Does the message unknown host mean anything else than that the DNS did not
locate the remote server adress ?
I am getting the error below for many remote recipients at adresses of type
@x.dti.bollore.com
when i try to query DNS used by imail, i do get a valid mx hostaname and
adress (see below)
I'm getting many Unknown Virus virus in Unknown File.
Could anybody tell me what kind of virus is this?
Do you mean:
'I'm always getting Unknown Virus virus in Unknown File'?
If you are always getting it, then there is a configuration issue (if you
either E-mail me your virus.cfg file, or
I looked at the Declude Queue documentation but I am not sure if I
understand if it is part of Delude 1.53? Do I need to do anything to
activate it?
Yes, it is part of Declude 1.53. You do not need to do anything to
activate it -- it will run automatically.
-Scott
I have received 2 notices of e-mails failing the banned extensions
policy in the last two days.
The problem is that there is no extension is listed.
That shouldn't happen, but:
06/27/2002 10:52:01 Q50c0092b008a147a Scanned: Banned file extension.
[Prescan OK][UU: 0 0][BINHEX: 0 0][MIME: 3
I'm not sure how to go about checking for a sudden high volume of e-mail.
Is there a utility that graphs out # of e-mails on an hourly basis or
something?
Unfortunately, I don't think there is any program that will graph it
out. However, if you see that there is a problem, you can just check
Am I doing something incorrectly? I have put the following lines in my
config files:
Global.cfg
HELOBOGUS helobogus x x 0 0
Just to keep people on their toes, the test type is helovalid, so it
should be:
HELOBOGUS helovalid x x 0 0
the from adress still shows in the header
is is the forged adress?
is there a way to eliminate this?
No, that can not be changed (Declude never modifies any of the E-mail
headers). One option would be to remove the %HEADERS% variable to
eliminate the headers from the notifications.
I have
Question for Scott:
Does the new mime exploit processing work like banned extensions? Does the
message have a chance to be scanned and assigned a real virus name
before the Outlook 'MIME Header' Vulnerability name is assigned?
Yes, the virus detection will still take precedence. For
The registry entry does not even exist in Windows 2000. Is there a different
name for windows 2000 registry?
It exists on our Windows 2000 servers. It is
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\
SubSystems\Windows.
Does anybody know? I know that this is not
Having a problem running the eicar test from the Declude web page. After
I submit my selection -- error message
returns: Sorry, an error Bad file descriptior occurred.
That may happen if our web host is temporarily overloaded with outgoing
TCP/IP sessions. I just checked now, and it worked
We have had a number of requests for a mailing list that will notify people
of new releases. We have added a new mailing list, Declude.Releases, that
will receive notifications of all new versions (both betas and released
versions). To subscribe, just send an E-mail to [EMAIL PROTECTED] with
We have just released Declude Virus v1.55 (beta), at
http://www.declude.com/virus/manual.htm . Changes include:
o Adds support for E-mail with 0x1A (CTRL-Z) characters embedded in them
o Adds detection of Outlook MIME headers exploit
o Adds FORGINGVIRUS option (IE FORGINGVIRUS Klez) to replace
This just sucks!
http://vil.nai.com/vil/content/v_99522.htm
New computer virus can infect picture files
This sounds like just a scare tactic, and until more information can be
provided, should be treated as such.
Data is just data, and can NOT normally contain a virus. Cases where it
When I run a virus scan of mailboxes the scan is reporting this virus
infecting the mailboxes. Why are these getting through ...
To find out why, you'll need to open one of those mailboxes with a text
editor, such as Notepad (it is safe to open them with a text
editor). You'll need to check
Is it wise to turn on scanning for .jpg files then or is more of a waste of
time.
Until McAfee's wild claim can be confirmed, I don't see the need to turn on
scanning for .jpg files.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
What tag do I need to add to postmaster.eml that will show the MIS
number? I have a client who is deluged by Klez but cannot find which
computers are affected. Their computers were swapped out during a lay
off by their employees and unfortunately, the email programs are still
running on some
SCANFILEC:\progra~1\networ~2\comman~1\Scan.exe /ALL /NOMEM /NOBOOT
/SILENT /UNZIP
VIRUSCODE 13
Maybe I'm crazy but doesn't the scanner need to have a parameter for a log
file?
That's only used so that Declude Virus can get the name of the virus that
was detected. Without the
FYI, there is a new virus out, that Sophos has alerted us to, called
W32/Fretham-Fam (no other AV companies that was get alerts from, including
McAfee, have sent out alerts yet). This may be become widespread because
of the social engineering aspect of it -- it pretends to have a Special
I have the BANEXT and the notify working fine. My question is there a way to
send the notify email to the postmaster (me) also to let me know that
someone tried to send a banned extension?
You can have:
To: %MAILFROM%,[EMAIL PROTECTED]
in the \IMail\Declude\BANnotify.eml file, which
Can I downoload the BANnotify.eml template from somewhere?
Yes, you can download it from
http://www.declude.com/release/154/bannotify.eml . Further details on
banning file extensions can be found at
http://www.declude.com/virus/manual.htm in the Banning files based on
extension section.
It seems to also use the MIME header exploit. This is such a common virus
virus element, maybe Declude should have an option to handle it.
Let me ask you this: Do you know of any resource that gives enough detail
that Declude could check for such an exploit?
We have samples of viruses that
Has anyone ever noticed that Frisk F-Prot failed the Virus Bulletin rating?
http://www.virusbtn.com/vb100/archives/tests.xml?200206
That's quite common (Trend Micro, Panda, McAfee, Kaspersky, and Grisoft
failed, too). Typically AV companies brag when they get the 100% for any
given month.
Let me ask you this: Do you know of any resource that gives enough detail
that Declude could check for such an exploit?
Can't say I've looked very hard, that's what I have you forg.
Don't take this as any sort of a complaint, just thinking out loud. Some of
the others are catching at
Can anyone tell me what the [Outlook 'CR' Vulnerability] is and where to
fine information on it to give to the customer. I am running f-prot 3.12
as the scanner
The issue is that there is a header with an illegal character in it (a
carriage return, rather than the carriage return +
It isn't a new virus but this is the only report we've ever seen on our
system.
Search FPROT for exploit, mime, or .gen doesn't seem to show it.
Couldn't find another one since or before.
http://vil.mcafee.com/dispVirus.asp?virus_k=99273 shows that it's a generic
vulnerability that McAfee is
We have just released Declude Virus v1.54 (beta).
v1.54 adds a new configuration option SUBJECT, that will let you add text
to the subject of E-mail that is scanned. For example, SUBJECT [Virus
Scanned].
-Scott
---
[This E-mail was scanned for viruses by
Uhh I can't remember where to go to get the latest version?
You can get it from http://www.declude.com/virus/manual.htm .
And do I then just overwrite the existing declude.exe?
Yes (if you can't, you can rename the existing one to declude.bak, and then
you'll be able to copy the new one in).
Anybody else notice that all of a sudden the virus messages are stating the
old Unknown Virus virus in Unknown File?
Seems like since mid-afternoon Saturday. Everything else looks normal.
It's unclear exactly what this is -- whether it is a new virus, a mass
mailing of a virus, or something
You told me the other day how to setup up avg to work correctly, but I
mistakenly deleted that email before I had a chance to do it. What I was
wanting was to setup AVG and Declude so that it would read the virus name
in declude currently avg reads the virus and pops up a box with its name
Since configuring McAfee as a secondary scanner about a week ago, I have
noticed that it is leaving a virus directory for each virus that it
finds.
Actually, I think the problem is that you have McAfee's on-access scanner
running. Note that the 0 file (which *should* be a non-text segment of
I have verified that the on-access scanner is disabled.
It looks like the .vir directory that was left behind had no viruses in
it. The only file it had was the 0 file, which was virus-free. So if
there *was* a virus in there, an on-access scanner almost certainly deleted it.
Right now,
05/24/2002 15:00:26 Q8dc40f10019cf219 Subject: Congratulations
05/24/2002 15:21:09 Q92a10f72025eee35 Subject: Spice girls' vocal concert
05/24/2002 15:27:20 Q94130f33019c9394 Subject: Fw:Support,darling
05/24/2002 15:30:13 Q94c202a501c63f0d Subject: Eager to see you
These are all subjects of
We have an IMGate box setting in front of our IMail box and I am noticing
that the %REMOTEIP% variable is sometimes filled in with the IP of the
Postfix box and sometimes with an external (not ours) IP address.
Is this typical? Why would it be inconsistant in what it displays?
That is
ok, but my imail box is no longer listed in the MX records.
Most likely, there are some servers out there that still have the old DNS
records cached, and are sending the E-mails directly.
If that isn't the case, you can send me the headers from one of the E-mails
where an IP other than the
So for the next question: Can you add to
declude virus so I could get the IP of the remote (external) server that
delivered
the mail in this case? Or at least add it to the proposed
changes? Something like
%2NDREMOTEIP%?
There isn't any way to do that currently, but that is something we'll
We need to enable SMTP AUTH for all of our clients -- we've found some
device/person (IP) on the outside of our network spoofing emails to lists
by the few users who are authorized list posters.
However, I don't believe that will prevent people from sending mail to the
list using
Is anyone else being drove to insanity by klez?
Klez is nasty. Very nasty.
We are catching the virus, but that doesn't stop everyone else on different
Isp's thinking we are sending them because of the spoofed from address.
And that's the problem. Although Declude Virus now has the ability
We have had incidents of our postmaster account being the spoofed address
that is used.
Does anyone have any ideas how Klez is doing this?
Klez sometimes makes up addresses, by combining a known username with a
known hosthame. So if you have [EMAIL PROTECTED] and
[EMAIL PROTECTED] in your
FYI, there is a new virus W32/Yaha-C that looks like it has a chance of
spreading rapidly.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just
(IMail v6.06 - SMTP AUTH)
We need to enable SMTP AUTH for all of our clients -- we've found some
device/person (IP) on the outside of our network spoofing emails to lists by
the few users who are authorized list posters.
In order to do this, is it best that we just check No Mail Relay on the
Does anyone know anything about the W97M/Hopper.G Virus? I have a user
that says they received this via email and it was caught by declude when
they tried to resend it after modifying it. I have been unable to find
any useful information on it other than the fact that F-Prot is catching
My first thoughts were that they came from a different email account, but
the user is saying that is not the case.
What I would do is check the IMail SMTP log file to see if you can find the
E-mail in there, and then check the Declude Virus log file to see if there
is a Virus Free line (which
looking to buy junkmail pro soon, have few questions:
1- Is it as simple to install and configure as virus ? looking at junkmail
list, it seems we will need to configure tests, weights, ... Will you
offer a step by step assistance ?
It often does require a bit of tweaking, depending on your
I have just installed NetShield, (full install disabled on demand,) but
I do not see a scan.exe in the directory. I do see the scan32.exe, but
according to the virus manual, that is not the one to use for command
line.
I even ran a manual scan to see if it would create it.
You may need to do a
Wondering if it is possible to set Declude standard to allow emails from a
specific IP or email address to pass without catching and quarantining
messages.
With Declude Virus Pro, you can use the per-user settings to prevent E-mail
*to* a specific address from being scanned. It should also be
how do i find the ip address on the imail server?
You can find it in the IMail SMTP log file (SYS*.txt or LOG*.txt). It will
appear in the connect line, and subsequent lines.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
I hope someone can help me with this. I'm having a problem with Declude
letting in a virus, and only to one person.
Are you using per-user or per-domain settings that could be causing this?
It was sent to one account and gets through, but when I receive it gets
blocked.
Do you mean that it
I have been notified by a client of ours that does secondary virus
scanning on their internal server that it caught two messages that went
through our mail server.
The following message had attachment(s) which contained the viruses:
From : [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
We have just released Declude Virus v1.52 (at
http://www.declude.com/virus/manual.htm ).
It has one fix since the last beta (allowing an on-access scanner to be
used without a stub command-line scanner).
It also includes some very minor fixes since the last released version
(1.46), the
The notice says it was in an attachment called *.att. What kind of
attachment is that?
That sounds like it may be a Microsoft TNEF-encoded file (which usually
come in winmail.dat, but I believe they can also be in *.att).
-Scott
---
[This E-mail was scanned for
Virus software doesn't work. VIRus log file contains 100's of lines
telling us the registration is invalid.
