Re: [Declude.Virus] BanExt / Scan CC Ban Attachment
I think I understand the question. I only get banned extension notices when there is no known virus. I route these banned notices to a folder in my mail program for special attention (the virus name is in the subject). The banned e-mails get checked by hand. If it looks legit, I send a form letter to the source and destination. (... for your protection we are blocking . The others are assumed to be either a new virus (first few hours) or a broken scrap returned by another mail system. Greg PS I'll revive a long term request. When I try to guess if a banned e-mail is legit, the FULL file name and not just the extension would be a BIG help. --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT EXE
Double check the D file. There might be more than one attachment. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jay Calvert Sent: Friday, March 26, 2004 8:57 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] BANEXT EXE Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? Thanks. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? What happened is that either it contained an .exe file, or it had multiple extensions (in which case Declude Virus assumes the worst, that it is an .exe file). If you send me the D*.SMD file that was quarantined, I can let you know exactly why it was blocked as an .exe file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
Scott, I just sent it to you, please look for it, it came from our systems account. Jay - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 9:17 AM Subject: Re: [Declude.Virus] BANEXT EXE Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? What happened is that either it contained an .exe file, or it had multiple extensions (in which case Declude Virus assumes the worst, that it is an .exe file). If you send me the D*.SMD file that was quarantined, I can let you know exactly why it was blocked as an .exe file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
I have several examples of that from last night as well, all the txt attachments were anti-virus generated attachments 03/25/2004 19:11:00 Q751409530072c4c8 MIME file: DELETED0.TXT [quoted-printable; Length=113 Checksum=12852] 03/25/2004 19:11:00 Q751409530072c4c8 Banning file deleted0.txt. 03/25/2004 19:11:01 Q751409530072c4c8 Scanned: Banned file extension. [MIME: 3 1052] Is there an explanation? Rick Davidson National Systems Manager North American Title Group 440-953-9346 - Office 440-953-0925 - Fax 440-487-7344 - Mobile [EMAIL PROTECTED] - - Original Message - From: Jay Calvert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 11:56 AM Subject: [Declude.Virus] BANEXT EXE Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? Thanks. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
I have several examples of that from last night as well, all the txt attachments were anti-virus generated attachments 03/25/2004 19:11:00 Q751409530072c4c8 MIME file: DELETED0.TXT [quoted-printable; Length=113 Checksum=12852] 03/25/2004 19:11:00 Q751409530072c4c8 Banning file deleted0.txt. 03/25/2004 19:11:01 Q751409530072c4c8 Scanned: Banned file extension. [MIME: 3 1052] Is there an explanation? Yes, there is an explanation. My guess is that the AV programs didn't handle the MIME correctly, and said that it was an .exe file (or .pif/.scr/whatever) in one place and a .txt file in another. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
Scott, Did you receive the second email? Jay - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 9:39 AM Subject: Re: [Declude.Virus] BANEXT EXE I have several examples of that from last night as well, all the txt attachments were anti-virus generated attachments 03/25/2004 19:11:00 Q751409530072c4c8 MIME file: DELETED0.TXT [quoted-printable; Length=113 Checksum=12852] 03/25/2004 19:11:00 Q751409530072c4c8 Banning file deleted0.txt. 03/25/2004 19:11:01 Q751409530072c4c8 Scanned: Banned file extension. [MIME: 3 1052] Is there an explanation? Yes, there is an explanation. My guess is that the AV programs didn't handle the MIME correctly, and said that it was an .exe file (or .pif/.scr/whatever) in one place and a .txt file in another. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? The problem here is that the mail client (a program whose name is as poor as its MIME handling: Mail A.01.77) is giving out 2 different names for the file. In one location, it calls the file EPM11002.FILES.CANJET, in the other location it calls it EPM11002.TXT. While Declude Virus knows that a TXT file is safe, it doesn't know that a CANJET file is not safe. To ensure that the extension gets handled properly (as the worst possible file extension), it is treated as an .EXE file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
