If Scott would chime in here and say DON'T worry Doug these people know
their stuff, you are in good hands. I would order a renewal. But he left.
I'm not completely gone. :)
Everyone does things differently, and I knew when I sold that company that
the new owners wouldn't do everything
The past few days I am occuring a lot of these type errors in the virus log:
02/18/2005 06:03:21 Qcb35092800dc91ac Couldn't open headers datafile
This indicates that something happened to the D*.SMD file, which contains
the E-mail body. If you are running an on-access virus scanner, for
Continue to see a lot of these type things, at times, the only to aid
the situation is stop/restart the Queue Mgr/SMTP
If stopping/restarting the Queue Manager and/or SMTP fixes the problem, it
is almost certainly an issue with IMail. In this case:
02/18/2005 11:44:11 Q1b37039c00b25045
This has been hashed out before and I checked the archive. I cannot get my
installation of declude to work.
This is my config:
C:\scanners\fprot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=3 /NOBOOT /DUMB
REPORT=report.txt
That should be /REPORT=report.txt (with a / in front of it). Without
the
Will this help?
Yes:
=_Next_Part_04_Feb_2005_14.41.20
Content-Type: application/octet-stream; name=2458.pdf
Content-Disposition: attachment; filename= 2458.pdf
Content-Transfer-Encoding: base64
The issue here is that the 2nd MIME header in this section has a space
after the
Yes, we have a PF gateway on the front end. I thought of that
originally but PF doesn't do anything to modify messages that get past
it's basic blocking.
Are you positive? I've seen PF modify E-mail headers, such as adding a
Message-ID: or Date: header if one isn't present in the original
RSP As far as I can tell, Declude Virus is handling this properly. The
E-mail
RSP is plain text, and therefore should not be scanned.
But the exact same email is getting scanned by Andrew. Do you see any
difference in the log files that would give a clue?
Do you have a gateway in front of your
DS Is 1.82 out? If so, do we need BANERAR like BANEZIPS?
Ok, I checked the Junkmail list and it looks like Declude is at 1.82
based on the messages but I didn't see an official notice. 1.82 is
not an option to download when I logon to Declude's site.
1.82 was released earlier this month; it
BANEZIPEXTS ON
Then I repeat my list of banned extensions using:
BANEXT BAS
BANEXT BAT
etc, etc.
By my understanding, this will ban these extensions by themselves,
ban these extensions when found within encrypted .zip files, NOT ban
these extensions from within normal .zip files and with 1.82
In fact, I wonder if Declude 2.1 could use those libraries to unrar files
to look inside RAR archives?
How about 1.82? :)
1.82 will treat encrypted .RAR files the same as encrypted .ZIP files, and
will block banned file extensions in .RAR files the same way as it blocks
banned file extensions
What would the following indicate:
01/21/2005 15:04:06 Q5df1239b014af8b3 Error 183 creating temp directory
F:\IMail\spool\D5df1239b014af8b3.vir\.
That indicates that the F:\IMail\spool\D5df1239b014af8b3.vir\ directory
already exists. Declude Virus uses that as a temporary directory. Most
Well - it is my understanding that there is now an automated Setup again
and people have either been reporting (or possibly only speculating?) that
it might fiddle with my carefully laid out configuration files and or
message templates.
Yes. That was due to a bug in the install program.
It was
I'm sure you have been watching this thread. Suggestion: if Declude is
determined to use only the install program, have person responsible for it
add an option to update only -- copying over the old declude.exe and leaving
the configuration and eml's intact. (I haven't used the install program,
Just upgraded to 2.0B, and declude stoped working
When running -diag I am getting a strange line:
Declude v2.0b key request on MAC 000E7F2E754C.
What is this key request ?
For the next release, we are looking at having activation codes handled
automatically.
Why is declude not working ?
I
I had the same problem with 2.0b not working. E-mails kept piling up in the
spool. Cycled queue manager, emails went through, unchecked by Declude.
We are aware of an issue with 2.0b where this could happen; we are awaiting
more information to resolve the problem.
Is there a way to remote the footer:
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
from emails to just one domain? We have one account forwarding alerts to
a cell phone, and with the length of the footer, all messages split into 2.
No -- the FOOTER option in
I turned if off and it still got through.
This test message contains:
Test #17: Eicar virus hidden using the CR Vulnerability (attachment can be
opened by all versions of Microsoft Outlook and Outlook Express)
...