That will happen if the Official Host Name of your server doesn't match the
one that we used to generate the activation code. You can double-check by
going to Host Name on the General
What is the format need to use SKIPIFVIRUSNAMEHAS
Here is how my virus scanner reports a virus:
W32/Klez.h@MM virus !!!
W32/SirCam@MM virus !!!
You need to have SKIPIFVIRUSNAMEHAS, followed by one space or tab, and
text that appears within the virus name (part of the name is OK, and it is
How does declude send notifications ?
It sends them using IMail's imail1.exe.
Can we use imail rules to delete some messages (ie: if to adress is
[EMAIL PROTECTED] ?)
I believe that the IMail rules will work on E-mail sent with imail1.exe, so
that should do the trick.
Having the same problem with Macafee. Console scanner will catch the file if
I manually scan the directory. Declude will not catch it.
Note that the Magistr.32768 required updated engines on some virus
scanners. It's best to make sure that the virus scanner engine is updated,
as well as
latest declude
latest def on F-rot an latest engine still slipping trough
F-Prot will NOT detect the Magistr.32768, even with the latest virus
definitions, if you are not running a recent scanning engine (.exe
file). I believe you need F-Prot 3.11 or higher.
Okay, the Klez notifications are driving me crazy. Where do I add the
option SKIPIFVIRUSNAMEHAS Klez to the headers? I know I need to upgrade
from Declude 1.46 to 1.51 Beta, but I'm not sure of the proper header
syntax.
All you need to do is add SKIPIFVIRUSNAMEHAS Klez anywhere in the headers
Scott or others,
how can I locate the problem ?
I can't connect to the mx server
216.72.25.226
I get the same IP for the MX record, but I can connect to it.
here is the tracert I get
1 7 7 172.16.12.1
2 23 16 208.154.200.5
3 719 696 10.0.6.1
4 867 148 192.168.230.18
5 664 -203 207.45.219.18
*
I'm using F-Prot with declude and works fine.
Today one customer said me tha the virus Klez.gen was received on his
mailbox.
It seems that F-prot (or declude) let go this virus
Do you think that's true ?
One possibility is that the virus was received from another source (such as
another
So from the information below which IP address is first received header?
Received: from mailhost1.attcanada.net [206.191.82.42] by mail.scm.ca with
ESMTP
(SMTPD32-6.06) id A87C25A70096; Thu, 02 May 2002 10:25:32 -0600
Received: from Eoqjmed ([142.154.13.134]) by mailhost1.attcanada.net
is there a variable for the following IP adress (sender)
Received: from mailhost1.attcanada.net [206.191.82.42]
Yes, the %REMOTEIP% variable will display the IP address of the remote
mailserver.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
Is there a way to add the footer to only outgoing messages?
I though this might be an easy way to put a company disclaimer in every
out going email. Unless someone else has a better way.
No, there isn't a way to restrict the footer only to outgoing E-mail.
-Scott
Here is a new one...haven't seen this in a notification before, but
virus and file name are unknown
This looks like it was caught because it was a suspicious file. F-Prot
returns a code of 8 when it detects a suspicious file, which some people
will treat as a virus (as there was a virus that
We have just released Declude v1.51 (beta). This includes another change
to ensure that mailing list E-mails are not scanned, but instead sent out
immediately.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
Scott, any reason why the /diag switch doesn't show the version anymore?
Yes -- it's now -diag.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just
Can I use Bcc: in the .eml notification files?
No, Bcc: headers will not get processed. I believe that IMail1.exe doesn't
support them.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the
But theoretically some script kiddy can send two files to his victim:
- a Virus/Trojan with renamed extension (.txt)
- a small script or program that never will e identified as a malicuos
code.
Now the victim will launch the second programm (you know there are more
then enough people doing
Any one see this one yet?
We received an E-mail from Sophos about it yesterday. They had received 0
reports about it. However, given the subject matter, I wouldn't be
surprised if it does spread.
-Scott
---
[This E-mail was scanned for viruses by Declude
Sorry if this has been answered before -- On the line with
SKIPIFVIRUSNAMEHAS, is the virus name case sensitive?? Is Klez same as
or different than klez?
No, it is not case sensitive. So you can have either Klez or klez.
