that's why I subscribed to Declude.Releases on May-11-2005 ... The only message I've kept (the only one received!?) was from Barry on Sep-26-2005 and had the subject: Declude 3.0 Availability Andrew. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Wednesday, May 03, 2006 1:43 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Built in virus detector Besides your question why can't declude notify the list when there is a new release??? New releases seem to magically appear. From 4.1 to 4.2.3 with only two release notes??? Seems a wast of everyones time to release a version with two ADD release notes, no fixes and no documentation the last manual place online is for 4.0.8. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Carter Sent: Wednesday, May 03, 2006 1:17 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Built in virus detector Just noticed yesterday's 4.2.3 release notes: EVA ADD BUILTINSCANNEROFF Located in Virus.cfg. Will disable the internal AVG scanner. EVA ADD Integrated AVG Scanner into Decludeproc no configuration required. Can someone supply info on this? I must have missed the discussion, if there was one. Thanks, John --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Built in virus detector
I have not sent it out yet. It will go out later today. I will include relevant information, also I will post the same information to this board, for those who are not on the release list. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Thursday, May 04, 2006 9:35 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Built in virus detector Sorry for the last incomplete message. Hit Send accidentally. Just joined the Releases list. Has the 4.2.3 notice gone out yet? Will include some background on the operation of the built-in scanner how and how often it updates, etc.? Thanks, John C -Original Message- From: John Carter [mailto:[EMAIL PROTECTED] Sent: Thursday, May 04, 2006 8:29 AM To: 'Declude.Virus@declude.com' Subject: RE: [Declude.Virus] Built in virus detector Just joined the Releases list. Has that notice -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, May 04, 2006 7:02 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Built in virus detector Guys, As you know I have been posting new releases to the board when there has been a new release, I have held off doing this a couple of days as I wanted to make sure that those who had the new release were getting updates as they should for the virus DB. Which they are, and that is a good thing. Obviously there is no reason to post now to the boards regarding the new release, however I will send out an email to the Declude.Releases address today. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Wednesday, May 03, 2006 4:54 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Built in virus detector (Another country heard from) Release announcements? Why, that's why I subscribed to Declude.Releases on May-11-2005 ... The only message I've kept (the only one received!?) was from Barry on Sep-26-2005 and had the subject: Declude 3.0 Availability Andrew. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Wednesday, May 03, 2006 1:43 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Built in virus detector Besides your question why can't declude notify the list when there is a new release??? New releases seem to magically appear. From 4.1 to 4.2.3 with only two release notes??? Seems a wast of everyones time to release a version with two ADD release notes, no fixes and no documentation the last manual place online is for 4.0.8. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Carter Sent: Wednesday, May 03, 2006 1:17 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Built in virus detector Just noticed yesterday's 4.2.3 release notes: EVA ADD BUILTINSCANNEROFF Located in Virus.cfg. Will disable the internal AVG scanner. EVA ADD Integrated AVG Scanner into Decludeproc no configuration required. Can someone supply info on this? I must have missed the discussion, if there was one. Thanks, John --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Built in virus detector
Looks like the email will go out tomorrow. Just wanted to update you. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, May 04, 2006 10:11 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Built in virus detector I have not sent it out yet. It will go out later today. I will include relevant information, also I will post the same information to this board, for those who are not on the release list. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Thursday, May 04, 2006 9:35 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Built in virus detector Sorry for the last incomplete message. Hit Send accidentally. Just joined the Releases list. Has the 4.2.3 notice gone out yet? Will include some background on the operation of the built-in scanner how and how often it updates, etc.? Thanks, John C -Original Message- From: John Carter [mailto:[EMAIL PROTECTED] Sent: Thursday, May 04, 2006 8:29 AM To: 'Declude.Virus@declude.com' Subject: RE: [Declude.Virus] Built in virus detector Just joined the Releases list. Has that notice -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, May 04, 2006 7:02 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Built in virus detector Guys, As you know I have been posting new releases to the board when there has been a new release, I have held off doing this a couple of days as I wanted to make sure that those who had the new release were getting updates as they should for the virus DB. Which they are, and that is a good thing. Obviously there is no reason to post now to the boards regarding the new release, however I will send out an email to the Declude.Releases address today. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Wednesday, May 03, 2006 4:54 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Built in virus detector (Another country heard from) Release announcements? Why, that's why I subscribed to Declude.Releases on May-11-2005 ... The only message I've kept (the only one received!?) was from Barry on Sep-26-2005 and had the subject: Declude 3.0 Availability Andrew. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Wednesday, May 03, 2006 1:43 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Built in virus detector Besides your question why can't declude notify the list when there is a new release??? New releases seem to magically appear. From 4.1 to 4.2.3 with only two release notes??? Seems a wast of everyones time to release a version with two ADD release notes, no fixes and no documentation the last manual place online is for 4.0.8. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Carter Sent: Wednesday, May 03, 2006 1:17 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Built in virus detector Just noticed yesterday's 4.2.3 release notes: EVA ADD BUILTINSCANNEROFF Located in Virus.cfg. Will disable the internal AVG scanner. EVA ADD Integrated AVG Scanner into Decludeproc no configuration required. Can someone supply info on this? I must have missed the discussion, if there was one. Thanks, John --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing
[Declude.Virus] Testing the Boards
PING --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] stop postmaster emails going out
There are 4 virus notification messages. To not have them go out remove them from the \Declude directory. postmaster.eml otherpostmaster.eml sender.eml recip.eml David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig EdmondsSent: Tuesday, April 25, 2006 3:59 AMTo: Declude.Virus@declude.comSubject: [Declude.Virus] stop postmaster emails going outImportance: HighSensitivity: Confidential Is there a way to stop the otherpostmaster.eml and postmaster.eml being sent out. I looked in the virus.cfg file but cant see any settings.I am starting to get tired of all the bounces now. Kindest RegardsCraig Edmonds123 Marbella InternetW: www.123marbella.comE : [EMAIL PROTECTED]
[Declude.Virus] Declude 3.1 and 4.1 Release Notes
Declude 3.1 and 4.1 Release Notes http://www.declude.com/Articles.asp?ID=122 available. David B www.declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude Release
Declude Release 3.0.6.4 and 4.0.9.4 HI FIX Corrected logging issue and locked file problem trying to move .hdr files in SmarterMail SM ADD Support for MAILBOX action in Smartermail CON FIX Confirm for Imail now working correctly David B www.declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Updates from Declude
The next release of Declude which is currently being tested and soon to be released has the confirm changes included. David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant GriffithSent: Wednesday, March 08, 2006 12:47 PMTo: Declude.Virus@declude.comSubject: RE: [Declude.Virus] Updates from Declude Is anyone else using confirm and can let me know if it is working for you now or not? I know John is busy and may not of had time to try it yet and Declude is not responding. Thanks,Grant GriffithWeb Application DeveloperEnhanced Telecommunications Corp.(812)932-1000 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant GriffithSent: Monday, March 06, 2006 8:06 AMTo: Declude.Virus@declude.comSubject: RE: [Declude.Virus] Updates from Declude Sounds good John, was just curious if you were still seeing the issue also. Thanks,Grant GriffithWeb Application DeveloperEnhanced Telecommunications Corp.(812)932-1000 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)Sent: Friday, March 03, 2006 5:27 PMTo: Declude.Virus@declude.comSubject: RE: [Declude.Virus] Updates from Declude No I have not tested lately. I have been extremely busy this week. I will try on Saturday. John T eServices For You "Seek, and ye shall find!" -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant GriffithSent: Friday, March 03, 2006 5:38 AMTo: Declude.Virus@declude.comSubject: RE: [Declude.Virus] Updates from Declude Barry, Wasnt the confirm issues supposed to be resolved in this version? I just tested it and it still does not subscribe the user after they confirm be replying to the message?!?! John, have you tried this yet with the same results? Thanks,Grant GriffithWeb Application DeveloperEnhanced Telecommunications Corp.(812)932-1000 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Thursday, March 02, 2006 5:04 PMTo: Declude.JunkMail@declude.com; Declude.Virus@declude.comSubject: [Declude.Virus] Updates from Declude Product Naming After considering all the choices we have decided to rename the new product "Declude Security Suite". I will be notifying the winner(s) of the competition shortly. Declude Security Suite for IMail We have now released additional versions of the software for different levels of IMail and these can be found at http://www.declude.com//Purchase.asp?cat=13 As usual if anyone has questions please contact me and we will do our best to answer. Barry [EMAIL PROTECTED] Office: (978) 499-2933 Cell: (978) 853-9593