I just checked this one, and it got
[1] Phishing E-mails were sometimes not getting caught. This is beyond the
scope of Declude Virus, as those are spam, not viruses. However, if your
AV program can detect phishing E-mails, you can easily get it to work with
Declude Virus by making sure not to use the PRESCAN ON option in
But the Mcafee DOES detect the Virus string in the SMD file., But
declude reports no virus.
(This is for test #17)
Declude Virus doesn't detect a virus, because there are no vulnerabilities
in the E-mail (despite what the test description says).
McAfee does not detect it when called by Declude
Also, does Declude recursively unpack MIME segments, if one of the
attachments is itself a .eml file or .smd file, would any attachments
inside it be unpacked and the scanner(s) called on those?
Yes.
-Scott
---
Declude JunkMail: The advanced
So Declude doesn't actually Send the SMD file to the Scanner..
Correct.
It takes the Message Body, wirtes it to a Tmp File, and then scans it?
Why not just scan the SMD file , Headers and All ?
Because very few AV programs can read a .SMD file. They make their big
bucks by selling mailserver
Scott, what do you get for test #22. Some have reported it caught
while others haven't. My F-Prot config is:
It's caught here.
Unfortunately, I can't find any information on that vulnerability, so I
can't explain why it might or might not get caught.
I am trying to upgrade to 2.0B
Getting an error of:
Error copying file to taret directory
With status at removing backup files
The best thing to do here would be to E-mail [EMAIL PROTECTED] -- the
person responsible for the install program should be able to figure out
what the problem is.
Scott, can you shed some light on why this might be?
With Declude Virus, you can send out as many notifications to as many
people as you want -- some people have a dozen or so notifications.
To do that, Declude Virus sends out any \IMail\Declude\*.eml file (that
isn't used by other Declude
I hope that what you're assuming is NOT true. Given that Declude Virus
unpacks all of the attachments and calls your antivirus scanner(s) on
the unpacked attachments, I would expect that the BAN option takes
effect based on that MIME decoding, so that it sees the correct
filename.
The problem
Given this information is it possible to supress the Universal Footer which
is attached to all e-mails which are scanned by Declude Virus for just one
domain or set of domains? Including incoming and outgoing e-mail?
Yes and no. :)
Unfortunately, the Declude Virus FOOTER option is global, and
We run Declude Virus Standard with F-Prot and I am unsure whether a
forwarded message is scanned.
If an infected message is sent to a domain which is NOT set up for virus
scanning, but is then forwarded to a domain which IS in the Virus_Domains
list, will it then be quarantined?
The way that
Hmmm, I thought that since Declude Virus does the decoding and scanner
calls, that you might be interested it testing this yourself...
Yes. That's why I tested it, and found that Declude Virus is decoding the
attachments properly, and found a very plausible explanation as to why
ClamAV isn't
Has anyone found out anymore about this issue? Is it related to Imail and
Declude users only?
There is no indication that the issue affects Declude users (aside from the
fact that all Declude users are currently using IMail).
-Scott
---
Declude
Nope, in my testing of three command-line scanners, the attached test.txt
file contains the minimum needed to detect the file as containing a virus
(copied your virustrap address, as well, in case this gets blocked to the
list).
It certainly does.
The question is whether the AV program is
If the virus scanner were at fault (because of a decoding issue) then I have
to ask again, why can TrendMicro detect the virus when scanning the raw
D*.SMD file, but not when sent to it by Declude Virus?
You would have to ask them. Declude Virus is decoding the E-mail properly.
My guess is that
Scott, attached is the raw source of this BOFRA.B message, it looks like
HTML to me. In fact, when I scan the D*.SMD file from the command-line,
TrendMicro identifies the file as HTML_BOFRA.B and ClamAV as
HTML.Mydoom.email-gen-1.
What does the Declude Virus log file show for this E-mail?
Attached is the log output for the message I forwarded to your virustrap
address.
It looks like everything is working fine. My guess is that the virus
scanner will only try to detect the phishing E-mails if it gets the entire
E-mail file (including headers), perhaps as a precaution to help
Scott, we have the following entry in our virus.cfg files on both of our
IMail/Declude servers:
SCANFILE2 C:\Progra~1\Trend\Sprotect\vscantm.bin /NBPM /NM /NB /NC /Q
/VSTEMP=m:\temp\ /LR=report.txt
VIRUSCODE2 1
REPORT2 Found
I also have: PRESCAN OFF
However, this particular PayPal phishing
As you can see, Declude is seeing the exit code as 0 from both scanners.