But if this is the case, how will a file be caught if somebody renames a .zip to a .zio? Will declude know the difference. Would be wonderful if it did! Jay - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 10:50 AM Subject: Re: [Declude.Virus] BANEXT EXE Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? The problem here is that the mail client (a program whose name is as poor as its MIME handling: Mail A.01.77) is giving out 2 different names for the file. In one location, it calls the file EPM11002.FILES.CANJET, in the other location it calls it EPM11002.TXT. While Declude Virus knows that a TXT file is safe, it doesn't know that a CANJET file is not safe. To ensure that the extension gets handled properly (as the worst possible file extension), it is treated as an .EXE file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
The problem here is that the mail client (a program whose name is as poor as its MIME handling: Mail A.01.77) is giving out 2 different names for the file. In one location, it calls the file EPM11002.FILES.CANJET, in the other location it calls it EPM11002.TXT. While Declude Virus knows that a TXT file is safe, it doesn't know that a CANJET file is not safe. To ensure that the extension gets handled properly (as the worst possible file extension), it is treated as an .EXE file. But if this is the case, how will a file be caught if somebody renames a .zip to a .zio? Will declude know the difference. Would be wonderful if it did! That's something very different. In the case here, the mail client is calling the E-mail both file.zip and file.zio (in which case Declude Virus assumes the worst, and treats it as a .exe). In the case you are talking about, the file is named just file.zio (in which case it is handled as a .zio file -- and delivered, unless you block .zio files). We are considering an option to automatically detect .ZIP files, even if they are renamed, just in case future viruses try asking their victims to rename the file before extracting and running the virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
I was just thinking, is there a way instead of having BANEXT, to allowed EXT? We want to cut down on employees bypassing the filters by renaming an attachment Maybe if it isn't in the list it is held for review Will this stop blah.txt.exe files though if we wanted .txt's to get through Jay - Original Message - From: Jay Calvert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 10:58 AM Subject: Re: [Declude.Virus] BANEXT EXE But if this is the case, how will a file be caught if somebody renames a .zip to a .zio? Will declude know the difference. Would be wonderful if it did! Jay - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 10:50 AM Subject: Re: [Declude.Virus] BANEXT EXE Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? The problem here is that the mail client (a program whose name is as poor as its MIME handling: Mail A.01.77) is giving out 2 different names for the file. In one location, it calls the file EPM11002.FILES.CANJET, in the other location it calls it EPM11002.TXT. While Declude Virus knows that a TXT file is safe, it doesn't know that a CANJET file is not safe. To ensure that the extension gets handled properly (as the worst possible file extension), it is treated as an .EXE file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT question
No such thing as BANEXT EZIP?? Taken from one of Scott's posts: Gary From: R. Scott Perry Subject: RE: [Declude.Virus] Scan Password Protected Zip's Date: Tue, 02 Mar 2004 12:44:39 -0800 Do you think moving to 1.78i7 will help with this issue? I would recommend doing that, and using the BANEZIPEXTS ON option instead of the old BANEXT EZIP option. The new one should work much better. -Scott - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 08, 2004 2:22 AM Subject: RE: [Declude.Virus] BANEXT question As Don said, there is no such thing as BANEXT EZIP. Try reading the archives again. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, March 07, 2004 5:23 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] BANEXT question I'm currently using: BANEXT EZIP, becuase BANEZIP ON does not work for me. I'm running the latest intrum version of Declude w/ F-Prot. I have a Standard Declude license. Does BANEZIP ON only work for the Pro version of Declude? If yes, I guess I should just continue to use BANEXT EZIP ? (Such a wonderful product!) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] [AUTOMATED NOTE: Your mail server [206.69.160.61] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT question
No such thing as BANEXT EZIP?? I believe he meant There is no such thing as BANEZIP ON (because there isn't one of those). But Don re-posted the summary that I had sent out last week, which has all the details in it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT question
Tis what I get for trying to think at such an hour. :S Rereading your posts, yes, I meant BANEZIP ON does not exist. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, March 08, 2004 6:44 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] BANEXT question No such thing as BANEXT EZIP?? I believe he meant There is no such thing as BANEZIP ON (because there isn't one of those). But Don re-posted the summary that I had sent out last week, which has all the details in it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT question
