RE: [Declude.Virus] Hijack Question
Stop/Start the decludeproc will reset the hijack counter. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 9:42 AM To: declude.virus@declude.com Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. Regards Mario Antonio --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Hijack Question
For 4.x, you have to either restart the declude process or put that IP into the Hijack .cfg to allow mail through. I believe 3.05 would be the same. They are contemplating an improvement to this aspect of Hijack in a future version, but no idea of if / when. - Original Message - From: Mario Antonio [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 9:42 AM Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Hijack Question
Mike, Thanks a lot for your prompt response. Regards Mario Antonio - Original Message - From: Mike N [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 10:16 AM Subject: Re: [Declude.Virus] Hijack Question For 4.x, you have to either restart the declude process or put that IP into the Hijack .cfg to allow mail through. I believe 3.05 would be the same. They are contemplating an improvement to this aspect of Hijack in a future version, but no idea of if / when. - Original Message - From: Mario Antonio [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 9:42 AM Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Hijack Question
David, One more question, I am seeing that some Q files remain in the spool\proc\work folder, is this normal? why? Should I clean them manually? Where are the corresponding D files? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 10:18 AM Subject: RE: [Declude.Virus] Hijack Question Stop/Start the decludeproc will reset the hijack counter. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 9:42 AM To: declude.virus@declude.com Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. Regards Mario Antonio --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Hijack Question
There should not be orphan files I would think you are running some type of virus scanner that is removing the D*.smd files from the \work directory. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 11:50 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, One more question, I am seeing that some Q files remain in the spool\proc\work folder, is this normal? why? Should I clean them manually? Where are the corresponding D files? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 10:18 AM Subject: RE: [Declude.Virus] Hijack Question Stop/Start the decludeproc will reset the hijack counter. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 9:42 AM To: declude.virus@declude.com Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. Regards Mario Antonio --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Hijack Question
David, I am running f-prot 3.16f Take a look at my configs SCANFILE C:\f-prot_windows\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /PACKED /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection: Any suggestions? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 1:58 PM Subject: RE: [Declude.Virus] Hijack Question There should not be orphan files I would think you are running some type of virus scanner that is removing the D*.smd files from the \work directory. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 11:50 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, One more question, I am seeing that some Q files remain in the spool\proc\work folder, is this normal? why? Should I clean them manually? Where are the corresponding D files? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 10:18 AM Subject: RE: [Declude.Virus] Hijack Question Stop/Start the decludeproc will reset the hijack counter. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 9:42 AM To: declude.virus@declude.com Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. Regards Mario Antonio --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Hijack Question
1. Make sure that the Real-Time scanner of F-prot is disabled 2. At a minimum you should be running Declude 3.11 David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 2:38 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, I am running f-prot 3.16f Take a look at my configs SCANFILE C:\f-prot_windows\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /PACKED /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection: Any suggestions? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 1:58 PM Subject: RE: [Declude.Virus] Hijack Question There should not be orphan files I would think you are running some type of virus scanner that is removing the D*.smd files from the \work directory. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 11:50 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, One more question, I am seeing that some Q files remain in the spool\proc\work folder, is this normal? why? Should I clean them manually? Where are the corresponding D files? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 10:18 AM Subject: RE: [Declude.Virus] Hijack Question Stop/Start the decludeproc will reset the hijack counter. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 9:42 AM To: declude.virus@declude.com Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. Regards Mario Antonio --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Hijack Question
Are you running the real time scanner on the spool folder. Disable the real time scanner if it is running. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 11:38 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, I am running f-prot 3.16f Take a look at my configs SCANFILE C:\f-prot_windows\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /PACKED /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection: Any suggestions? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 1:58 PM Subject: RE: [Declude.Virus] Hijack Question There should not be orphan files I would think you are running some type of virus scanner that is removing the D*.smd files from the \work directory. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 11:50 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, One more question, I am seeing that some Q files remain in the spool\proc\work folder, is this normal? why? Should I clean them manually? Where are the corresponding D files? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 10:18 AM Subject: RE: [Declude.Virus] Hijack Question Stop/Start the decludeproc will reset the hijack counter. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 9:42 AM To: declude.virus@declude.com Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. Regards Mario Antonio --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Hijack Question
