I am seeing exe files getting by Fprot and triggering my banned EXE rule
the attachments are
archive.doc lots of spaces .exe
what is the declude virus submission addy?
What does the Declude Virus log file say for one of those?
You can send it to the declude.com virustrap@ address, although it is
Is it not true that EXEs in zip files are inert until opened by the user?
We don't ban EXEs in zips because our users sometimes need to receive EXE
files, but we constantly remind them to not open anything that is not
verified (content expected from the sender).
What do most admins do about
here is the log entry, I see the EOF, its probly corrupt. Weird thing is
that they are coming from somewhat legit addresses.
Actually:
10/22/2004 10:23:08 Q17c7227e008410aa Banning file with exe extension
[application/x-msdownload].
This line shows that Declude Virus detected that it was an
I ban EXE files so it was held in the virus folder one one of my gateways.
Rick Davidson
National Systems Manager
North American Title Group
-
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, October 22, 2004 12:50 PM
Subject: Re:
Well, if the virus is forging the from, a user receives the zipped file,
sees it is from [EMAIL PROTECTED], says to himself hey, I know Joe, he
must have sent me a joke, opens the zip and away we go.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
Does anyone else agree using the 32 bit command line scanner is better
than the dos?
Thanks,
Chris Patterson, CCNA
Network Engineer
-Original Message-
From: Douglas Cohn [mailto:[EMAIL PROTECTED]
Sent: Friday, October 22, 2004 2:39 PM
To: [EMAIL PROTECTED]
Subject: RE:
Yes
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Chris Patterson
Sent: Friday, October 22, 2004 12:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] MyDoom.o's slipping through.
- Original Message -
From: Chris Patterson [EMAIL PROTECTED]
Does anyone else agree using the 32 bit command
line scanner is better than the dos?
Absolutely! If you have it available to you (meaning you have the Windows
version of F-Prot), using it will provide a nice performance
trying to install declude hijack on spooler server.
virus and spam not installed here just hijack
IMHO
Problem arises on first run of declude.exe via command prompt
C:\IMaildeclude
Declude 1.81 (C) Copyright 2000-2004 Computerized Horizons.
argc2
First time running... installing...
C:\IMail
1. Did configure logging in the hijack.cfg file?
2. Where is it logging to?
3. Of course the SMTP service is running, otherwise no e-mail would come in
or out.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
John Tolmachoff (Lists) wrote:
1. Did configure logging in the hijack.cfg file?
CODEC3Fx
LOGFILE spool\_hiJack.log
LOGLEVELLOW
2. Where is it logging to?
3. Of course the SMTP service is running, otherwise no e-mail would come in
or out.
Correct I use
John Tolmachoff (Lists) wrote:
Is Deccon.exe in the \imail folder?
yes it is in the base imail folder.
Do I need the global.cfg file?
I would not think so since this is not running the virus scan.
This is really nuts.
I am sure I have everything in place correctly.
Greg
John Tolmachoff
Is Deccon.exe in the \imail folder?
yes it is in the base imail folder.
Do I need the global.cfg file?
I would not think so since this is not running the virus scan.
Now that is a interesting question.
It might need to be.
Imail hands the message to declude.exe.
Declude.exe checks to
trying to install declude hijack on spooler server.
virus and spam not installed here just hijack
IMHO
Problem arises on first run of declude.exe via command prompt
C:\IMaildeclude
Declude 1.81 (C) Copyright 2000-2004 Computerized Horizons.
argc2
First time running... installing...
What I would
14 matches
Mail list logo