Re: [Declude.Virus] problems when testing a new server
I do know this was discussed previously on this list as an issue, but I can't remember exactly what the solution was. I do know that it was mentioned that in most cases this is not an issue, since most viruses now days seem to autosend without the user intentionally attaching them. What versions of declude and imail are you running? You may want to try a newer version of declude to see if that changes anything. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: ISPhuset Nordic AS [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 1:16 PM Subject: RE: [Declude.Virus] problems when testing a new server running the exact same version but what i found here is that if i log onto my webmail on the old server i can send and eicar.com file to my account on another domain and it is not being stopped either from the virus scanner or from the banext in my config file but do i send it from my mailclient it works ok -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Matuska Sent: 12. august 2003 22:02 To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] problems when testing a new server Are you running the same versions of Imail and declude on each server, I seem to remember something a while back about needing a later version of Imail or Declude to catch webmail based virus attachments. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: ISPhuset Nordic AS [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 12:41 PM Subject: [Declude.Virus] problems when testing a new server Have sett up the server in the exact same with one exception on the old server i use f-prot312c on the new server i user f-prot314a_m when i run a test with eicar.com on the server localy in webmail it slips through when i have i only the on demand scanner installed copy of config # # Declude Virus configuration file # CODE6F4B90A4 # The in the LOGFILE option gets replaced with the month/date LOGFILE E:\virus\vir.log LOGLEVELMID CONSOLE OFF # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. SCANFILEC:\f-prot\fpcmd.exe /TYPE /SILENT /NOMEM /NOFLOPPY /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 #VIRUSCODE 8 REPORTInfection PRESCAN ON # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'virus' (\IMail\spool\virus). VIRDIR E:\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. #MAXATONCE 1 ## The following options allow you to limit scanning to only incoming or outgoing # E-mail, with v1.13 and higher. If they are commented out (# in front of them), # Declude will scan all E-mail. #INCOMING ON #OUTGOING ON BANEXT COM BANEXT PIF BANEXT EXE BANEXT SCR BANNAME message.zip when i turn on the real time protector i cant attatch the eicar.com file deny it just at is should Any good ideas here --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] problems when testing a new server
do i send an email from webmail opened on a terminal session, and sending eicar.com out in the world it will NOT trigger any of the options witch are in the virus config file f.ex banext Why ? That's because in versions of IMail before v8, they set it up so that outgoing E-mail from web messaging would not get scanned. It is extremely rare, however, for outgoing web messaging E-mail to contain a virus (it can only happen if the sender has a virus on their computer, intentionally attaches a file, that happens to contain a virus, and it is an executable file). If you have an on-access virus scanner scanning just the \IMail\spool directory (but not the subdirectories!), then the virus will get caught when it is uploaded (you'll need to double-check that your version of IMail stores the attachments in the \IMail\spool directory while they are being uploaded, however). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] problems when testing a new server
How about a simple question? -- have you ran Declude.exe in the new server? If not simply double click the Declude.exe and test again. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ISPhuset Nordic AS Sent: Tuesday, August 12, 2003 4:16 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] problems when testing a new server running the exact same version but what i found here is that if i log onto my webmail on the old server i can send and eicar.com file to my account on another domain and it is not being stopped either from the virus scanner or from the banext in my config file but do i send it from my mailclient it works ok -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Matuska Sent: 12. august 2003 22:02 To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] problems when testing a new server Are you running the same versions of Imail and declude on each server, I seem to remember something a while back about needing a later version of Imail or Declude to catch webmail based virus attachments. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: ISPhuset Nordic AS [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 12:41 PM Subject: [Declude.Virus] problems when testing a new server Have sett up the server in the exact same with one exception on the old server i use f-prot312c on the new server i user f-prot314a_m when i run a test with eicar.com on the server localy in webmail it slips through when i have i only the on demand scanner installed copy of config # # Declude Virus configuration file # CODE6F4B90A4 # The in the LOGFILE option gets replaced with the month/date LOGFILE E:\virus\vir.log LOGLEVELMID CONSOLE OFF # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. SCANFILEC:\f-prot\fpcmd.exe /TYPE /SILENT /NOMEM /NOFLOPPY /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 #VIRUSCODE 8 REPORTInfection PRESCAN ON # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'virus' (\IMail\spool\virus). VIRDIR E:\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. #MAXATONCE 1 ## The following options allow you to limit scanning to only incoming or outgoing # E-mail, with v1.13 and higher. If they are commented out (# in front of them), # Declude will scan all E-mail. #INCOMING ON #OUTGOING ON BANEXT COM BANEXT PIF BANEXT EXE BANEXT SCR BANNAME message.zip when i turn on the real time protector i cant attatch the eicar.com file deny it just at is should Any good ideas here --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] problems when testing a new server
