Re: [Declude.Virus] Imail 8.1
since I upgraded to 8.1 I now get double enteries added to the FOOTER botton of each incomming email outgoing emails seem to be OK GLOBAL.CFG WEIGHT-F weightrange xx -1000 1000 $default$.junkmail WEIGHT-F FOOTER %CR%[ scanned for spam to: %ALLRECIPS% %INOROUT% http://www.%LOCALHOST% on %DATE% at %TIME%-0500et. ]%CR% and this line also is added twice Virus.cfg FOOTER %CR%[ scanned for viruses to: %ALLRECIPS% %INOROUT% http://www.%LOCALHOST% on %DATE% at %TIME%-0500et. ]%CR% Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 2:55 PM Subject: Re: [Declude.Virus] Imail 8.1 Are there any issues between Declude antivirus or junkmail and Imail 8.1 we need to be aware of or address if/when we choice to upgrade? I assume not, but since Ipswitch did not invite us to the IMail v8.1 beta, I can't answer for certain. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. [ scanned for spam to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 03/31/2004 at 14:58:10-0500et. ] [ scanned for viruses to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 03/31/2004 at 14:58:13-0500et. ] [ scanned for spam to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 03/31/2004 at 20:17:45-0500et. ] This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email is prohibited. If you are not the intended recipient, please contact the sender and destroy all paper and electronic copies of this message. [ scanned for viruses to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 03/31/2004 at 20:17:48-0500et. ] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax
I received one today. the email had NAV32.zip and in the zip file was NAV32.exe it was NOT detected as a virus by EITHER F-Prot or AVG it was however cought as spam by CBL, FIVETEN-SPAM, SPAMCOP the header of the email was Received: from c-67-164-195-92.client.comcast.net [67.164.195.92] by phcc.org (SMTPD32-8.03) id AE4F17E00F8; Tue, 07 Oct 2003 07:06:55 -0400 Message-ID: [EMAIL PROTECTED] Date: Tue, 7 Oct 2003 04:10:24 -0700 From: [EMAIL PROTECTED] Subject: ** 22. CBL, FIVETEN-SPAM, SPAMCOP, WEIGHT-F, WEIGHT20, WEIGHT202 ** Last Update. To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=--9D16FAF1684605E X-RBL-Warning: CBL: Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=67.164.195.92 X-RBL-Warning: FIVETEN-SPAM: 92.195.164.67.blackholes.five-ten-sg.com. X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?67.164.195.92 X-Declude-Sender: [EMAIL PROTECTED] [67.164.195.92] X-Declude-Spoolname: D9e4f017e00f890ba.SMD X-In-Date: 10/07/2003 Time: 07:07:23 -0500 ET. X-Country-Chain: UNITED STATES-destination X-In-Note: This E-mail was comming into phcc.org Declude ver.1.76i5. X-In-Spam-Tests-Failed: CBL, FIVETEN-SPAM, SPAMCOP, WEIGHT-F, WEIGHT20, WEIGHT202 Total Weight= 22 x-In-Organization: DcMetroNet.com is the ISP for phcc.org X-In-Abuse: Please send abuse reports to [EMAIL PROTECTED] X-In-Note: This E-mail was sent from ([EMAIL PROTECTED]) c-67-164-195-92.client.comcast.net ([67.164.195.92]). X-In-Recips: [EMAIL PROTECTED] really [EMAIL PROTECTED] X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 349908174 Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - - Original Message - From: Bill Naber [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 7:55 AM Subject: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax I just received an Email from [EMAIL PROTECTED] with the subject Last Update.. The message warns of the [EMAIL PROTECTED] worm, but a search on the Symantec site shows nothing of the kind. The message has a Nav32.zip attachment that doesn't fail on either F-Prot or NAV. The message appears to have originated via an ameritech.net dsl connection and it has some grammatical errors, so I'm not doubting that it is bogus. I've only received one of these messages, but I am curious if I'm on the leading edge or if this is a very random incident. In the short run, I've put in a filter on messages from [EMAIL PROTECTED], but I'm concerned that it will use other return addresses. I've included the text from the message body and the headers below. Thanks, -Bill Naber Kitchin Hospitality, LLC === Message Body October 06, 2003 Intruder Alert 4.1 W32_Webb_Worm Policy This policy detects the propagation of the W32.SobigF.Worm through changes in the registry. [EMAIL PROTECTED] is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in various files. The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code. In attachment you can find program that update your Norton Antivirus to Norton Antivirus 2004. Message Header == Received: from horace.mail.atl.earthlink.net [207.69.200.41] by mail.jamesoninns.com with