Scott, posted this last week: With the latest interim release, you can use: BANEXT EZIP - This line will ban all .ZIP files with an encrypted file in them BANZIPEXTS ON - This line (Pro version only) will ban all file extensions listed in BANEXT lines, if they appear in non-encrypted .ZIP files BANEZIPEXTS ON - This line (Pro version only) will ban all file extensions listed in BANEXT lines, if they appear in encrypted .ZIP files Also, the latest interim (with the Pro version only) will detect bogus .BAT/.COM/.PIF/.SCR files (automatically as vulnerabilities, with no need for config file entries). If you are having any troubles with these, please re-read the information on them, and then be very clear what is happening. There are a lot of possibilities here. You'll need to specify [1] Whether you are using BANZIPEXTS ON or BANEZIPEXTS ON (or the not-recommended-but-still-useful BANEXT EZIP), [2] Whether you have a BANEXT line to block the appropriate file (BANEXT com, for example), [3] What type of file you are sending through (.com? .com within a .zip?), [4] If it is a .ZIP file, is the file inside it encrypted, and [5] What version of Declude Virus are you running (Lite/Standard/Pro, and which version # such as 1.78i8)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 07, 2004 7:22 PM Subject: [Declude.Virus] BANEXT question I'm currently using: BANEXT EZIP, becuase BANEZIP ON does not work for me. I'm running the latest intrum version of Declude w/ F-Prot. I have a Standard Declude license. Does BANEZIP ON only work for the Pro version of Declude? If yes, I guess I should just continue to use BANEXT EZIP ? (Such a wonderful product!) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Banext and bannotify.eml questions
Scott, Can I configure the bannotify.eml to not send messages to the sender of the file, but to send them only to the recipient and to me. Not currently. Isn't it possible to modify the Bannotify.eml file and only include the recipient and postmaster? Would it still send a notice to the sender somehow? I have the same situation here. Most dangerous file attachments are stripped by my firewall, but I'm using Declude to stop zips and review them in the virus directory (Thank you for that feature). Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Banext and bannotify.eml questions
I updated the bannotify.eml file to send to our tech support email, will this not work? I have not received any of them, but just set this up this morning... Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of bill.maillists Sent: Tuesday, March 02, 2004 12:27 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Banext and bannotify.eml questions Scott, Can I configure the bannotify.eml to not send messages to the sender of the file, but to send them only to the recipient and to me. Not currently. Isn't it possible to modify the Bannotify.eml file and only include the recipient and postmaster? Would it still send a notice to the sender somehow? I have the same situation here. Most dangerous file attachments are stripped by my firewall, but I'm using Declude to stop zips and review them in the virus directory (Thank you for that feature). Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Banext and bannotify.eml questions
Can I configure the bannotify.eml to not send messages to the sender of the file, but to send them only to the recipient and to me. Not currently. Actually, I believe this can be done, by using a line To: %ALLRECIPS%,[EMAIL PROTECTED] in the \IMail\Declude\BANnotify.eml file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Banext and bannotify.eml questions
OK, I have it the other way around, does that matter? No. Any E-mail addresses that appear after To: and that are separated by commas will work. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Banext and bannotify.eml questions
OK, I have it the other way around, does that matter? [EMAIL PROTECTED],%MailFrom% or something like that? Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Tuesday, March 02, 2004 12:47 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Banext and bannotify.eml questions Isn't it possible to modify the Bannotify.eml file and only include the recipient and postmaster? Would it still send a notice to the sender somehow? The notification will be sent to anyone listed in the To: header. In this case, you can use To: %ALLRECIPS%,[EMAIL PROTECTED]. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT
BANEXTdata Does not look to be executable. http://filext.com/detaillist.php?extdetail=dataSubmit3=Go%21 BANEXTlink No such extension found. http://filext.com/detaillist.php?extdetail=linkgoButton=Go BANEXTunk No such extension found. http://filext.com/detaillist.php?extdetail=unk BANEXTuue Some kind of encoded file, maybe compressed. http://filext.com/detaillist.php?extdetail=uue John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT
Good list, John. Thanks for sharing. Darin. - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 28, 2004 3:55 PM Subject: RE: [Declude.Virus] BANEXT What are the recommended extensions to BAN? http://www.eservicesforyou.com/documents/emailattachments.pdf How do you handle it if someone needs to send a file through...sometimes there will be legitimate files that need to be send through. I tell them to zip it. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT
That was a great list. I have the following extensions blocked as well: BANEXT data BANEXT link BANEXT unk BANEXT uue I wish I remember why - but I imagine it won't hurt... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Sunday, February 01, 2004 9:23 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] BANEXT Good list, John. Thanks for sharing. Darin. - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 28, 2004 3:55 PM Subject: RE: [Declude.Virus] BANEXT What are the recommended extensions to BAN? http://www.eservicesforyou.com/documents/emailattachments.pdf How do you handle it if someone needs to send a file through...sometimes there will be legitimate files that need to be send through. I tell them to zip it. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT
What are the recommended extensions to BAN? http://www.eservicesforyou.com/documents/emailattachments.pdf How do you handle it if someone needs to send a file through...sometimes there will be legitimate files that need to be send through. I tell them to zip it. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT
Would you be willing to send the list as a text file? Thanks, Andy - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 28, 2004 3:55 PM Subject: RE: [Declude.Virus] BANEXT What are the recommended extensions to BAN? http://www.eservicesforyou.com/documents/emailattachments.pdf How do you handle it if someone needs to send a file through...sometimes there will be legitimate files that need to be send through. I tell them to zip it. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT
Well, yes! If I open a zip and catch a virus, woe on me. I'm supposed to be experienced enough not to do that. Plus, my personal machine is definitely as up to date as possible on virus defs. Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Klinge Sent: Monday, January 26, 2004 10:11 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] BANEXT Geeze.. So you want the virus to only effect certain users? ~Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Monday, January 26, 2004 9:19 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] BANEXT Thanks to all for the quick notification of the new virus. We seemed to have escaped any harm. We immediately put BANEXT zip into our virus.cfg file, and that seemed to be a good thing. Now I'm thinking about lowering our protection back to where it was. Is it possible, with Virus Standard, and/or Junkmail Pro, to ban by extension for just some users? Or, better yet, conversely ban an extension for all user EXCEPT certain power users? Inquring minds want to know. Thanks in advance Rob www.iGive.com Turn your online shopping into cash for your charity. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT
FYI, 75% of desktops will not have the correct updated definitions for this for at least a few hours after the outbreak occurs, do to the nature of definition updates and propagation thereof. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Tuesday, January 27, 2004 6:10 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] BANEXT Well, yes! If I open a zip and catch a virus, woe on me. I'm supposed to be experienced enough not to do that. Plus, my personal machine is definitely as up to date as possible on virus defs. Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Klinge Sent: Monday, January 26, 2004 10:11 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] BANEXT Geeze.. So you want the virus to only effect certain users? ~Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Monday, January 26, 2004 9:19 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] BANEXT Thanks to all for the quick notification of the new virus. We seemed to have escaped any harm. We immediately put BANEXT zip into our virus.cfg file, and that seemed to be a good thing. Now I'm thinking about lowering our protection back to where it was. Is it possible, with Virus Standard, and/or Junkmail Pro, to ban by extension for just some users? Or, better yet, conversely ban an extension for all user EXCEPT certain power users? Inquring minds want to know. Thanks in advance Rob www.iGive.com Turn your online shopping into cash for your charity. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT
Geeze.. So you want the virus to only effect certain users? ~Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Monday, January 26, 2004 9:19 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] BANEXT Thanks to all for the quick notification of the new virus. We seemed to have escaped any harm. We immediately put BANEXT zip into our virus.cfg file, and that seemed to be a good thing. Now I'm thinking about lowering our protection back to where it was. Is it possible, with Virus Standard, and/or Junkmail Pro, to ban by extension for just some users? Or, better yet, conversely ban an extension for all user EXCEPT certain power users? Inquring minds want to know. Thanks in advance Rob www.iGive.com Turn your online shopping into cash for your charity. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT to delete all .pif?
