[Declude.Virus] [Invalid ZIP Vulnerability]
How do I turn this off. I am having emails held as virus but they are not. They do contain pdfs and doc files. Could not find it in the manual. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] [Invalid ZIP Vulnerability]
They are neither virus or spam but legit email. Shayne Embry wrote: Not too sure you'd want to turn that off. We've been getting hit by a wave of messages the last two days, all with the same vulnerability. I've been too busy to spend any time looking at the payload...but if they're not viruses they are definitely spam. I'm catching about 40 per hour, widely distributed among about 550 accounts across 100 domains. Shayne Embry Original Message From: Heimir Eidskrem [EMAIL PROTECTED] Sent: Tuesday, July 31, 2007 2:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] [Invalid ZIP Vulnerability] How do I turn this off. I am having emails held as virus but they are not. They do contain pdfs and doc files. Could not find it in the manual. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] [Invalid ZIP Vulnerability]
Me too.. H. Jared Pickerell wrote: How would you go about setting up the ability to include a link to a script to re-queue the message for delivery? I'd be interested in that. Jared -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, July 31, 2007 4:23 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] [Invalid ZIP Vulnerability] We got slammed with them today as well. It caught a bunch that made it past spam filtering (we run AVAFTERJM ON). So I'd second that recommendation to NOT turn it off. If you're concerned about delivery, set up an email notification to let the intended recipient know the message was held, and include a link to a script to requeue the message for delivery. Darin. - Original Message - From: Shayne Embry [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, July 31, 2007 5:09 PM Subject: re: [Declude.Virus] [Invalid ZIP Vulnerability] Not too sure you'd want to turn that off. We've been getting hit by a wave of messages the last two days, all with the same vulnerability. I've been too busy to spend any time looking at the payload...but if they're not viruses they are definitely spam. I'm catching about 40 per hour, widely distributed among about 550 accounts across 100 domains. Shayne Embry Original Message From: Heimir Eidskrem [EMAIL PROTECTED] Sent: Tuesday, July 31, 2007 2:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] [Invalid ZIP Vulnerability] How do I turn this off. I am having emails held as virus but they are not. They do contain pdfs and doc files. Could not find it in the manual. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Support
Dan Shadix wrote: I read occasionally on here about support or the lack thereof, but I just used support for the first time for anything other than a minor issue. This was the best support I've received from any company at any time. A few others have come close, but my support experience was absolutely wonderful. I don't know if I should mention the tech by name but let me just say that if my wife knew how much hand holding had been going on I'd be in big trouble. Dan Shadix --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. I second that. I have not needed support often but when i did I got some excellent support. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability
I see several emails with this listed as the virus detected. Is this really a problem and a virus? I did download the file and uploaded to one of the virus test sites and it did come back as no virus found. How do I turn this off? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability
Thanks for the prompt answer. Chris Asaro wrote: In the virus.cfg: ALLOWVULNERABILITY OLBOUNDARYSPACEGAP Declude quarantines these vulnerabilities as viruses due to the fact they contain programmatic flaws for a virus to hide and avoid traditional antivirus detection. Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: Thursday, January 25, 2007 11:20 AM To: declude.virus@declude.com Subject: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability I see several emails with this listed as the virus detected. Is this really a problem and a virus? I did download the file and uploaded to one of the virus test sites and it did come back as no virus found. How do I turn this off? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Any one heard about or seen this one yet?