RE: [Declude.Virus] Updates from Declude
Declude Security Suite and Declude 3.0.6 Fix for Confirm Fix for Hijack logging error for console Add Mailbox action for SM David Barker www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, March 08, 2006 1:20 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Updates from Declude David Barker wrote: The next release of Declude which is currently being tested and soon to be released ahh David - wanna share? What will the new ver have to offer?:) -Nick David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Griffith Sent: Wednesday, March 08, 2006 12:47 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Updates from Declude Is anyone else using confirm and can let me know if it is working for you now or not? I know John is busy and may not of had time to try it yet and Declude is not responding. Thanks, Grant Griffith Web Application Developer Enhanced Telecommunications Corp. (812)932-1000 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Griffith Sent: Monday, March 06, 2006 8:06 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Updates from Declude Sounds good John, was just curious if you were still seeing the issue also. Thanks, Grant Griffith Web Application Developer Enhanced Telecommunications Corp. (812)932-1000 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Friday, March 03, 2006 5:27 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Updates from Declude No I have not tested lately. I have been extremely busy this week. I will try on Saturday. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Griffith Sent: Friday, March 03, 2006 5:38 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Updates from Declude Barry, Wasn't the confirm issues supposed to be resolved in this version? I just tested it and it still does not subscribe the user after they confirm be replying to the message?!?! John, have you tried this yet with the same results? Thanks, Grant Griffith Web Application Developer Enhanced Telecommunications Corp. (812)932-1000 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 02, 2006 5:04 PM To: Declude.JunkMail@declude.com; Declude.Virus@declude.com Subject: [Declude.Virus] Updates from Declude Product Naming After considering all the choices we have decided to rename the new product Declude Security Suite. I will be notifying the winner(s) of the competition shortly. Declude Security Suite for IMail We have now released additional versions of the software for different levels of IMail and these can be found at http://www.declude.com//Purchase.asp?cat=13 http://www.declude.com/Purchase.asp?cat=13 As usual if anyone has questions please contact me and we will do our best to answer. Barry [EMAIL PROTECTED] Office: (978) 499-2933 Cell: (978) 853-9593 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] [Declude.JunkMail] Declude 3.0 / 4.0
Let me quote myself on point 5. EXCEPT that 4.0 runs as a single product with Declude EVA PRO, Junkmail PRO and Hijack. Where as Version 3.0 still supports 3 individual products. As to NO major differences, there are NO major differences in functionality but rather minor differences which have to do with integration into SmarterMail 3.0 which makes it a little easier for New Customers which I will explain in greater detail with the notes I promised in point 7, but again these differences do NOT effect existing customers. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown Sent: Sunday, February 12, 2006 11:23 AM To: Declude.JunkMail@declude.com; Declude.Virus@declude.com Subject: Re: [Declude.Virus] [Declude.JunkMail] Declude 3.0 / 4.0 Saturday, February 11, 2006, 9:47:07 AM, David Barker [EMAIL PROTECTED] wrote: DB [Snip] DB 5. With regards to Version 3.0 and 4.0 there is NO major difference DB in functionality except that 4.0 runs as a single product with DB Declude EVA PRO, Junkmail PRO and Hijack. Where as Version 3.0 still DB supports 3 individual products. DB [Snip] DB 7. I am pulling together some additional release notes on a DB comparison between version version 3.0 and 4.0 which I hope to have DB available next week. DB David B DB www.declude.com DB [Snip] Items 5 7 are contradictory, to the extent that no comparison, as promised in 7, would be needed, if the only difference was, as quoted in 5. Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] [Declude.JunkMail] Declude 3.0 / 4.0
- From: David Barker [EMAIL PROTECTED] To: Declude.JunkMail@declude.com; Declude.Virus@declude.com Sent: Sunday, February 12, 2006 8:37 AM Subject: RE: [Declude.Virus] [Declude.JunkMail] Declude 3.0 / 4.0 Let me quote myself on point 5. EXCEPT that 4.0 runs as a single product with Declude EVA PRO, Junkmail PRO and Hijack. Where as Version 3.0 still supports 3 individual products. As to NO major differences, there are NO major differences in functionality but rather minor differences which have to do with integration into SmarterMail 3.0 which makes it a little easier for New Customers which I will explain in greater detail with the notes I promised in point 7, but again these differences do NOT effect existing customers. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown Sent: Sunday, February 12, 2006 11:23 AM To: Declude.JunkMail@declude.com; Declude.Virus@declude.com Subject: Re: [Declude.Virus] [Declude.JunkMail] Declude 3.0 / 4.0 Saturday, February 11, 2006, 9:47:07 AM, David Barker [EMAIL PROTECTED] wrote: DB [Snip] DB 5. With regards to Version 3.0 and 4.0 there is NO major difference DB in functionality except that 4.0 runs as a single product with DB Declude EVA PRO, Junkmail PRO and Hijack. Where as Version 3.0 still DB supports 3 individual products. DB [Snip] DB 7. I am pulling together some additional release notes on a DB comparison between version version 3.0 and 4.0 which I hope to have DB available next week. DB David B DB www.declude.com DB [Snip] Items 5 7 are contradictory, to the extent that no comparison, as promised in 7, would be needed, if the only difference was, as quoted in 5. Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude 3.0 / 4.0
1. The definition of an Annual Subscription is a license to run Declude for a period of a year at which time the Annual Subscription has to be renewed to continue running Declude. Annual Subscription does NOT apply to customers of Declude prior 8 Feb 06. 2. Existing Customers prior to 8 Feb 06 CAN continue using the Service Agreement model. This mean you purchase a Annual Service agreement to ensure support and having access to new releases of Declude for that year. If your Service Agreement lapses you are still able to run Declude you will just not have access to support or new releases. 3. Annual Subscription is NOT the same Annual Service Agreement. 4. For Customers prior to 8 Feb 06 you CAN continue to use Declude as you always have with the ability to purche an Annual Service Agreement. 5. With regards to Version 3.0 and 4.0 there is NO major difference in functionality except that 4.0 runs as a single product with Declude EVA PRO, Junkmail PRO and Hijack. Where as Version 3.0 still supports 3 individual products. 6. Customers prior to 8 Feb 06 are NOT forced into upgrading to version 4.0 but have an option to do so at greatly reduced price. 7. I am pulling together some additional release notes on a comparison between version version 3.0 and 4.0 which I hope to have available next week. David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert E. Spivack Sent: Saturday, February 11, 2006 2:06 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] declude 4 changes ... worried... How many user mailboxes do you have? The pricing of some outsourced solutions which have a per mailbox fee might actually be lower now that Declude is also an annual required payment. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, February 10, 2006 8:49 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] declude 4 changes ... worried... Yep. at that price it's time to move to something else or build our own system. Declude, come back with something reasonable or you'll lose customers like IMail did. Darin. - Original Message - From: Scott Fisher mailto:[EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, February 10, 2006 10:43 AM Subject: [Declude.JunkMail] declude 4 changes ... worried... So I thought I'd go web browsing on the Declude site and see what is up with Declude 4. I'm a Virus Pro and Junkmail Pro licensee on Imail. Going forward Declude 4 is the entire suite (Virus Pro, Junkmail Pro and Hijaak). Kevin's post mentions that Declude 3 will be supported. Although long term how long will they support two different code sets? I'd say my long-term gut feeling isn't good. Next I look through the purchase page. Declude 4 for Imail is now only available for a $1450 Annual Subscription. Ouch. The last time I paid maintenance for Declude it was $265. That's a bump. (Essentially having only one domain here), That is mighty pricey especially compared to the Declude for Smartmail 1 domain price of $199. Don't get me wrong, I really like the Declude prodcut. It's so flexible that you can do many different things... I just can't see how smaller entities like me are going to positively affected by these changes. - Scott Fisher Director of IT Farm Progress Companies 191 S Gary Ave Carol Stream, IL 60188 630-462-2323 This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Although Farm Progress Companies has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Clam AV
Once Installing Clamwin the following can be used as a configuration: SCANFILE [Drive:]\[Path]\clamwin\bin\clamscan.exe --verbose --database=[Drive:]\[Path]\db --tempdir=c:\Temp --no-summary -l report.txt VIRUSCODE 1 * Your SCANFILE line is on a single line. ** Ensure you have a C:\Temp dir David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of george Sent: Sunday, January 22, 2006 10:46 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Clam AV Does anyone know the story about the windows port of Clam-AV. There was an upgrade of the base product to version 88.0 about two weeks age but the windows port that we're using with Declude is still at the 87.1 level. The ClamWin port, which is the GUI interface version of the Windows port was upgraded to 88.0 immediately. Does anyone have a method of using the ClamWin port with Declude? I've checked the Archives and only found information about unsuccessful attempts. Thanks George --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Notifications