Just like everyone else, we are getting hammered by Sobig.F. Declude seems to be catching and holding the virus e-mails with the attachments because of the BANEXT option. The potential exists to overload our hard drive. There were over 3,000 held messages today (that is about 2x what we would normally do in a day)and I'm worried that with some minor modification some idiot could make this send out a larger file. Is anyone else setting to Deletevirus to on to address this and will that cause the held messages to be deleted for BANEXT? No, there isn't. However, if the E-mail is caught due to a banned file extension, that means that the virus scanner is not catching it, which is normally a serious problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT to delete all .pif?
I thought BANEXT worked before the scanner? DAMN... maybe my f-protect.exe is old and not catching viruses? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, August 20, 2003 04:03 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] BANEXT to delete all .pif? Just like everyone else, we are getting hammered by Sobig.F. Declude seems to be catching and holding the virus e-mails with the attachments because of the BANEXT option. The potential exists to overload our hard drive. There were over 3,000 held messages today (that is about 2x what we would normally do in a day)and I'm worried that with some minor modification some idiot could make this send out a larger file. Is anyone else setting to Deletevirus to on to address this and will that cause the held messages to be deleted for BANEXT? No, there isn't. However, if the E-mail is caught due to a banned file extension, that means that the virus scanner is not catching it, which is normally a serious problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT to delete all .pif?
I just ran a manual scan on the spool virus directory with F-protect and it identified all the held viruses as [EMAIL PROTECTED] - BUT I did run an update immediately before that even though I ran it this morning. Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, August 20, 2003 04:03 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] BANEXT to delete all .pif? Just like everyone else, we are getting hammered by Sobig.F. Declude seems to be catching and holding the virus e-mails with the attachments because of the BANEXT option. The potential exists to overload our hard drive. There were over 3,000 held messages today (that is about 2x what we would normally do in a day)and I'm worried that with some minor modification some idiot could make this send out a larger file. Is anyone else setting to Deletevirus to on to address this and will that cause the held messages to be deleted for BANEXT? No, there isn't. However, if the E-mail is caught due to a banned file extension, that means that the virus scanner is not catching it, which is normally a serious problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT to delete all .pif?
I thought BANEXT worked before the scanner? Both are done on all E-mail, and if a virus is found, it takes priority over the banned file extension. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] banext notification
I'm thinking of leaving the banext in place but want to allert the sender and/or recipient when a mail is being held. I've downloaded the BANnotify.eml file but don't see how Declude decides when to use it. Do I need to put any extra control lines at the beginning? Declude knows by the name of the file, so you don't need to worry about control lines in there. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT question.....