Storm Worm Hits Computers Around the World By Reuters January 19, 2007 HELSINKI (Reuters)-Computer virus writers started to use raging European storms on Friday to attack thousands of computers in an unusual real-time assault, head of research at Finnish data security firm F-Secure told Reuters. The virus, which the company named Storm Worm, is sent to hundreds of thousands of e-mail addresses globally, with the e-mail's subject line saying 230 dead as storm batters Europe. The attached file contains the so-called malware that can infiltrate computer systems. What makes this exceptional is the timely nature of the attack, Mikko Hypponen, head of research at F-Secure said. Hypponen said thousands of computers around the world, most in private use, had been affected. He said most users would not notice the malware, or trojan, which creates a back door to the computer that can be exploited later to steal data or to use the computer to post spam Regards, Dennis Curry System Administrator SNC-Lavalin GDS --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t
You never heard about filtering for your email? Its really easy to setup. Read the manual for your mail program. Now get over yourself. Its just a few emails, its annoying but not the end of the world. No killing necessary, just learn how to filter. How do you handle real problem? Your head explodes? Take a chill pill. Douglas Cohn wrote: I like both options. But killing him is also a good idea Douglas Cohn VP Engineering Photogra, Inc. www.photogra.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, January 04, 2007 6:01 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t So - shall we all call that emergency number and ask that he turn off his vacation notice, or shall we just fake the return address an unsubscribe him since the Declude staff is not taking action? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, January 04, 2007 04:48 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t 75 over 45 minutes. Dumb... Darin. - Original Message - From: Colbeck, Andrew [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Thursday, January 04, 2007 4:12 PM Subject: RE: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t I think I received 36 of them. Andrew. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Edmonds Sent: Thursday, January 04, 2007 12:55 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t Importance: High Is it me or did everyone get this autoresponder about 300 times? Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of roconnor Sent: Thursday, January 04, 2007 9:45 PM To: declude.virus@declude.com Subject: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t I'm currently on a business trip down south and will be returning January 5th, 2007. If this is an emergency please call our office at 360.527.9111 Thanks, Rick --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Sudden Internet Slowdown
Maybe this might be a factor too: ATT Network Outage http://isc.sans.org/diary.php?storyid=658 Published: 2005-09-09, Last Updated: 2005-09-09 15:33:09 UTC by Johannes Ullrich (Version: 2(click to highlight changes) http://isc.sans.org/diary.php?compare=1storyid=658) According to notes from users, and Keynote http://scoreboard.keynote.com/scoreboard/Main.aspx?Login=YUsername=publicPassword=public, ATT is currently experiencing outages across its network. We do not have any details right now. This outage may affect the latency or reachability for a large number of sites. ATT's own network status http://www.renesys.com/products_services/gradus_interactive.html page shows no problems. Colbeck, Andrew wrote: According to this: http://loadrunner.uits.iu.edu/weathermaps/abilene/ Most of the major links on the Internet are very busy. Interestingly, the Houston-Atlanta link is back up, and was hard down due to Katrina for a week. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rodney Bertsch Sent: Friday, September 09, 2005 8:30 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] Sudden Internet Slowdown Hello all! This may be off topic, but has anyone else experienced a sudden Internet slowdown this morning starting about 11:00 EST? We have locations across the country and are experiencing problems in about half our locations, most using SBC DSL for Internet service. Our primary Telnet app is DOA in these locations and e-mail and web surfing is slow everywhere. Thanks, Rodney Bertsch --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Fprot missed Klez
A client did get an email with the Klez virus today. I had them forward me the email and it Fprot missed it again but my desktop NAV2002 stopped it. Any suggestion on how to find out why Fprot missed it? H.
[Declude.Virus] Klez and IP
We are stopping tons of klez infected mail using the same sender address. My question is regarding the reported remote ip address - the ip address reported using the %remoteip% is that the actually ip address of the computer sending the virus or is that also forged by the virus? So far I have logged 25 different ip addresses using the same sender address. Thanks, H.
Re: [Declude.Virus] Declude v1.26 released
I just installed teh 1.26 version and now im getting errors in my logfile Warning: Could not unlock file due to 32 error. (log part 2 saved as c:\declude.gp2) (log part 1 saved as c:\declude.gp1) At 01:17 PM 9/28/2001 -0400, you wrote: We have just released Declude v1.26. Changes include: o Files Declude saves are now treated by Windows as temporary files for increased performance o %HEADERS% variable added that allows you to include the headers of a virus-ridden message in E-mail notifications o Now adds the IP address of the remote sender to the log file (with LOGLEVEL MID and higher) o Now scans plain text MIME segments that has a name You can find it at http://www.declude.com/virus/manual.htm . -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . DECLUDE.GP2 Description: Binary data DECLUDE.GP1 Description: Binary data
[Declude.Virus] Magistr did not get stopped
I just received an email with the magistr.39921@mm virus included. Norton on my desktop did stop it, not sure why declude and f-prot did not. Any suggestions. This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] R. Scott Perry
Scott, You want to say that I'm very impressed with a company that is so involved with helping others (American Red Cross) that they are willing to shut down. I thank you for all your effort to help others, you guys are sure making it better. God Bless Heimir This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Statistics
Scott, In using the LOG_OK NONE also but it is still recording virus free mail in the virus log file. Using: LOGLEVEL LOW LOG_OK NONE Getting both virus and virus free entries in the log file. Running Declude 1.25a What did I do wrong? Heimir -- Original Message -- From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 30 Aug 2001 15:28:07 -0400 LOGLEVELhigh LOG_OK NONE Are you getting the Virus Free messages in the log, or are you getting other ones? It may be that some of the LOGLEVEL HIGH messages will get recorded whether or not the E-mail has a virus in it. -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . Sent via the WebMail system at i360.net This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .