Re: [Declude.Virus] Unknown Viruses?
I am using F-Prot and it is working but I keep getting these unidentified viruses. Unknown Virus virus in the Unknown File attachment Can anyone shed any light on this? Do you ever get the correct virus name (without Vulnerability in the name)? If not, then the F-Prot settings aren't correct (either it is not saving the report.txt file, or there is no REPORT line or an invalid REPORT line in the \IMail\Declude\virus.cfg file). If the virus name is shown sometimes, the log file entries should help determine what happened. If you are blocking suspicious files (with VIRUSCODE 8 in the virus.cfg file), then the Unknown Virus will appear if F-Prot detects a suspicious file (since it can't know the name of a virus that it cannot detect). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Unknown Viruses?
I can see also a lot of this unknown virus reports. (Se attched admin-notify message) All are comming from , [EMAIL PROTECTED] or are NDRs. F-Prot reports an unknown virus. I don't know why, but from the message headers I can see that practically all of this NDRs are useless because they are generated from worm messages with forged mailfrom addresses. Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, May 07, 2004 1:10 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Unknown Viruses? I am using F-Prot and it is working but I keep getting these unidentified viruses. Unknown Virus virus in the Unknown File attachment Can anyone shed any light on this? Do you ever get the correct virus name (without Vulnerability in the name)? If not, then the F-Prot settings aren't correct (either it is not saving the report.txt file, or there is no REPORT line or an invalid REPORT line in the \IMail\Declude\virus.cfg file). If the virus name is shown sometimes, the log file entries should help determine what happened. If you are blocking suspicious files (with VIRUSCODE 8 in the virus.cfg file), then the Unknown Virus will appear if F-Prot detects a suspicious file (since it can't know the name of a virus that it cannot detect). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. ---BeginMessage--- Title: Virus Report Virus in einer Email gefunden. Virus: Unknown Virus Datei: Unknown File von: an: [EMAIL PROTECTED] Betreff: Mail delivery failed: returning message to sender Empfänger: 1 Queuename: D609901dc0098aeb0.SMD Datum: 05/03/2004 Zeit: 17:09:15 Remotehost: Unknown (194.123.123.82) Localhost: local-domain.it D.Version: 1.79i6 Header: Received: from mailout05.sul.t-online.com [194.25.134.82] by mail.zcom.it with ESMTP (SMTPD32-7.15) id A0991DC0098; Mon, 03 May 2004 17:09:13 +0200 Received: from mailin05.aul.t-online.de by mailout05.sul.t-online.com with smtp id 1BKf4C-00072N-00; Mon, 03 May 2004 17:09:12 +0200 X-Failed-Recipients: [EMAIL PROTECTED] From: Mail Delivery System [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Mail delivery failed: returning message to sender Message-Id: [EMAIL PROTECTED] Date: Mon, 3 May 2004 17:08:41 +0200 ---End Message---
RE: [Declude.Virus] Unknown Viruses?
Scott, From the virus.cfg file SCANFILED:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 Here are some examples from the log file. Seems I do not have a virus name in any of the log messages. 05/06/2004 00:14:48 Qbba90921010cfa85 Invalid PIF Vulnerability 05/06/2004 00:14:48 Qbba90921010cfa85 File(s) are INFECTED [: 3] 05/06/2004 00:14:48 Qbba90921010cfa85 Scanned: CONTAINS A VIRUS [MIME: 2 17600] 05/06/2004 10:38:34 Q4de7012901160c06 File(s) are INFECTED [: 3] 05/06/2004 10:38:34 Q4de7012901160c06 Scanned: CONTAINS A VIRUS [MIME: 2 22573] 05/06/2004 10:39:02 Q4df9058801180c08 Scanned: Virus Free [MIME: 1 4836] I have lots of these types but these are from declude checking the Outlook vulnerabilities. 05/06/2004 12:13:25 Q6421067d01180f35 Invalid SCR Vulnerability 05/06/2004 12:13:25 Q6421067d01180f35 File(s) are INFECTED [[Outlook 'MIME Header' Vulnerability]: 3] 05/06/2004 12:13:26 Q6421067d01180f35 Scanned: CONTAINS A VIRUS [MIME: 3 30458] Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, May 07, 2004 7:10 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Unknown Viruses? I am using F-Prot and it is working but I keep getting these unidentified viruses. Unknown Virus virus in the Unknown File attachment Can anyone shed any light on this? Do you ever get the correct virus name (without Vulnerability in the name)? If not, then the F-Prot settings aren't correct (either it is not saving the report.txt file, or there is no REPORT line or an invalid REPORT line in the \IMail\Declude\virus.cfg file). If the virus name is shown sometimes, the log file entries should help determine what happened. If you are blocking suspicious files (with VIRUSCODE 8 in the virus.cfg file), then the Unknown Virus will appear if F-Prot detects a suspicious file (since it can't know the name of a virus that it cannot detect). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Unknown Viruses?
Here are some examples from the log file. Seems I do not have a virus name in any of the log messages. 05/06/2004 00:14:48 Qbba90921010cfa85 Invalid PIF Vulnerability These are being detected by Declude Virus (ones that F-Prot is not picking up for some reason). I believe the latest interim (1.79i6) takes care of this (if not, the next interim will), so that they will appear as Invalid PIF Vulnerability instead of Unknown Virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