Not released yet but has tested fine as an interim, should have the virus notifications for SM, you can try the latest version: Imail http://www.declude.com/version/Upgrade/IM/Decludeproc30522.exe SmarterMail http://www.declude.com/version/Upgrade/SM/Decludeproc30522.exe David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Monday, December 05, 2005 3:19 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Notifications Imail 8.21 Declude Pro 3.0.5.21 Is anyone else still having problems with not getting notices? Someone mentioned a patched version that fixed this, but was pre-.21. I would have assumed that those patches would have been in .21. I have all removed except the BANnotify.eml (see below). This one comes to me only, but stopped working before 3.0.5.20. Thanks, John C = BANnotify.eml === From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Email delivery blocked due to file attachment In \spool\virus directory From: %MAILFROM% T0: %ALLRECIPS% Subject: %SUBJECT% Banned Extension: %BANEXT% Queue Name: %QUEUENAME% Headers follow: %HEADERS% --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude and IMail 2006
We have had access to the Beta and have run all our standard tests successfully. The caveat that I will offer is that there is no way in which we can replicate every combination of tests and events in our simulated environments. But to the best of our knowledge Declude and IMail 2006 seem to be OK David B www.declude.com --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude 3.0.5.21 Posted
JM - INVITEFIXON Located in Declude.cfg. Some customers had issues related to Outlook meeting requests appearing as text only. The default for this directive is OFF. JM - Fixed skipping of certain DNSBL tests. JM - STOPALLTESTS is now working correctly EVA - Incorrect log entries regarding to licensing with EVA EVA - Vulnerability Notifications available for Imail David B www.declude.com --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Virus Config Update
1. I have noticed that a new virus exit code being reported on AVG Exit Code 9 - Double extension If you are running AVG and want to block double extensions eg. Password.doc .exe Add the following line to your virus.cfg VIRUSCODE 9 Other additional codes are: 4 - suspicion detected by heuristic analysis 5 - virus found by heuristic analysis 6 - specific virus detected 7 - active virus in memory detected The complete SCANFILE config would be something like this: SCANFILEC:\Progra~1\Grisoft\AVG7\avg.exe /NOBOOT /NOMEM /NOSELF /ARC /REPORT=report.txt VIRUSCODE 4 VIRUSCODE 5 VIRUSCODE 6 VIRUSCODE 7 VIRUSCODE 9 REPORT identified 2. If you are running F-PROT ensure that you do NOT have a switch in your SCANFILE /NOFLOPPY This has been reported as not supported in the latest versions of F-Prot and causes virus to get through David B www.declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude 3.0.5.14 Posted
Declude 3.0.5.14 ADDED - WINSOCKCLEANUPON Located in Declude.cfg. Some customers had issues related to their network stack causing loss of functionality for basic network operations. The default for this directive is OFF FIX - Memory leaked fixed by forcing windows to close handles once complete (Note this only effected a handful of customers) David B www.declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Declude 3.0.5.14 Posted
Good to hear. Thanks for the feedback. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Monday, October 31, 2005 2:02 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Declude 3.0.5.14 Posted Installed it and now the behaviour we had of the processing at 3.05.9 is back Thank you Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, October 31, 2005 1:09 PM To: Declude.JunkMail@declude.com; Declude.Virus@declude.com; [EMAIL PROTECTED] Subject: [Declude.Virus] Declude 3.0.5.14 Posted Declude 3.0.5.14 ADDED - WINSOCKCLEANUPON Located in Declude.cfg. Some customers had issues related to their network stack causing loss of functionality for basic network operations. The default for this directive is OFF FIX - Memory leaked fixed by forcing windows to close handles once complete (Note this only effected a handful of customers) David B www.declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Declude 3.0.5.12 Posted
Thanks Darin, Wanted to let you know I do care ;) David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, October 27, 2005 10:21 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Declude 3.0.5.12 Posted David, Thank you very much for posting these notices to the list. This is incredibly helpful. Darin. - Original Message - From: David Barker [EMAIL PROTECTED] To: Declude.JunkMail@declude.com; Declude.Virus@declude.com Sent: Wednesday, October 26, 2005 2:32 PM Subject: [Declude.Virus] Declude 3.0.5.12 Posted Declude 3.0.5.12 ADDED - When the \proc directory is empty winsock cleanup will be called after the shorter of either the number of worker threads going to 0 or 5 minutes. Any files found in the work directory will then be moved to the \review directory. David B www.declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude 3.0.5.12 Posted
Declude 3.0.5.12 ADDED - When the \proc directory is empty winsock cleanup will be called after the shorter of either the number of worker threads going to 0 or 5 minutes. Any files found in the work directory will then be moved to the \review directory. David B www.declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 3.0.5.10