How is the file changed when scanned by Declude Virus versus when scanned
manually by TrendMicro that would cause TrendMicro to report the file
differently?
Declude Virus won't send the text section to the virus scanner, as
Downloaded F-Prot 3.16 yesterday and changed our configuration accordingly
(I think). I've got something messed up. Not detecting viruses.
Did you switch from F-Prot.exe to fpcmd.exe? If so, you'll need to remove
the /NOBOOT switch from the SCANFILE line in your virus.cfg file.
The log
Did the removal of the /NOBOOT switch just start with the 3.16 version? I
still have this in my fpcmd.exe line. It also shows that switch on the
Declude Online Manual.
It's the /NOFLOPPY switch that must be used with F-Prot.exe and must not be
used with fpcmd.exe.
/NOBOOT can (and should) be
I made the required changes but now suddenly get the following in the VIRUS
log:
11/24/2004 11:46:20 Qc8de001001d4d5de 1 [1 of 2 not deleted] files were
deleted. You should not use an on-access virus scanner that scans the IMail
directory or sub-directories.
This means that either [1] You're
Here are the relevant lines for the config file:
SCANFILE C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=3
/NOBOOT /NOFLOPPY /DUMB /REPORT=report.txt
VIRUSCODE 3
VIRUSCODE 6
REPORT Infection:
Those log file entries appear correct; have you triple-checked that you are
not
Here is the output of the diag:
That shows that there is no on-access scanner interfering.
Is the SCANFILE line all on one line (starting with SCANFILE and ending in
report.txt)? Are there any errors/warnings in the log file?
-Scott
---
Any ideas on how I might change my configuration so this doesn't happen?
Have you tried uninstalling and reinstalling? If I recall correctly, old
versions of F-Prot that were installed with the RealTime Protector had to
be uninstalled and then re-installed with the RealTime Protector disabled
I'm using Imail+Declude as a anti-spam+virus smtp-relay in front of my
exchange server. It seems to me that when I use the ATTACH options every
message gets a message-id [EMAIL PROTECTED]
I suspect that causes some strange issues at my exchange server - at least
when I use message tracking.
I did as Scott recommended and turned off prescan; but afterwards I
noticed in the clam logs that ClamAV had caught phish previously with
prescasn ON sooo why would you think that is so? eg - I guess what
I'm asking is will ClamAV reliably anti-phish to its capability with
prescan on?
PRESCAN
I have a filter I use for a whitelist which I give a negative weight to for
certain e-mail addresses. Is there a limit of the amount of addresses that
can be put into a whitelist?
There is a limit of 200 WHITELIST entries in the global.cfg file for
Declude JunkMail, but the filters can have an
I've been getting some infrequent Declude bans of EXE files with little or
no size that the sender's system must have stripped out the virus portion.
Looking through my reports, I note I have never seen an Invalid EXE
vulnerability. I see Invalid BAT, COM, CPL, PIF and SCR.
Is there such a
Hi, on my mail server I use:
Imail, 7.15
Declude, 1.60
NetShield, 4.5
.. I have excuted again the test from testvirus.org but now failed test 17
and test 20.
I'm guessing NetShield is the problem.
For test 17:
Test #17: Eicar virus hidden using the CR Vulnerability (attachment can
be opened by
.. but if I use OE 6 with all patchs installed, this vulnerability (17 and
20) they are a problem or no ??
You would have to ask Microsoft. E-mails with the Outlook
vulnerabilities will affect at least one version of Outlook. However,
nobody that I know of is keeping track of which
We are running Declude Pro with Fprot and we see a lot of viruses getting
through with the attachment of Joke.com, Joke.exe, Price.com - Anyone else
seeing the same thing? It appears to be the beagle variant.
Are you running a recent (within the past few months) version of F-Prot
(.exe file)?
Now the F-prot update is arrived also here. Catching it as Bagle.AP from
12:30 GMT+1 on.
Mcafee is catching it as Bagle.bb from 13:05 GMT+1 on.
But I still can't understand what's happened with the Unknown virus
string...?