ESMTP (SMTPD32-7.15) id A328716014C; Tue, 07 Oct 2003 07:27:36 -0400 Received: from samuel.mail.atl.earthlink.net ([207.69.200.65]) by horace.mail.atl.earthlink.net with smtp (Exim 3.33 #1) id 1A6q0J-0005vx-00 for [EMAIL PROTECTED]; Tue, 07 Oct 2003 07:27:47 -0400 X-MindSpring-Loop: [EMAIL PROTECTED] Received: from adsl-68-77-24-119.dsl.emhril.ameritech.net ([68.77.24.119]) by samuel.mail.atl.earthlink.net (Earthlink Mail Service) with SMTP id 1a6Q0f2aB3Nl3pv0 for [EMAIL PROTECTED]; Tue, 7 Oct 2003 07:27:42 -0400 (EDT) Message-ID: [EMAIL PROTECTED] Date: Tue, 7 Oct 2003 04:32:14 -0700 From: [EMAIL PROTECTED] Subject: Last Update. To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=--9D16FAF1684605E X-CYBERsitter-SpamManager-In: Passed - Adult: 0 (Req: 50) Spam: 12 (Req: 18) Tot: 10 (Req: 20) X-CYBERsitter-SpoolFile: Da3280716014c8c2a.SMD X-Declude-Sender: [EMAIL PROTECTED] [207.69.200.41] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: None X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 324037781 === End === --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
Re: [Declude.Virus] Latest Version
http://www.declude.com/virus/manual.htm Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - - Original Message - From: Timothy C. Bohen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 4:33 PM Subject: [Declude.Virus] Latest Version Sorry if this is real obvious but I haven't upgrade my declude in a long time and I can't remember where to get the latest version. Can someone point me in the right direction? Thanks Timothy C. Bohen CMSInter.Net LLC / Crystal MicroSystems LLC === web : www.cmsinter.net email: [EMAIL PROTECTED] phone: 989.235.5100 x222 fax : 989.235.5151 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. [ scanned for spam to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 09/08/2003 at 16:42:58-0500et. ] [ scanned for viruses to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 09/08/2003 at 16:43:01-0500et. ] [ scanned for spam to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 09/09/2003 at 10:51:59-0500et. ] This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email is prohibited. If you are not the intended recipient, please contact the sender and destroy all paper and electronic copies of this message. [ scanned for viruses to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 09/09/2003 at 10:52:03-0500et. ] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Fw: Undeliverable Mail
For banned file extensions this will give the name of the extension but not the full file name %BANEXT% Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 10:20 AM Subject: Re: [Declude.Virus] Fw: Undeliverable Mail Which keyword do I need to add to the *.eml file to see which attachment (filename) was stopped? I have not been able to find an appropriate keyword but I might have missed it. You can use %VIRUSFILE% for that. Note that %VIRUSFILE% only works when a virus is detected (not for banned file extensions). There is no equivalent for banned files. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. [ scanned for spam to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 09/09/2003 at 10:26:46-0500et. ] [ scanned for viruses to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 09/09/2003 at 10:26:48-0500et. ] [ scanned for spam to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 09/09/2003 at 10:55:35-0500et. ] This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email is prohibited. If you are not the intended recipient, please contact the sender and destroy all paper and electronic copies of this message. [ scanned for viruses to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 09/09/2003 at 10:55:39-0500et. ] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] double file extensions
a.. Microsoft Outlook 2002 does block most file extensions by default, here is a list of what it blocks and info on how to change its default behavior http://support.microsoft.com/default.aspx?scid=kb;en-us;290497 Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 11:22 AM Subject: RE: [Declude.Virus] double file extensions We have blocked .exe since the day we could block it. If anyone wants to send a .exe he/she is intelligent enough to be able to zip it. Accepting .exe is asking for trouble. Outlook Express by default will block .exe .. I am not sure about Outlook but I don't think it does. We have an autoreply that is sent to anyone sending .exe or any of the blocked attachments asking them to zip it if they wish to send it. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eje Gustafsson Sent: Monday, September 08, 2003 11:02 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] double file extensions Curious is there any way to disable/prevent double extensions as attachments ? With one of the last new viruses this weekend one virus managed to slip through between my automated updates to at least myself. And this was a double extension .JPG.exe there are no reasons what soever in my opinion that anyone should ever need to send a attchment with a double extension like that. We run a ISP so I don't want to blindly just block .exe extensions (I do block .pif, .scr and a few other selected for which there shuold be no or very extremely minimal reason a user every need to send such a attachment). Please advise. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network eFax : 240-376-7272 Phone : 620-231- Fax : 620-231-4066 Online Store http://www.fament.com/catalog/ - Your Full Time Professionals - -- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. [ scanned for spam to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 09/08/2003 at 11:31:35-0500et. ] [ scanned for viruses to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 09/08/2003 at 11:31:36-0500et. ] [ scanned for spam to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 09/08/2003 at 12:10:34-0500et. ] This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email is prohibited. If you are not the intended recipient, please contact the sender and destroy all paper and electronic copies of this message. [ scanned for viruses to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 09/08/2003 at 12:10:35-0500et. ] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Banned extension - MDB
This list is from http://support.microsoft.com/default.aspx?scid=kb;EN-US;290497 BANEXT ade BANEXT adp BANEXT asx BANEXT bas BANEXT bat BANEXT chm BANEXT cmd BANEXT com BANEXT cpl BANEXT crt BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT mdb BANEXT mde BANEXT msc BANEXT msi BANEXT msp BANEXT mst BANEXT pcd BANEXT pif BANEXT prf BANEXT reg BANEXT scf BANEXT scr BANEXT sct BANEXT shb BANEXT shs BANEXT url BANEXT vb BANEXT vbe BANEXT vbs BANEXT wsc BANEXT wsf BANEXT wsh Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-273-4400 ext:1708 Fax: 703-691-0946 - - Original Message - From: David Stavert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, February 24, 2003 9:35 PM Subject: RE: [Declude.Virus] Banned extension - MDB Renaming the extension which, if used by someone unfamiliar with extensions, could result in a file having a legit extension. As we know, file extensions for a known file type will disappear in a Windows default environment. Try coaching someone through that problem. Beter still would be to replace the . With an underscore i.e. filename_mdb It makes the file truly UN executable and it is easy to rename, easy to describe. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rodney Bertsch Sent: Monday, February 24, 2003 11:46 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Banned extension - MDB Thanks gang, much appreciated!! - Rodney -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Smart Business Lists Sent: Monday, February 24, 2003 10:32 AM To: Rodney Bertsch Subject: Re: [Declude.Virus] Banned extension - MDB Rodney, Monday, February 24, 2003 you wrote: RB But they wouldn't self execute would they? With a little JavaScript in an html carrier or a few other ways I can imagine it could be made to open. RB You would still have to open the Access DB first before there were RB problems. Putting the ZIP restriction in there wouldn't really RB protect any farther, just one more step to get to the bad macros. Yes, the database has to open. But putting it in the zip means that it has to be unzipped before it can open. RB Or am I missing something here? Can the MDB file be made to execute RB automatically just by receiving the e-mail? It can if the client is using Outlook or Outlook Express and does not have proper security settings. It might even if the security settings are proper. RB What about Word and Excel files? They can also contain macros, can RB they be RB made to execute automatically just by opening the e-mail? Yes. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [ Scanned for viruses and SPAM on 02/24/2003 at 21:31:45ET incoming www.DcMetroNet.com Declude version 1.67. For information about Viruses and Hoaxes visit www.commandsoftware.com/virus/index.html ] --- --- [ Scanned for viruses and SPAM on 02/24/2003 at 21:56:49ET outgoing http://www.DcMetroNet.com Declude v.1.67. For information about Viruses and Hoaxes visit http://www.commandsoftware.com/virus/index.html ] --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.