RE: [Declude.Virus] Changing to F-prot good or bad?
I've had great luck with them, and you can run the trial version for a while before you make a complete decision. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Robertson Sent: Monday, June 21, 2004 12:29 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Changing to F-prot good or bad? Good idea. No problems with F-Prot over the last 2 yrs. Low resource usage. new def checks can be run as frequently as hourly if you like. -- --Matt Robertson-- MSB Designs, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Stupid question
Maybe if you ask his boss about viruses and show the header, he might be able to answer more clearly :P I would hope folks would at least check their servers before answering in the manner you received, that's just awful :D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, June 17, 2004 8:11 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Stupid question given the following message: Headers Received: from ameripride.org [24.199.28.90] by mail.ameripride.org with ESMTP (SMTPD32-8.05) id AC53428F00FC; Wed, 16 Jun 2004 00:36:19 -0500 From: [EMAIL PROTECTED] ... Could I conclude that the Netsky virus was coming from a pc with an internet ip of 24.199.28.90 or an internet router by the same address? Yes, it definitely did. I pinged the company owning this IP and they stated bluntly we know we don't have any viruses. Since I don't know what a relayed email header looks like, could it be coming from somewhere else? It's amazing how often people know things they don't know. The computer at 24.199.28.90 definitely is almost certainly infected with Netsky.p. Although it is also ARRC's mailserver, Netsky.p sends directly, and there are no other Received: headers, so it did come from 24.199.28.90. They don't have to believe you, though -- but that's exactly how viruses spread, and the attitude that spammers love, and the attitude that people who receive spam hate. Some guy doesn't want to lose his job, but doesn't realize that he is going to have to admit to having a virus eventually (as their E-mail gets blocked because of all the spam coming from their server). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] TOT TCP/IP Protocol driver service
www.winternals.com ERD commander is an awesome tool, helps change service/device startup values, registry, connect through the network to other machines, chkdsk, etc etc... Might take a look at that, helps me a TON. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lyndon Eaton Sent: Thursday, May 20, 2004 11:34 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service I did manage to fix the problem. Here's what I did in-case you get a similar problem: In safe mode you can set services to start manually/automatically/disable - but you can not start services while in safe mode. Norton Internet Security must grab the NIC at quite a low level, as after I disabled the Norton services, the machine still hung on normal boot. So what I wanted to do is uninstall NSI. To do this the Windows Installer needs to be running - which in Safe Mode it does not. To be able to start a service in Safe Mode, you have to edit the registry- HKLM\System\CCS\Control\SafeBoot\Minimal and add a new key by the name of the services registry reference. In my case the Windows Installer Service is MSIServer, so I added a key called MSIServer, and changed the default value to 'Service'. After adding this key in the registry, the next time you boot in SafeMode you are able to start that particular service manually - in my case the Windows Installer. In Add/Remove Programs I could then uninstall NSI, and my system them booted fine! Regards, Lyndon. -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: 19 May 2004 18:09 To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service While in safe mode, you can disable services and view the event log. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lyndon Eaton Sent: Wednesday, May 19, 2004 5:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service This is totally off topic but hope you can help! Client has W2K server, with modem ADSL. The ADSL connection has been down for a few days so I was going to setup the modem for internet access. Before doing so I installed Norton Internet Security so that the modem connection would be protected. After the restart the machine sits on 'Preparing Network Connections' screen. I booted in safe mode so that I may un-install Norton Internet Security, but because the Windows Installer service does not run in Safe mode I can not uninstall the software. The event viewer also shows a lot of services failing to start because the TCP/IP protocol driver has failed to start. I presume some network driver file has been overwritten or a registry entry changed. Does anybody know what I can do to revive the TCP/IP protocol driver? Many thanks!!! Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
RE: [Declude.Virus] OT - Charities to donate computer euipment to
Theres a place in Columbus,OH here called retrobox www.retrobox.com they help take donated PCs, test equipment, and redistribute for low cost or to non-profit organizations. You may check with United Way in your area also, they can probably find out if one of their agencies could use something. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Pereira Sent: Friday, May 14, 2004 9:01 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] OT - Charities to donate computer euipment to Hi - Does anyone know of any good reputable charities that are looking for donations of old PC's, monitors, and printers.. I am most interested in charities in NYC, Philadelphia, San Francisco, and Houston. Thank you. jeff
RE: [Declude.Virus] MAXATONCE Switch