The problem is that F-Prot was detecting it as a suspicious file
Thanks for the clarrification. Is there anything we can do against this or
would it be possible to have some fix for future releases?
Something like SKIPIF... ISBLANK
I expect that we will change the code to treat these as forging, so
SKIPIFFORGING would catch 'em. We could also add a separate
Different actions for different attached file extensions
So I can delete PIF, SCR, CPL without review.
(I have to review EXEs)
Or is this possible now ?
There isn't any way to do that now, but that is something that we will look
into.
-Scott
When using the MAILBOX action for test failures, we have noticed that
forward or alias addresses do not get sent to the spam folder but actually
get delevered to the main inbox. Do we have something configured wrong or
is there way to fix this or are we stuck with it?
That's just how IMail
I sent a e-mail from a customer site to myself with a regular ZIP file
attached. I received the following message back...
Are you running Declude v1.81? If not, you should -- some previous versions
would detect some technically invalid .ZIP files as being encrypted .ZIP
files, even though they
It seems to me I should not be collecting viruses in the spool/virus
directory when I have DELETEVIRUSES ON.
Yet I am collecting them there.
Any way to stop this?
The DELETEVIRUSES ON setting only deletes E-mails where a virus is
detected. Declude Virus does not have a way to automatically
If you haven't called yet to register concerns/complaints about the changes,
please do so. Since the collaboration product uses Imail as a component,
there is nothing irreversible in Ipswitch's current decision. If enough
current customers call to let them know that are NOT in the group asking
Q06634053002e6803 Error 183 creating temp directory
F:\IMail\spool\D06634053002e6803.vir\.
10/25/2004 10:26:26 Q06634053002e6803 Scanned: Error starting scanner
That error means that the .vir directory already exists -- this will happen
if IMail accidentally calls Declude multiple times.
We are backing up in our Queue of about 8000 emails and we
started seeing the below messages as well:
Q08b8153d00e2843a Couldn't rename SMD to SM$ [32]. Priority back to 32.
ERROR: Could not open recip file F:\IMail\spool\_08dc4c3a0030129f.~MD
[2]
Are these related?
It almost certainly
You have been strangely quiet. Are you in shock or formulating a plan --
hopefully the latter?
Although I will admit to shock (disbelief would be a more appropriate term)
when I first heard about this. I didn't think that Ipswitch would actually
do it. But they did.
As for formulating a
A client reguarly receives a passworded .zip file. A similiar file is
batch sent to 100's of others - the sender cant/wont change the way they
send these files.
That would have been fine -- until March, 2004, when there was yet another
change to the way E-mail needs to be handled. If they
I am seeing exe files getting by Fprot and triggering my banned EXE rule
the attachments are
archive.doc lots of spaces .exe
what is the declude virus submission addy?
What does the Declude Virus log file say for one of those?
You can send it to the declude.com virustrap@ address, although it is
here is the log entry, I see the EOF, its probly corrupt. Weird thing is
that they are coming from somewhat legit addresses.
Actually:
10/22/2004 10:23:08 Q17c7227e008410aa Banning file with exe extension
[application/x-msdownload].
This line shows that Declude Virus detected that it was an
trying to install declude hijack on spooler server.
virus and spam not installed here just hijack
IMHO
Problem arises on first run of declude.exe via command prompt
C:\IMaildeclude
Declude 1.81 (C) Copyright 2000-2004 Computerized Horizons.
argc2
First time running... installing...
What I would
I have had two reports in the last 2 days about a virus coming through.
The customer forwarded these to me on an Exchange mailbox using Mcaffee
which identified them as MyDoom.o. Tracing the Logs, they were scanned
and Deemed Virus Free using Prescan.
Given that it is in a .ZIP file, and you are
So why put them in the virus folder?
There is no way (that I know of) to requeue these messages?
Requeueing them is easy; copy the D*.SMD file and matching Q*.SMD file from
the \IMail\spool\virus directory to the \IMail\spool directory.
... Or fix the vulnerability...
You probably could do
I am having files blocked since upgrading to 8.1 with this log:
Q59b21fa60030b5ea Banning .ZIP file with EXE extension.
Is this a self-extracting Zip or zipped .exe? This was a firmware
upgrade from Linksys.
That's a .ZIP file with an .EXE file in it. If you use BANZIPEXTS ON
(which says to ban
It seems that DELETEVIRUSES ON isn't working in Declude Virus 1.81
I have it set to:
DELETEVIRUSES ON
In my virus.cfg but they're staying in my E:\IMail\spool\virus folder.