3.0.5.10 - Change was made to reset the winsock when the \proc directory reached 0 messages 3.0.5.11 - Change was made to reset the winsock when the \proc directory reached 0 messages and threads in the \work had completed processing I will update documentation etc. and post changes for releases, as soon as I have the relevant information. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Saturday, October 22, 2005 12:27 AM To: Declude.JunkMail@declude.com; Declude.Virus@declude.com Subject: [Declude.Virus] 3.0.5.10 This one is just for the record since .10 is not on the website anymore -- thank goodness. Put 3.0.5.10 in place to this afternoon (before I knew .11 was available). MISTAKE! Things looked ok at first, but didn't realize mail was stacking up in \proc\. When I was not getting anything at the house, came back in (around 11pm) and found 6,500 msgs in \proc. Put in .11 and restarted. It is flowing now. Wonder if that is the reason .10 disappeared from the web site so fast. This raises (at least for me) an old discussion. I know new documentation for each little update is not possible or even reasonable to expect. But maybe a quick and dirty page on what the update fixed.?? John --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Conflicting Decoding oddity
Scott, As far as the functionality of Declude 3.0.5 there should be no difference than that of 2.0.6.16 All the changes that were made had to do with the flow of mail through Declude as it is now the service. So far when we have seen an issue it is because the Service now makes issues more known as before with declude.exe issues were not as noticeable due to the fact it operated in the spool. If you have any further info post or send it to us and we can take a look. David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Tuesday, October 04, 2005 1:34 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Conflicting Decoding oddity I've caught 76 conflicting encoding messages with EVA this month all 3 days. All spam messages. What's odd is I've I had 53 conflicting encoding messages the whole last month. Is this a change in Declude 3.05 or a shift in my spammers? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Virus directory
Yes make sure you have or add the following lines to your virus.cfg DELETEVULNERABILITIES ON DELETEVIRUSES ON -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Tuesday, October 04, 2005 1:33 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Virus directory Declude puts all e-mails with viruses into a separate directory I find I always have to go there and delete files. Is there a way to set the system to just delete those e-mails rather than move them into a separate directory? Thank you Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Info Wind Sent: Friday, September 30, 2005 8:29 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Version 3.0.5.5 same to me, there seams to be problems when not uninstalling. I had the same issue. Thanks John for the proper procedure, that helped me. Bye, Uwe - Original Message - From: Harry Vanderzand To: Declude.Virus@declude.com Sent: Friday, September 30, 2005 1:50 PM Subject: RE: [Declude.Virus] Version 3.0.5.5 that is what I thought, but I had to go into add remove programs and remove the service before I could use the install procedure. If I had the decludeproc.exe file then I could likely have copied the new file Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Thursday, September 29, 2005 6:09 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Version 3.0.5.5 The proper procedure is: Stop Imail SMTP Stop Imail Queue Manager Make sure spool\proc and spool\proc\work are empty of files. If not, wait until they are processed. Stop Decludeproc Copy in the new file Start Decludeproc Start Imail SMTP Start Imail Queue Manager John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Thursday, September 29, 2005 2:07 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Version 3.0.5.5 You need to stop SMTP and queuemanager. It probably got started back up. By the stub program. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Harry Vanderzand Sent: Thursday, September 29, 2005 1:59 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Version 3.0.5.5 I downloaded this update stopped decludeproc ran the update got message: Another version is already running, cannot update what's up with that? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Billman Sent: Thursday, September 29, 2005 2:53 PM To: Declude.Virus@declude.com; Declude.JunkMail@declude.com Subject: [Declude.Virus] Version 3.0.5.5 Declude Version 3.0.5.5 is available on the website for download. There are two changes from version 3.0.5.3 Fix for special character scanning causing abnormal termination. Special thanks to John Tolmachoff for identifying and helping us fix this nasty. For SmarterMail only. Correctly handle parsing the XML file for the email installation path. SY, Bill Billman Declude -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.7/112 - Release Date: 9/26/2005 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Version 3.0.5.5
