RE: [Declude.Virus] Lines in the virus.cfg file
Now that 1.81 is released what is the recommendation by DECLUDE (SCOTT) regarding the config file.?? IE do we allow the AV software to scan jpegs by removing the line SKIPEXT JPG or do we allow Declude to take care of it completely . From what I understand (and I know ugotz) the infected jpegs are more likely to be in Web Pages then in emails. I am assuming from the threads here that people are catching infected jpegs. Or is it tests only?? DC From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg LittleSent: Thursday, September 30, 2004 12:30 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] Lines in the virus.cfg file I should eliminate (comment out) at least the JPG line right away.The new test (when it's fully ready) provides a great safty net to backup the AV programs. The new test will ignore these lines and bad JPEGs will be caught.The test is available by install a new interim version of Declude. (The test in the current intermin 1.80 has some problems so wait until they are resolved or check the other messages for details.)The best advice I've seen is to eliminate at least the JPG line, because these lines will prevent the AV programs from being called. Until last week, you could safely save some CPU time on your e-mail server by not scanning JPEGs.GregSharyn Schmidt wrote: I was looking through my virus.cfg and I noticed the following: # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG Should I now allow declude to scan jpg and gif files or is this totally different than the new jpeg vulnerability? Thanks, Sharyn --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus]
RE: [Declude.Virus] Lines in the virus.cfg file
Now that 1.81 is released what is the recommendation by DECLUDE (SCOTT) regarding the config file.?? IE do we allow the AV software to scan jpegs by removing the line SKIPEXT JPG or do we allow Declude to take care of it completely . That's up to you. In theory, it shouldn't be necessary to remove the SKIPEXT JPG line, as Declude Virus should detect any .JPG file with the vulnerability. But if you are looking to be extra-cautious, you can remove that line. From what I understand (and I know ugotz) the infected jpegs are more likely to be in Web Pages then in emails. I can't say one way or the other. Web pages have the disadvantage that it is nearly impossible to intercept the JPEG files in transit (whereas E-mail can be scanned easily), but then again it is much easier to send a lot of E-mails than to get a lot of people to go to a website. I am assuming from the threads here that people are catching infected jpegs. Or is it tests only?? Tests and false positives with the Microsoft algorithm (from 1.80). The 1.81 version shouldn't have any false positives. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Lines in the virus.cfg file
I should eliminate (comment out) at least the JPG line right away. The new test (when it's fully ready) provides a great safty net to backup the AV programs. The new test will ignore these lines and bad JPEGs will be caught. The test is available by install a new interim version of Declude. (The test in the current intermin 1.80 has some problems so wait until they are resolved or check the other messages for details.) The best advice I've seen is to eliminate at least the JPG line, because these lines will prevent the AV programs from being called. Until last week, you could safely save some CPU time on your e-mail server by not scanning JPEGs. Greg Sharyn Schmidt wrote: Lines in the virus.cfg file I was looking through my virus.cfg and I noticed the following: # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG Should I now allow declude to scan jpg and gif files or is this totally different than the new jpeg vulnerability? Thanks, Sharyn --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