That is by design. Viruses are getting deleted, other E-mails
(vulnerabilities and banned file extensions) are not,
I am running a dual 2.4HT 533 xeon with 1gig 2100 and 73 gig 10k sata
drives. We process about 200k messages a day and I am starting to get
complaints about slow delivery. As well we are running around 85% to 100%
CPU util across the board now on Win2003.
One quick thing to check is to make
I also put the eicar.com in the in every drive and in any Imail directory
to see if it would delete it and 12 hours later it is still there and no
pop windows have shown up.
That's the information we were waiting on.
That means that there is almost certainly no on-access scanner running,
which
Typing to fast I guess. I did make the change but it didn't help.
To get a better idea of what is happening, you can use the Declude debug
mode. To do this, change the LOGLEVEL LOW line in
\IMail\Declude\virus.cfg to LOGLEVEL DEBUG. Then, send the test
eicar.com file through (using our Test
Since switching to version 1.80 and subsequently 1.81, I get the following
messages in my virMMDD.log file:
That's due to the \IMail\Declude\hijack.cfg file -- it looks like a bug in
the install program caused the Declude Hijack config file to be installed
whether or not you run Declude Hijack.
Now this morning, we get a W32.Netsky.P.dam virus via a data.zip file. I've
submitted everything to F-Prot, but I'm surprised that it didn't catch these
things. UGH!
The .dam means damaged, another term for a corrupt, non-viable
variant. Since these are harmless, many AV programs do not
Will the new version of Declude install by running the declude_setup.exe
properly or do we update the old fashion way?
You can update either by running the install program (.exe) or the old
fashioned way (copying the Declude.exe file to the \IMail directory).
I got the following notice from Everyones Internet (ev1.net)[I listed the
headers also]. Now I know that the mydoom virus spoofs the sender email
address. But why would I get a notice from them about an email that is
being sent to one of my customers at PepperLink.net. Little confused here.
I never installed 1.80 after reading some of the jpeg issues on this list.
Now, I see 1.81 is out.
Have the false positive issues been resolved?
Yes. There have been no reports of false positives in the 4 days the new
code has been available, nor do we expect that there will be any.
I'm
The autoforge option in declude virus, what port does it comunicate on?
Need to make sure it's open.
It uses DNS packets (in an almost identical way to spam database lookups),
so no port changes need to be made.
Also, our to declude programmer guys...I don't know about the feasibility,
how
How do I install an interim version of Declude? Just replace the
declude.exe file?
That is correct.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection
I read the thread about this, but I didn't determine the final
conclusion. Does F-Prot 3.15b break Declude virus?
I'm not aware of it breaking Declude Virus.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
Since upgrading to 1.80 I am seeing many more Invalid CPL Vulnerabilities.
Is this just timing or is there something different for these vulnerabilities?
The interesting thing about these is that they are coming from spoofed
senders multiple deliveries at a time.
The Invalid CPL Vulnerability
I wonder though:
I added a vulnerability.eml
and have
ONLYSENDIFVIRUSNAMEHAS JPEG Vulnerability
I assumed that the virusname would have to have JPEG Vulnerability, both
words, is this the case?
Correct.
-Scott
---
Declude JunkMail: The advanced
Now that 1.81 is released what is the recommendation by DECLUDE (SCOTT)
regarding the config file.??
IE do we allow the AV software to scan jpegs by removing the line
SKIPEXT JPG
or do we allow Declude to take care of it completely .
That's up to you.
In theory, it shouldn't be
I'm getting an error in my vXXX.log file:
10/01/2004 13:46:27 Qc22200bc00b6e28c Couldn't find console; starting... (2).
10/01/2004 13:46:27 Qc22200bc00b6e28c Error starting deccon.exe: 2
This one is because you have a line CONSOLE ON in the virus.cfg file,
which tells Declude to run the
I didn't have anything after the LOGFILE and LOGLEVEL (no mention of
CONSOLE at all). So I've added a CONSOLE OFF line after that. I don't
have Hijack, so I assume this is the way to get around the error?
Do you have a CONSOLE ON line in your global.cfg file? It's possible
that that could
Can we advise anyone sending pictures from a MAC to zip them? Change the
extension? Would either solution bypass the scanning?