with the new engine and using f-prot.exe and sending from my outlook client i get a virus warning and its ok but doing the same with fpcmd.exe it get caught of the banext This sounds like a separate issue -- the command lines for F-Prot.exe and fpcmd.exe should be identical *except* that you must not use /NOFLOPPY with fpcmd.exe, but you must use it with F-Prot.exe. If you use /NOFLOPPY with fpcmd.exe, it will not work. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] problems when testing a new server
running the exact same version but what i found here is that if i log onto my webmail on the old server i can send and eicar.com file to my account on another domain and it is not being stopped either from the virus scanner or from the banext in my config file but do i send it from my mailclient it works ok -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Matuska Sent: 12. august 2003 22:02 To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] problems when testing a new server Are you running the same versions of Imail and declude on each server, I seem to remember something a while back about needing a later version of Imail or Declude to catch webmail based virus attachments. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: ISPhuset Nordic AS [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 12:41 PM Subject: [Declude.Virus] problems when testing a new server Have sett up the server in the exact same with one exception on the old server i use f-prot312c on the new server i user f-prot314a_m when i run a test with eicar.com on the server localy in webmail it slips through when i have i only the on demand scanner installed copy of config # # Declude Virus configuration file # CODE6F4B90A4 # The in the LOGFILE option gets replaced with the month/date LOGFILE E:\virus\vir.log LOGLEVELMID CONSOLE OFF # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. SCANFILEC:\f-prot\fpcmd.exe /TYPE /SILENT /NOMEM /NOFLOPPY /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 #VIRUSCODE 8 REPORTInfection PRESCAN ON # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'virus' (\IMail\spool\virus). VIRDIR E:\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. #MAXATONCE 1 ## The following options allow you to limit scanning to only incoming or outgoing # E-mail, with v1.13 and higher. If they are commented out (# in front of them), # Declude will scan all E-mail. #INCOMING ON #OUTGOING ON BANEXT COM BANEXT PIF BANEXT EXE BANEXT SCR BANNAME message.zip when i turn on the real time protector i cant attatch the eicar.com file deny it just at is should Any good ideas here --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] problems when testing a new server
Are you running the same versions of Imail and declude on each server, I seem to remember something a while back about needing a later version of Imail or Declude to catch webmail based virus attachments. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: ISPhuset Nordic AS [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 12:41 PM Subject: [Declude.Virus] problems when testing a new server Have sett up the server in the exact same with one exception on the old server i use f-prot312c on the new server i user f-prot314a_m when i run a test with eicar.com on the server localy in webmail it slips through when i have i only the on demand scanner installed copy of config # # Declude Virus configuration file # CODE6F4B90A4 # The in the LOGFILE option gets replaced with the month/date LOGFILE E:\virus\vir.log LOGLEVELMID CONSOLE OFF # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. SCANFILEC:\f-prot\fpcmd.exe /TYPE /SILENT /NOMEM /NOFLOPPY /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 #VIRUSCODE 8 REPORTInfection PRESCAN ON # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'virus' (\IMail\spool\virus). VIRDIR E:\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. #MAXATONCE 1 ## The following options allow you to limit scanning to only incoming or outgoing # E-mail, with v1.13 and higher. If they are commented out (# in front of them), # Declude will scan all E-mail. #INCOMING ON #OUTGOING ON BANEXT COM BANEXT PIF BANEXT EXE BANEXT SCR BANNAME message.zip when i turn on the real time protector i cant attatch the eicar.com file deny it just at is should Any good ideas here --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] problems when testing a new server
That fixed it thanks a lot -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: 12. august 2003 22:47 To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] problems when testing a new server with the new engine and using f-prot.exe and sending from my outlook client i get a virus warning and its ok but doing the same with fpcmd.exe it get caught of the banext This sounds like a separate issue -- the command lines for F-Prot.exe and fpcmd.exe should be identical *except* that you must not use /NOFLOPPY with fpcmd.exe, but you must use it with F-Prot.exe. If you use /NOFLOPPY with fpcmd.exe, it will not work. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] problems when testing a new server
ahh that explains a lot thought for a moment here it was my scanner messing with me -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: 12. august 2003 22:27 To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] problems when testing a new server do i send an email from webmail opened on a terminal session, and sending eicar.com out in the world it will NOT trigger any of the options witch are in the virus config file f.ex banext Why ? That's because in versions of IMail before v8, they set it up so that outgoing E-mail from web messaging would not get scanned. It is extremely rare, however, for outgoing web messaging E-mail to contain a virus (it can only happen if the sender has a virus on their computer, intentionally attaches a file, that happens to contain a virus, and it is an executable file). If you have an on-access virus scanner scanning just the \IMail\spool directory (but not the subdirectories!), then the virus will get caught when it is uploaded (you'll need to double-check that your version of IMail stores the attachments in the \IMail\spool directory while they are being uploaded, however). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.