Is there a way to just refuse attachments of certain types? instead of quarantined OR strip the attachment off? I don't want to bounce messages, I'd be happy with just removing the attachment. maybe add a line to the mail Attachment removed ? Is this possible? Or something we can add? No, that isn't possible. Altering or removing attachments get very complex, and with the newly discovered vulnerabilities, it becomes very dangerous (meaning that by stripping certain attachment types, future viruses could bypass the attachment stripping). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT SHS
http://www.antichip.org/virusinfo/extensions.html http://www.internetworking.ch/htme/security13.htm http://www.f-secure.com/v-descs/stages.shtml http://www.quickheal.com/stages.htm http://www.geocities.com/floydian_99/inv2.html http://archives.neohapsis.com/archives/vuln-dev/1999-q4/0122.html Hope that helps. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sheldon Koehler Sent: Monday, December 16, 2002 11:18 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] BANEXT SHS I have 2 people that are mad at me for blocking the SHS extension. Are there any web pages from anti virus companies or some such Authority that I can send them on why I am blocking it? They say they are sending a Christmas card. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT SHS
Hope that helps. Thanks John! Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT settings
I just implimented the BANEXT in my virus.cfg and added the bannotify.eml to my Declude directory. The notify only goes out to the sender and I would like to know when a banned extension tries to come in as well. I know I could just add an additional entry to the to: field of bannotify.eml but I'd rather not advertise to the sender that I'm getting the notify as well. Is there a way to BCC or is there another EML type that I can use to notify the postmaster? There is no way to add a Bcc: field -- the only way you can get a copy as well is by adding yourself to the To: line (To: %MAILFROM%,[EMAIL PROTECTED]). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT settings
Thanks, will do Scott! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Wednesday, September 04, 2002 2:07 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] BANEXT settings I just implimented the BANEXT in my virus.cfg and added the bannotify.eml to my Declude directory. The notify only goes out to the sender and I would like to know when a banned extension tries to come in as well. I know I could just add an additional entry to the to: field of bannotify.eml but I'd rather not advertise to the sender that I'm getting the notify as well. Is there a way to BCC or is there another EML type that I can use to notify the postmaster? There is no way to add a Bcc: field -- the only way you can get a copy as well is by adding yourself to the To: line (To: %MAILFROM%,[EMAIL PROTECTED]). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] banext issue
The catch here is that BinHex (Mac encoding) files have the filename within the encoded segment. So you can have a situation where the MIME filename is safefile.txt, but the BinHex segment says the filename is evilvirus.exe (which you won't see, because it is encoded). -Scott Here are the attachment headers from the message. I just want to make sure. --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=HOPE COVER Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=HOPE COVER --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=GFSD Handout Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=GFSD Handout --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=middle school scenario Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=middle school scenario --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=One Solution Syndrome Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=One Solution Syndrome --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] banext issue
Those headers won't affect whether or not Declude bans the files -- the *real* filename is one you won't see, becaues it is encoded. You can send a copy of the E-mail file to [EMAIL PROTECTED] , and I can test it here to see what the real extensions are. -Scott At 11:11 AM 8/9/2002, you wrote: The catch here is that BinHex (Mac encoding) files have the filename within the encoded segment. So you can have a situation where the MIME filename is safefile.txt, but the BinHex segment says the filename is evilvirus.exe (which you won't see, because it is encoded). -Scott Here are the attachment headers from the message. I just want to make sure. --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=HOPE COVER Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=HOPE COVER --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=GFSD Handout Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=GFSD Handout --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=middle school scenario Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=middle school scenario --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=One Solution Syndrome Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=One Solution Syndrome --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] banext issue
ok, so next question... if declude caught the attachment why did it not list with the %BANEXT% variable? That variable was blank. How would I determine what file extension was caught. I'm just trying to understand... On Friday, August 9, 2002 9:17 AM, R. Scott Perry [EMAIL PROTECTED] wrote: Those headers won't affect whether or not Declude bans the files -- the *real* filename is one you won't see, becaues it is encoded. You can send a copy of the E-mail file to [EMAIL PROTECTED] , and I can test it here to see what the real extensions are. -Scott At 11:11 AM 8/9/2002, you wrote: The catch here is that BinHex (Mac encoding) files have the filename within the encoded segment. So you can have a situation where the MIME filename is safefile.txt, but the BinHex segment says the filename is evilvirus.exe (which you won't see, because it is encoded). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] banext issue