Undocumented but here it is for those on the board who know what they are doing. IMAILhttp://www.declude.com/Version/3055/IM/decludeproc3055.exe SMARTERMAIL http://www.declude.com/Version/3055/SM/decludeproc3055.exe David Barker www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Thursday, September 29, 2005 5:35 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Version 3.0.5.5 Thanks That's seems like a lot to do for such a simple process. Is it not just the decludeproc.exe that needs to be replaced? If so then stopping the service, replace the file with the new one and then starting it, would be quicker to do. Is there anywhere we can get just the new decludeproc.exe? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, September 29, 2005 5:15 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Version 3.0.5.5 Harry, The message on my system just said you need to remove the last version. Once I did that and re-ran the update all was well. Darrell -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Harry Vanderzand writes: I downloaded this update stopped decludeproc ran the update got message: Another version is already running, cannot update what's up with that? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Billman Sent: Thursday, September 29, 2005 2:53 PM To: Declude.Virus@declude.com; Declude.JunkMail@declude.com Subject: [Declude.Virus] Version 3.0.5.5 Declude Version 3.0.5.5 is available on the website for download. There are two changes from version 3.0.5.3 1. Fix for special character scanning causing abnormal termination. Special thanks to John Tolmachoff for identifying and helping us fix this nasty. 2. For SmarterMail only. Correctly handle parsing the XML file for the email installation path. SY, Bill Billman Declude -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.7/112 - Release Date: 9/26/2005 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Version 3.0.5.5
Harry, The install procedure is being updated. David Barker www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Friday, September 30, 2005 11:34 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Version 3.0.5.5 Hi David One almost needs to know less using this method than having to go and uninstall the service and then reinstall it Will you make this file available in this manner in the future or will the install procedure be updated to help simplify things. I strive to have the greatest simplicity in operating my servers. It means I am spending less time with them and more with my customers. Thank you Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, September 30, 2005 11:11 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Version 3.0.5.5 Undocumented but here it is for those on the board who know what they are doing. IMAIL http://www.declude.com/Version/3055/IM/decludeproc3055.exe SMARTERMAIL http://www.declude.com/Version/3055/SM/decludeproc3055.exe David Barker www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Thursday, September 29, 2005 5:35 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Version 3.0.5.5 Thanks That's seems like a lot to do for such a simple process. Is it not just the decludeproc.exe that needs to be replaced? If so then stopping the service, replace the file with the new one and then starting it, would be quicker to do. Is there anywhere we can get just the new decludeproc.exe? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, September 29, 2005 5:15 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Version 3.0.5.5 Harry, The message on my system just said you need to remove the last version. Once I did that and re-ran the update all was well. Darrell -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Harry Vanderzand writes: I downloaded this update stopped decludeproc ran the update got message: Another version is already running, cannot update what's up with that? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Billman Sent: Thursday, September 29, 2005 2:53 PM To: Declude.Virus@declude.com; Declude.JunkMail@declude.com Subject: [Declude.Virus] Version 3.0.5.5 Declude Version 3.0.5.5 is available on the website for download. There are two changes from version 3.0.5.3 1.Fix for special character scanning causing abnormal termination. Special thanks to John Tolmachoff for identifying and helping us fix this nasty. 2.For SmarterMail only. Correctly handle parsing the XML file for the email installation path. SY, Bill Billman Declude -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.7/112 - Release Date: 9/26/2005 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED
[Declude.Virus] PING
PING --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude Beta 3.0.4.4 Posted
2 new Directives WAITFORTHREADS 1500 Located in the Declude.cfg - Defined in milliseconds eg. 1500 = 1.5 seconds this can be changed so that when the maximum threads are in use this time specifics the wait before checking to launch more threads. WAITBETWEENTHREADS 1 Located in the Declude.cfg - Defined in milliseconds eg. 1 = 1 millisecond The time to wait between spawning one thread and starting to process another thread. David B www.declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Declude Beta 3.0.4.4 Posted
