Scott:
Using SKIPIFFORGING means we don't have to keep adding
SKIPIFVIRUSNAMEHAS to the eml's for each new forging virus, right???
Can we then remove the SKIPIFVIRUSNAMEHAS lines?
What specifically do we put in virus.cfg and/or the individual eml's?
(Manual doesn't address it yet and archive
Using SKIPIFFORGING means we don't have to keep adding
SKIPIFVIRUSNAMEHAS to the eml's for each new forging virus, right???
Can we then remove the SKIPIFVIRUSNAMEHAS lines?
Correct -- *if* you are running the latest beta.
What specifically do we put in virus.cfg and/or the individual eml's?
Just
Is there a quick way that I can suppress the notifications being sent to the
sender... and the sender's postmaster
The options are:
[1] Upgrade to v1.77, which automatically supresses them, or
[2] Delete the \IMail\Declude\sender.eml and
\IMail\Declude\otherpostmaster.eml files, or
[3] Manually
Scott - did you ever find these guys? They still don't get it...
-Original Message-
From: Postmaster [mailto:[EMAIL PROTECTED]
Sent: Friday, January 30, 2004 10:08 AM
To: [EMAIL PROTECTED]
Subject: Your mail server sent us a virus
The Declude Virus software on our mail server detected
Scott,
Are multiple scanners run in series or concurrently?
Thanks,
Chuck Frolick
ArgoLink.net
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL
Scott,
Am I correct that if we don't have a current service agreement then we can't
upgrade to any version above 1.75?
Thanks,
Dan
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 30, 2004 10:39 AM
Subject: Re: [Declude.Virus]
ok not really, but I think is comical.
I get the following as an unsubcribe message fromm a list I never subscribed to...
funny. Look at the body, it definately was from the doom...
it did have the z i p attached with the message sent to me informing me of the
unsubscribe
bob
On Thursday,
Am I correct that if we don't have a current service agreement then we can't
upgrade to any version above 1.75?
It depends on when the Service Agreement expired. You are entitled to run
any version that is released while your Service Agreement is
active. Although we prefer that people run the
Are multiple scanners run in series or concurrently?
They are run in series.
Since the virus scanners typically use up as close to 100% of the CPU time
that they are given, if we switched to running them in parallel, an
improvement would only be shown on servers with multiple
processors.
Scott - did you ever find these guys? They still don't get it...
Received: from prudentialrand.com [65.160.6.2] by mail.toplineus.com with
ESMTP
(SMTPD32-7.07) id A36A225A007C; Fri, 30 Jan 2004 10:08:26 -0500
We're still trying to track them the toplineus.com people.
Scott,
The current version number that we are running is 1.75. Our service
agreement expired on 12/31/03. What is the highest version number we can
upgrade to?
Thanks, Much!
Dan Geiser
[EMAIL PROTECTED]
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
The current version number that we are running is 1.75. Our service
agreement expired on 12/31/03. What is the highest version number we can
upgrade to?
The latest beta, v1.77, was released in December so you are entitled to run
that version if you wish.
If they are run in series, then wouldn't it be best to run the next
scanner only if the previous scanner passed? In other words why scan the
email again if it already failed one of the scanners?
Thanks,
Chuck Frolick
ArgoLink.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
If they are run in series, then wouldn't it be best to run the next
scanner only if the previous scanner passed? In other words why scan the
email again if it already failed one of the scanners?
The logic behind that is the only a small fraction of E-mail contains a
virus. Since the majority of
Scott,
I have had at times, with both scanners (up to date sig files,
both catching mydoom) taking a pounding (we are getting mydoom.a in 1
every second), when Scanner1 (f-prot) would pick up the virus and
Scanner2 (InoculateIT) would not show anything, and at other times
Scanner1 would
Scott - did you ever find these guys? They still don't get it...
I finally got a hold of someone there. It looks like they will fix the
problem, but I just have to convince them first that it wasn't really
someone on your server that sent the virus. :)
Scott,
During virus outbreaks like this one, having the second scanner not run
when the first detects a virus would be a big processing saver. My
server was probably averaging about 5 times the normal processing load
in the last 3 days, catching a virus on average about 1.5 times a
minute.
The best of both worlds approach would be to allow for a switch,
SKIPIFFOUND ON. Removing the second scanner isn't a good option as
variants can come at any time and both F-Prot and AVG lagged badly on
picking up both Mimail.s and MyDoom.b.
We will look into adding an option like this.
18 matches
Mail list logo