-David Since it is out there, I also have seen rare D* messages without Q* file stranded in the work folder also. For me about 2 a month. They tend to be spam (of course so does 80% of all mail). If it is a legit message, I'll just forge up a corresponding Q* message and reprocess them. I'm running Declude 4.3.14 I'm quite confident that it isn't a real-time scanning problem here. I think the virus program would probable quarantine a D* file and leave the q* file. Instead the Q* file is gone, elaving the D* file. The next time I get one, I'll check the logs for that message for anything unusual. - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 1:52 PM Subject: RE: [Declude.Virus] Hijack Question 1. Make sure that the Real-Time scanner of F-prot is disabled 2. At a minimum you should be running Declude 3.11 David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 2:38 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, I am running f-prot 3.16f Take a look at my configs SCANFILE C:\f-prot_windows\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /PACKED /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection: Any suggestions? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 1:58 PM Subject: RE: [Declude.Virus] Hijack Question There should not be orphan files I would think you are running some type of virus scanner that is removing the D*.smd files from the \work directory. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 11:50 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, One more question, I am seeing that some Q files remain in the spool\proc\work folder, is this normal? why? Should I clean them manually? Where are the corresponding D files? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 10:18 AM Subject: RE: [Declude.Virus] Hijack Question Stop/Start the decludeproc will reset the hijack counter. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 9:42 AM To: declude.virus@declude.com Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. Regards Mario Antonio --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Hijack Question
DEBUG logs for this would be extremely helpful David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Tuesday, October 31, 2006 3:23 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question -David Since it is out there, I also have seen rare D* messages without Q* file stranded in the work folder also. For me about 2 a month. They tend to be spam (of course so does 80% of all mail). If it is a legit message, I'll just forge up a corresponding Q* message and reprocess them. I'm running Declude 4.3.14 I'm quite confident that it isn't a real-time scanning problem here. I think the virus program would probable quarantine a D* file and leave the q* file. Instead the Q* file is gone, elaving the D* file. The next time I get one, I'll check the logs for that message for anything unusual. - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 1:52 PM Subject: RE: [Declude.Virus] Hijack Question 1. Make sure that the Real-Time scanner of F-prot is disabled 2. At a minimum you should be running Declude 3.11 David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 2:38 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, I am running f-prot 3.16f Take a look at my configs SCANFILE C:\f-prot_windows\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /PACKED /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection: Any suggestions? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 1:58 PM Subject: RE: [Declude.Virus] Hijack Question There should not be orphan files I would think you are running some type of virus scanner that is removing the D*.smd files from the \work directory. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 11:50 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Hijack Question David, One more question, I am seeing that some Q files remain in the spool\proc\work folder, is this normal? why? Should I clean them manually? Where are the corresponding D files? Regards Mario Antonio - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, October 31, 2006 10:18 AM Subject: RE: [Declude.Virus] Hijack Question Stop/Start the decludeproc will reset the hijack counter. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio Sent: Tuesday, October 31, 2006 9:42 AM To: declude.virus@declude.com Subject: [Declude.Virus] Hijack Question Does anyone know if you have to restart the declude process after you have moved back files from the HOLD2 folder into the spool ---Declude 3.0.5/Imail 8.22? In the Declude 2.X you had to close the foreground screen/console (which restarts Hijack) in order to clean all the IP addresses that have been banned. Regards Mario Antonio --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http
RE: [Declude.Virus] HiJack Question
First, you should be actively monitoring the HOLD2 directory. There are some scripts on the Declude Tools sight that can be used for this. Second, you do not need to cycle the SMTP service. However, you will have to rename the HOLD2 files if you want to release them and then manually move them. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc Sent: Sunday, February 06, 2005 11:12 PM To: declude.virus@declude.com Subject: [Declude.Virus] HiJack Question Scenario: Dialup ISP using dynamic IP allocation. Customer#1 using IP address of 1.2.3.4 trips threshold #2. Logs off. Customer #2 logs on and obtains the same IP that customer #1 had (1.2.3.4) My understanding is that HiJack will block Customer #2's outbound email as well. At leastuntil the Declude Console (DECCON.EXE) is closed. Question: If this is true, is it acceptable practice to cleanup HOLD2, stop the SMTP service, kill the DECCON PID and restart the SMTP service? Thx. -M --- The toughest part of getting to the top of the ladder, is getting through the crowd at the bottom. -- unknown
Re: [Declude.Virus] HiJack Question
John, Been there..doing that. My concern is that Customer #2's email will be incorrectly blocked due to DECCON's "memory". I felt it would be safer to stop the SMTP service before killing the deccon instance. -M---"Problems are only opportunities in work clothes." -- Henry J. Kaiser - Original Message - From: John Tolmachoff (Lists) To: Declude.Virus@declude.com Sent: Monday, February 07, 2005 2:53 AM Subject: RE: [Declude.Virus] HiJack Question First, you should be actively monitoring the HOLD2 directory. There are some scripts on the Declude Tools sight that can be used for this. Second, you do not need to cycle the SMTP service. However, you will have to rename the HOLD2 files if you want to release them and then manually move them. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MarcSent: Sunday, February 06, 2005 11:12 PMTo: declude.virus@declude.comSubject: [Declude.Virus] HiJack Question Scenario: Dialup ISP using dynamic IP allocation. Customer#1 using IP address of 1.2.3.4 trips threshold #2. Logs off. Customer #2 logs on and obtains the same IP that customer #1 had (1.2.3.4) My understanding is that HiJack will block Customer #2's outbound email as well. At leastuntil the Declude Console (DECCON.EXE) is closed. Question: If this is true, is it acceptable practice to cleanup HOLD2, stop the SMTP service, kill the DECCON PID and restart the SMTP service? Thx. -M---"The toughest part of getting to the top of the ladder, is getting through the crowd at the bottom." -- unknown