Yes, these are to help adjust for timing with Dual-proc Different systems / configuration respond differently to these settings. In particular they to fine tune through-put with CPU utilization. 1. SLOW server that is heavily loaded You may want to try to increase WAITBETWEENTHREADS and lower THREADS. 2. FAST server Use the THREADS and WAITFORTHREADS to adjust the CPU utilization. When decludeproc first starts up it will use a lot of the CPU but after that the %CPU used by decludeproc should come way down. The %CPU of all processes running may be high depending on external tests, other processes, etc. If the system is spiking but coming down quickly that's good. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Thursday, September 22, 2005 12:27 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Declude Beta 3.0.4.4 Posted David, Are these to be used to correct issues with Dual-proc, or is that still an ongoing issue still be looking at? Thanks for the time. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, September 22, 2005 11:41 AM To: Declude.JunkMail@declude.com; Declude.Virus@declude.com Subject: [Declude.Virus] Declude Beta 3.0.4.4 Posted 2 new Directives WAITFORTHREADS 1500 Located in the Declude.cfg - Defined in milliseconds eg. 1500 = 1.5 seconds this can be changed so that when the maximum threads are in use this time specifics the wait before checking to launch more threads. WAITBETWEENTHREADS 1 Located in the Declude.cfg - Defined in milliseconds eg. 1 = 1 millisecond The time to wait between spawning one thread and starting to process another thread. David B www.declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Declude Beta 3.0.3.8 Available
John, Yes it is fine for a single processor system. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Wednesday, September 14, 2005 5:04 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Declude Beta 3.0.3.8 Available Sorry, I am just getting my head back into Declude/Imail/etc from Katrina. Is 3.0+ ok for single processor systems? John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, September 14, 2005 3:38 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Declude Beta 3.0.3.8 Available David, Any progress on the issues we seen under multi-processor environments? Darrell David Barker writes: If you are running the Declude Beta please upgrade to 3.0.3.8 and send feedback to [EMAIL PROTECTED] David B www.declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude Beta 3.0.3.8 Available
If you are running the Declude Beta please upgrade to 3.0.3.8 and send feedback to [EMAIL PROTECTED] David B www.declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] McAfee DailyDAT download location change.
I have been monitoring everything that has been said and I agree - there is a place I had setup on the front page for these kinds of alerts and currently working on the best way to provide this information to our customer base using that area on the website. David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Monday, September 12, 2005 3:58 PMTo: Declude.Virus@declude.comSubject: Re: [Declude.Virus] McAfee DailyDAT download location change. I changed the subject so that people can be alerted to this. Announcements of things like this would be useful to the entire Declude customer base. I am afraid that we are a little over a month behind. Those with a single scanner would be screwed.I adjusted my scripts to use the link that you provided and it does in fact work just great...so far :)Thanks,MattScott Fisher wrote: Great catch Matt. Mine's gone too since August 2 Thank you Declude for multiple virus scanner option. Try: http://download.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip From: http://groups.google.com/group/mailing.unix.amavis-user/browse_thread/thread/890f45b2e1cfdec9/61f1bcbcc4e71848?lnk=stq=dailydatrnum=1hl=en#61f1bcbcc4e71848 - Original Message - From: Matt To: Declude.Virus@declude.com Sent: Monday, September 12, 2005 2:26 PM Subject: Re: [Declude.Virus] Seemingly bad virus this morning This is a new Bagel variant: http://vil.nai.com/vil/content/v_129588.htmI was wrong about what was detecting it first...it was F-Prot. I just figured out that my McAfee update script is no longer working. Does anyone have a newer link to the daily DAT's than http://download.nai.com/products/mcafee-avert/daily_dats/DailyDAT.zip.Thanks,MattJohn Tolmachoff (Lists) wrote: OK, so it is cpl file, which we should all have in our list of banned extensions including banned if within a zip file, so we should all be safe, correct? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Geiser Sent: Monday, September 12, 2005 11:49 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Seemingly bad virus this morning I opened the zip file and it contained one file called "1.cpl" (without the quotes). Some sort of malicious Control Panel applet? - Original Message - From: "John Tolmachoff (Lists)" [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Monday, September 12, 2005 11:55 AM Subject: RE: [Declude.Virus] Seemingly bad virus this morning What is the payload inside the zip? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, September 12, 2005 7:52 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] Seemingly bad virus this morning FYI, We found a rapidly spreading zip virus beginning at about 8:15 a.m. this morning, first coming from Eastern Europe. McAfee seems to be detecting all of them now, but F-Prot as of this moment is not on our system. Every attachment name seemingly contained the word "price". Here's a quick filter that I had put together for it: HEADERSENDNOTCONTAINSboundary=" BODYENDNOTCONTAINSattachment; filename=" BODYENDNOTCONTAINS.zip" Content-Transfer-Encoding BODY15CONTAINS price Matt --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