Scott, please post, (although I know you will) what your findings are as we also have clients with MAC users. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Friday, August 09, 2002 8:18 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] banext issue Those headers won't affect whether or not Declude bans the files -- the *real* filename is one you won't see, becaues it is encoded. You can send a copy of the E-mail file to [EMAIL PROTECTED] , and I can test it here to see what the real extensions are. -Scott At 11:11 AM 8/9/2002, you wrote: The catch here is that BinHex (Mac encoding) files have the filename within the encoded segment. So you can have a situation where the MIME filename is safefile.txt, but the BinHex segment says the filename is evilvirus.exe (which you won't see, because it is encoded). -Scott Here are the attachment headers from the message. I just want to make sure. --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=HOPE COVER Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=HOPE COVER --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=GFSD Handout Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=GFSD Handout --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=middle school scenario Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=middle school scenario --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=One Solution Syndrome Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=One Solution Syndrome --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] banext issue
I did not catch that you wanted the message How do I go about taking something from the virus folder, change the recipient to [EMAIL PROTECTED]? just copy and change the sender in both files? On Friday, August 9, 2002 9:54 AM, John Tolmachoff [EMAIL PROTECTED] wrote: Scott, please post, (although I know you will) what your findings are as we also have clients with MAC users. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Friday, August 09, 2002 8:18 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] banext issue Those headers won't affect whether or not Declude bans the files -- the *real* filename is one you won't see, becaues it is encoded. You can send a copy of the E-mail file to [EMAIL PROTECTED] , and I can test it here to see what the real extensions are. -Scott At 11:11 AM 8/9/2002, you wrote: The catch here is that BinHex (Mac encoding) files have the filename within the encoded segment. So you can have a situation where the MIME filename is safefile.txt, but the BinHex segment says the filename is evilvirus.exe (which you won't see, because it is encoded). -Scott Here are the attachment headers from the message. I just want to make sure. --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=HOPE COVER Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=HOPE COVER --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=GFSD Handout Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=GFSD Handout --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=middle school scenario Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=middle school scenario --WBE1028896920052e2aec2af3c9e93cad6a0ff23d4e75 Content-Type: application/x-macbinary; name=One Solution Syndrome Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=One Solution Syndrome --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] banext issue
I did not catch that you wanted the message How do I go about taking something from the virus folder, change the recipient to [EMAIL PROTECTED]? just copy and change the sender in both files? Probably the easiest thing to do would be to send the .SMD file (from the virus folder) as an attachment. I'll still get the original E-mail that way, and can still test it. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] banext issue
ok scott, I'll get the latest thanks for looking into it. Insidently, I see that all the time with mac files... spaces at the end pain in the _ss On Friday, August 9, 2002 11:18 AM, R. Scott Perry [EMAIL PROTECTED] wrote: so, I looked at the message in the virus folder and there were 4 attachments to the message, none of them had extensions. (all mac files) Actually, it turns out that this isn't related to the BinHex files -- the problem has to do with the attachments not having extensions (and having spaces in them). If you upgrade to the latest beta, it will take care of the problem. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT notify
I have the BANEXT and the notify working fine. My question is there a way to send the notify email to the postmaster (me) also to let me know that someone tried to send a banned extension? You can have: To: %MAILFROM%,[EMAIL PROTECTED] in the \IMail\Declude\BANnotify.eml file, which will send it to both addresses. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] BANEXT notify
Can I downoload the BANnotify.eml template from somewhere? Yes, you can download it from http://www.declude.com/release/154/bannotify.eml . Further details on banning file extensions can be found at http://www.declude.com/virus/manual.htm in the Banning files based on extension section. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] BANEXT notify
Thanks all -Original Message- From: Dustin Freeman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 10:25 AM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.Virus] BANEXT notify Can I downoload the BANnotify.eml template from somewhere? -Original Message- From: Don Hickey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 10:18 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] BANEXT notify I have the BANEXT and the notify working fine. My question is there a way to send the notify email to the postmaster (me) also to let me know that someone tried to send a banned extension? Thanks Don Hickey --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] BANEXT maybe not working?
OK. I didn't understand the order. It is good this way. I too like the fact that it serves as a failsafe after the virus scan. Thanks! Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy Schmidt Sent: Friday, December 07, 2001 12:02 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] BANEXT maybe not working? the virus scanning takes priority over the banning. That is, the E-mail will be scanned for viruses first, and only if the E-mail is virus-free will the file extension banning be done. Thank you and PLEASE remember to keep it in that sequence. g It takes extra CPU time to first run the virus scan - but at least it will be detected as a virus and helps advertising the fact that we virus-scan. The Extension ban should just be the final straw when the virus scanner fails - just as you implemented it NOW. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.hm-software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]