-Scott
---
[This E-mail was scanned for
We have just released Declude Virus v1.50 (beta). Noticeable changes include:
o Fixes problem with mailing list E-mails being delayed
o Fixes a problem with Blank Folding vulnerability getting triggered
with RFC822 attachments
o Adds a DAISYCHAIN option to allow for
Now I don't know which address (nmiller or mmiller) Declude sends it's you
sent a virus message to. Maybe Scott can answer that, but if it is the
wrong address then sending that message to the sender could be skipped.
Declude Virus sends to the return address (from the SMTP envelope), which
in
The thing is, 655.120.133.104 is a central freight server...ergo it is
being sent from a system that I thought I had protected.
Ah, I see now. Then I would guess that your original thought may be
correct (that it was picked up from another source, such as another E-mail
account).
Here is the old line:
SCANFILE D:\Norman\nvc\bin\nvc32.exe /AF /B /BS- /C /N /Q /LF:.\report.txt
Here is the new line:
SCANFILE D:\Norman\nvc\bin\nvcc.exe /B /BS- /C /N /Q /LF:.\report.txt
Thanks for pointing that out. The manual has been updated to include the
nvcc.exe entry.
Would the notification emails be something like this:
SKIPIFVIRUSNAMEHAS Magistr
SKIPIFVIRUSNAMEHAS Kelz
Like this -- although I'd use Klez instead. :)
SKIPIFVIRUSNAMEHAS W32/Magistr.b@MM; W32/Klez.h@MM; W32/Hybris.worm.B
This way will not work. This will look for a virus that has
Is this possible:
On the gateway server i want to recieve the mail and when its passed to my
mailserver it will be scanned by declude.
So that the server just recieve the mail without scanning and first when
it pass it to the other server it will be scanned on the
way out ?
I'm not entirely
Is there any possibility you could
make declude send the bounce messages directly bypassing Imail completely,
and then just send them once, that way server resources wouldn't be tied up
trying to send them multiple times throughout the day and then declude could
just ignore the bounced bounce
I am using Declude Virus v1.46 with McAfee 6.0 with data files dated the
17th of this month.
Some Hi How are you viruses are allowed through if the attachment is a .txt
file. Shouldn't my setup catch these as well? Is anyone else having this
same issue?
That depends on your setup. The default
We have just released Declude Virus v1.48 (
http://www.declude.com/virus/manual.htm ), a beta version. The noticeable
changes include:
o Detection of the Outlook Blank Folding vulnerability
o An issue with ONACCESS ON setting fixed
-Scott
---
1. What is the Outlook Blank Folding Vulnerability? I just saw it in my
log file.
That occurs when an E-mail header consists of just a single tab character,
followed by a carriage return and linefeed. Outlook treats this the same
as a blank line, and starts processing the headers immediately
Oh the other postmaster for the address is not responding. It is the
KLEZ.H so I know it is spoofing the Address so I can't really blame him.
Can I?
With 1.47, you can add SKIPIFVIRUSNAMEHAS Klez to the otherpostmaster.eml
file, and the notification won't go to the other postmaster.
As for
We have just released Declude Virus v1.47 (
http://www.declude.com/virus/manual.htm ), a beta version. The only
noticeable change is that the .eml template files can now have lines that
begin with SKIPIFVIRUSNAMEHAS followed by the name of a virus or a
partial virus name. These can go in
Thanks for this mod. Is there a way to specify the OutlookCR
vulnerabiltiy/virus in this directive?
Yes.
You could use:
SKIPIFVIRUSNAMEHAS Vulnerability
which would handle the CR vulnerability or any other type of vulnerability, or:
SKIPIFVIRUSNAMEHAS Outlook 'CR'
This afternoon my spool directory started filling up... now i'm seeing about
25 files added to the dir ever minute or less... also, there seems to be an
unusual number of declude.exe processes running.
The first thing I would do is check the Declude log files to see if
anything unusual is
I got an email in my inbox this morning that looks an awful lot like a
trojan to me. It had two attachments: class.exe and REGKBCMT.HTM.
That looks a lot like Klez.H, which just started spreading (fast) yesterday.