Changing the extension or zipping them would bypass the scanning.
-Scott
---
Declude JunkMail: The advanced anti-spam
When you release next fix, can you add the ability to disable this test from
inside of declude and rely on the AV software?
We probably will, but there should be no legitimate reason for JPEGs to
contain the exploit.
The issue is that Microsoft's algorithm for detecting them was bad. Our
I upgraded Declude to 1.80 two days ago.
Today IMail has been logging the following error:
09:30 14:46 SMTP-(0714) ERR 005 - Send message thread exception handled
I wonder if that error could be related to Declude new version.
That shouldn't have anything to do with Declude. However, to be
How about adding per domain too.. for the pro..
DOMAIN FILEX.CFG
and in x.cfg have the standard:
Skipext, Banext, Prescan, Ban Options, Footer, Delivererrors,Delete
options, which overwrite the standard
settings in virus.cfg just for that domain.
We do have enhanced
I thought it might be because of these errors in the Declude Virus logs -
the first line occurs 25 times or so, then the Time Out -
log snip
ERROR: Could not move virus-infected E-mail! Code: 3 0
Are there other numbers on that line?
That line indicates a Windows Path not found error, which
And not to upset anyone, how long does it take
it to make it to production or beta?
I noticed this has been in the Suggestion Database for
almost two years.
It is important to realize that the suggestion database is not a list of
features for the next release. It is as the name implies -- a
09:30 11:15 SMTP-(07DC2889) processing d:\IMAIL\spool\Q22f30bf500ec93c4.SMD
09:30 11:15 SMTP-(07DC2889) ERR 005 - Send message thread exception handled
I would recommend letting Ipswitch know about this (assuming you are
running the latest version of IMail) -- it appears to be an issue with
After troubleshooting I find that there is just one particular email with an
special format that makes the queue manager crash. First time I have seen
that happens in our server. will you be willing to take a look at these
files (header file and Queue file) to see if there is something special
I had a JPG held by declude as:
X-Declude-Virus: Detected [Microsoft GDIPlus.DLL JPEG Vulnerability].
However, this was a JPG sent from one of my users to another. I seriously
doubt it was infected with anything. The only thing was that it was sent
from a MAC.
User-Agent:
Could someone please explain what this Microsoft GDIPlus.DLL JPEG
Vulnerability is?
It is the most serious exploit ever discovered that viruses can use.
Specifically, it allows viruses to spread in JPEG files, something nobody
previously thought possible. Fortunately, it only can work on
It seems to me that if the PC is infected, that every jpg they send by email
also contains the vulnerability - correct?
It isn't yet known what viruses using this exploit may do. It might send
out E-mails directly, attach itself as JPEG files to E-mails being sent out
manually, etc.
Same here. Is there a way to make f-prot w\Declude catch these?
The latest release of Declude Virus will automatically detect the
GDIPlus.dll JPEG exploit.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
Which one is considered the latest.
Unless otherwise specified, latest refers to a beta or release. In this
case, it is specifically the v1.80 release.
Is that the mysterious latest interim 20 that end-users have announced on
this list?
There's nothing mysterious about interims. We do not
Yes Scott, thank you for updating Declude as well. I would prefer to have
notifications of new releases go out ASAP to the lists, so that we as
customers can decide if they are a priority to get installed...
I agree. :) If I had been the one deciding, I would likely have notified
the lists
I used the label mysterious because people (like me) had been highly
anticipating the JPEG detection feature - and today we learn purely by
accident that there are new interim and release releases.
FYI, there was no new interim. Someone went to the URL to get an interim,
saw that it wasn't what
Would it be possible for these vulnerabilities to have a notification email
associated with them, like banned files? Correct me if I'm wrong, but I
don't believe there are any notification possibilities with these currently.
Actually, they are treated the same as viruses, as far as notifications
It would be nice to have more granular control over this, though...to
perhaps only send for particular hosts, IPs, or email addresses in response
to the existing criteria for virus name and vulnerability.
There are many such options -- for example, ONLYSENDIFRECIP,
ONLYSENDIFSENDER,
Without blocking all .JPG files, nothing. The problem is that there is a
lack of information on how to detect such .JPG's.
You can find details about the exploit at
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
Thanks for the URL -- although good 'ole Microsoft does specify
1 - 100 of 1188 matches
Mail list logo