As listed at http://www.declude.com/virus/manual.htm F-Prot - SCANFILE C:\Progra~1\Comman~1\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt (or SCANFILE C:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt) VIRUSCODE 3 VIRUSCODE 6 REPORTInfection: Definitely works a lot better than the 16-bit version :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Friday, April 16, 2004 11:36 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MAXATONCE Switch Scott Why does your sample F-prot command line use the 16 bit scanner instead of the 32 bit one? Do you have a recommended command line for FPcmd and do you recommend that we always use it instead of F-prot.exe. I have not patched my Imail server with the current Microsft patches because I am concerned as well. I have seen some odd behavior on other systems with those updates. I see /noboot /nofloppy and others are not available under fpcmd. TIA Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 16, 2004 10:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MAXATONCE Switch Your recommendation is MAXATONCE O allows unlimited processes to run at the same time. Correct. Setting the switch to 8 or 10 will make SMTP hangs or become slower? It is unlikely to make much of a difference, because [1] SMTP hangs should not be related to the resources used by the virus scanner, and [2] it is unlikely that you will have 8-10 virus scanners processes running at the same time. The MAXATONCE option was originally designed for people who have licensing arrangements where they can only have a certain number of copies of the virus scanner running simultaneously. Is you recommendation to set it to unlimited? Yes. SMTP is now very slow after applying MSFT patches (apr 14). Sometimes smtp service just hangs. For some reason, some servers have a horrible time handling too many 16-bit processes, and end up causing serious delays in TCP/IP connections like you describe. Are you using a 16-bit virus scanner (such as F-Prot.exe) with Declude Virus? If so, I would recommend switching to a 32-bit scanner (such as F-Prot's fpcmd.exe), which will likely help alleviate the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MAXATONCE Switch
Yes, I was using the command line version with trend for a while, and never even noticed it was the 16bit version running. I switched to f-prot's 32-bit command line after that and it seemed to make a HUGE difference in speed. Of course, after that it was another leap when I noticed the spool directory was being scanned real-time... That didn't help every time a log file was looked at :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Saturday, April 17, 2004 12:01 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MAXATONCE Switch First of all I am a putz cause I completely ignored the first line since my path was more like the second G. But if you type fpcmd /? It does not show the NOMEM or NOBOOT options. Weird. I will switch it now. DAMN Now I know why my mail was so slow. What a moron I yam.. Thanks DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hyslip Sent: Friday, April 16, 2004 11:45 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MAXATONCE Switch As listed at http://www.declude.com/virus/manual.htm F-Prot - SCANFILE C:\Progra~1\Comman~1\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt (or SCANFILE C:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt) VIRUSCODE 3 VIRUSCODE 6 REPORTInfection: Definitely works a lot better than the 16-bit version :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Friday, April 16, 2004 11:36 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MAXATONCE Switch Scott Why does your sample F-prot command line use the 16 bit scanner instead of the 32 bit one? Do you have a recommended command line for FPcmd and do you recommend that we always use it instead of F-prot.exe. I have not patched my Imail server with the current Microsft patches because I am concerned as well. I have seen some odd behavior on other systems with those updates. I see /noboot /nofloppy and others are not available under fpcmd. TIA Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 16, 2004 10:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MAXATONCE Switch Your recommendation is MAXATONCE O allows unlimited processes to run at the same time. Correct. Setting the switch to 8 or 10 will make SMTP hangs or become slower? It is unlikely to make much of a difference, because [1] SMTP hangs should not be related to the resources used by the virus scanner, and [2] it is unlikely that you will have 8-10 virus scanners processes running at the same time. The MAXATONCE option was originally designed for people who have licensing arrangements where they can only have a certain number of copies of the virus scanner running simultaneously. Is you recommendation to set it to unlimited? Yes. SMTP is now very slow after applying MSFT patches (apr 14). Sometimes smtp service just hangs. For some reason, some servers have a horrible time handling too many 16-bit processes, and end up causing serious delays in TCP/IP connections like you describe. Are you using a 16-bit virus scanner (such as F-Prot.exe) with Declude Virus? If so, I would recommend switching to a 32-bit scanner (such as F-Prot's fpcmd.exe), which will likely help alleviate the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses
RE: [Declude.Virus] Scott, what do you use to generate this report
Sell it :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, April 12, 2004 6:48 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Scott, what do you use to generate this report While I have your attention, what do you use to generate this report from your log files? Each month, we go through our spamtraps (E-mail addresses designed to collect spam), to find out which spam tests were most effective at catching spam. snip WEIGHT1099.48% ... We actually have a custom setup here that records the information on tests that an E-mail fails to a special log file (which is how we get the live stats on the web site), and have a program to go through that log file to come up with the stats. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