The thing that really bothers me is that a peek at the message source
shows
I am using AVG and Declude for virus protection. Just talked with IMAIL
about why every file caught says: Declude Virus v1.46 caught the Unknown
Virus virus in Unknown File. I tried adding the X-Virus-Name line to
the postmaster.eml and it did no good. IMAIL says it really isn't even
getting
Is there a way to add the name of the virus found to the header of the e-mail?
I have been asked by an ISP for the headers and the name of the virus for
follow up to a report that I made to them.
It would be much easier to just send the header if Declude could place the
name of the virus
I have an imail server with unlimited users and this looks like it has
reached the limit. So first I have upgraded to a faster server, but then I
am not sure what to choose here, either a peeirng server based on Imails
description or a backup mail spooler also based on there descpition. What
http://www.ipswitch.com/support/IMail/guide/imailug7/config11.html#4382
will following this guide do what you tell me below,
Yes. Following that setup, the server will act as a gateway (which is
almost identical to acting as a backup server).
and then the stupid question where do place the
But if my my primary mailserver are up and responding it will never reach
the second ? or are there something here i don't see
What you do is you have the DNS set up so that the MX record points to the
new gateway server, instead of the existing server. For example, if you
now have:
The majority of the viruses caught by our Declude system (75%) show up as
Outlook CR vulnerability. Looking at these messages manually, not a
single one actually contains a virus
That's correct. There aren't any viruses known yet that take advantage of
this vulnerability. However, there
with around 150 000 users on a dual 933 with 1 gb ram, I get at lot of
restart of smtp service. and its very slow when i send mail
through the server anyone her having a good idea of how to speed it up
That's a lot of E-mail to be virus scanning. My suggestion, if you are
using Declude Virus
anyting else i can do to optimize it here
There doesn't seem to be anything in your config file that should be
changed, except adding a line PRESCAN ON if you are using a recent
version of Declude Virus Pro.
-Scott
---
[This E-mail was scanned for viruses
do i have to restart or is it just to save
No. Declude will automatically detect the change to the config file.
the strange thing here is that its using a lot of cpu but nearly no ram
at all about 200 mb
but my cpu is on 95 or more all the time
When you open Task Manager, and go to the
iwebmsg.exe with around 34
then its declude or smtp32 switching
It sounds like you may just be reaching the limits of the server. Do you
know about how much E-mail is sent/received per day on this server?
The iwebmsg.exe at around 34% would indicate that web messaging is pretty
heavily
Or the report.txt (or whatever) wasn't found?
Yes, Unknown Virus will also appear if the report.txt file isn't found,
or if it isn't formatted correctly.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came
no what i want is that if the primary mailserver are busy it will deliver
on the secondary
Ah, I see. That sounds like a standard backup mailserver, where your MX
records will point to both the primary mailserver and the secondary
mailserver, but with different preferences, so that mail
Wouldn't that skew some of the spam tests, since there would be one extra
hop when the secondary receives the mail and forwards it on to the primary?
For Declude Virus, there won't be a problem.
For Declude JunkMail, you would need to add a line IPBYPASS 127.0.0.1
(replacing 127.0.0.1 with
Our declude-logs has started showing the following line several times today:
ERROR: IMail1.exe didn't finish after 10 minutes; terminating.
Anyone know what causes this?
That happens if the IMail1.exe file doesn't finish after 10 minutes, so
Declude assumes that something went wrong and it
I had a user's infected PC send a copy of the W32.FBound.gen@mm worm to a
mailing list on my Declude-protected IMail 6 server, which then dutifully
distributed the worm to everyone on the mailing list, without Declude
seeing a thing. I'm running the most recent Declude, F-Prot and F-Prot
Do you see any warning or error messages in the log files? Does the
eicar.com file get caught? Does the Declude Virus log have a Virus Free
line when the E-mail went through?
Something else to check: Do you have per-domain or per-user settings
(virus_domains.txt and/or virus_users.txt)?
Is there a way to configure Declude not to scan/process all mail on a
single virtual domain?
Yes (with Declude Virus Standard and/or Declude Virus Pro). You can use
the virus_domains.txt file to do that -- you just need a DEFAULT ON line
(so all mail will be scanned by default) and a
901 - 1000 of 1188 matches
Mail list logo