Please Change Your Address Book
Thank you for emailing me.nbsp; Your email has been received, and I will
respond as soon as possible.
We are pleased to announce that Rand Realty has recently affiliated with Better
Homes and Gardens Real Estate.nbsp; Accordingly, our email addresses have
Please Change Your Address Book
Thank you for emailing me.nbsp; Your email has been received, and I will
respond as soon as possible.
We are pleased to announce that Rand Realty has recently affiliated with Better
Homes and Gardens Real Estate.nbsp; Accordingly, our email addresses have
Please Change Your Address Book
Thank you for emailing me.nbsp; Your email has been received, and I will
respond as soon as possible.
We are pleased to announce that Rand Realty has recently affiliated with Better
Homes and Gardens Real Estate.nbsp; Accordingly, our email addresses have
Marc Catuogno
MIS Director
Prudential Rand Realty
845-825-8025
[EMAIL PROTECTED]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail
, and to to the point.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Marc Catuogno
Sent: Thursday, July 12, 2007 11:54 AM
To: Declude Virus
Subject: [Declude.Virus]
Marc Catuogno
MIS Director
Prudential Rand Realty
845-825-8025
[EMAIL PROTECTED
Um, no making fun here - I opened it. I thought it was just spam someone
forwarded it to my spam account. I didn't find the Trojan downloader on my
PC. I'm ASSUMING that you have to hit the check prices macro button as no
macro seemed to auto-execute...
I just downloaded the intelligent
I didnt get an e-mail. Dont
you like me? : )~
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, February 10, 2006
1:47 PM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Changes @
Declude
In the last 10 days
we have
Somebody is sending e-mail that must get
through (of course) and it is failing the blank folding Vulnerability test.
What can I tell this person they should do to not have this e-mail get
caught? I dont want to allow vulnerabilities through but.
01/20/2006 07:25:44 Qd6c809e500d45890
Virus.cfg:
ALLOWVULNERABILITIESFROM [EMAIL PROTECTED]
Matt
Marc Catuogno wrote:
Somebody is sending e-mail that must get through (of course)
and it is failing the blank folding Vulnerability test. What can I tell
this person they should do to not have this e-mail get caught? I
dont want
and higher. I think it came along somewhere after 2.0.6.0
Matt
Marc Catuogno wrote:
Matt thank you What version of Declude is needed for
these allows?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Matt
Sent: Monday, January 30, 2006
5:09 PM
To: Declude.Virus
since others are happy with it,
but since I run IMail 8.15HF2, there is little in that release that enhances my
immediate use, and I am willing to wait a bit longer so that a period of
stability can be established before I make the jump.
Matt
Marc Catuogno wrote:
So since I am running 1.82 I
The latest outbreak has caused me a great deal of backscatter. You sent a
banned file, virus in an attachment sent by you, undeliverables and so. I
am very hesitant to try to create rules in JM to stop all notices like this
because some of them are necessary. I've pretty much told the users to
well for us.
Darin.
- Original Message -
From: Marc Catuogno [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday, November 23, 2005 9:12 AM
Subject: [Declude.Virus] OT: Virus Backscatter
The latest outbreak has caused me a great deal of backscatter. You sent a
banned file
You have a user base that is educated and that you trust enough to click a
link that would send them a potential virus? I so envy you...
I'm scared to let them open and send and receive regular e-mail. I had one
user ready to open an account for someone in Nigera.
-Original Message-
I've gotten a few:
26KB files named 1.zip, 7.zip and work.zip so far
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Tuesday, May 31, 2005 11:22 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] New virus
John,
Sorry to hear about that it sucks.
There was something I heard once about
having identical drives mirrored. That if they were from the same vendor
and the same model and lot number they can fail at the same time. The IBM
Deskstar was apparently notorious for this. If Im
I have this set in my global file:
BYPASSWHITELIST bypasswhitelist 30 8 0 0
As I understand it, it will by pass the whitelist (whether it is due to
whitelistauth or autowhitelist on) if the weight is at least 30 and there
are 8 recipients.
The German spam is getting through
This is going to a problem for me if it catches on people will think it is
cool to password their zip files, and since I block them
Just thought I'd heads up the group in case any of you automatically block
encrypted files as well.
A choice of Zip 2.0 or 128- or 256-bit AES encryption
AES
I also run crap cleaner - it can be set to clean the prefetch, temp Internet
files, C:\Documents and Settings\User\Local Settings\Temp and more. It has
helped me get virus/Trojan files that won't other wise delete. Also the
online scan from Trend Micro is also a great help. It has been a great
I couldn't get Clamav to run on mine. May I ask what version of ClamAV you
are using? When I installed it I couldn't figure out if it was in and
Declude kept throwing me an error. What is your Declude config line ?
Thanks -
Marc
-Original Message-
From: [EMAIL PROTECTED]
I had a JPG held by declude as:
X-Declude-Virus: Detected [Microsoft GDIPlus.DLL JPEG Vulnerability].
However, this was a JPG sent from one of my users to another. I seriously
doubt it was infected with anything. The only thing was that it was sent
from a MAC.
User-Agent:
Thanks-
Both jpgs held were sent by the same person - a graphic designer using a
MAC. If that helps you change the code.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, September 29, 2004 10:52 AM
To: [EMAIL PROTECTED]
I've been happy with F-prot on the mail server and since I know many people
are using it on their servers as well, I was wondering if anyone has it
deployed on their user's machines. If so I'd like to know, how well it does
on regular windows XP machines. You can't beat the price
Thanks -
Title: OT: Hello?
Hi
Sharyn.
I
haven't seen anything today either, maybe everyone in the north-east is out
looking at that strange yellow object in the sky (the sun) and trying to dry
out.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On
Behalf Of
They are still getting through to my users. Even though
Anyway to banexten on this one? Something like
BANNAME *prudentialrand.com.zip
Or
BANEXT com.zip
It is creating some confusion and I'm not sure if it's a viable virus that
is getting through or not. I'd like to stop it regardless.
Marc
I am running Declude 1.79 and this is in my CFG file:
BANEZIPEXTS ON
BANEXT com
In desperation I have added:
BANNAME prudentialrand.com
BANNAME prudentialrand.com.zip
BANNAME prudentialrand.zip
BANNAME [EMAIL PROTECTED]
BANNAME *prudentialrand.com.zip
The files are still getting through to my
Sorry - yes Virus defs are up to date. I have blocked .zip files for now.
I think that they are non-viable files that are slipping through, but I need
to stop them as all my users want to know what is going on...
I will remove the erroneous entries from my config file.
Marc
-Original
?
CRAP. Maybe I should go back to the last beta...
I am using F-protect and I updated it about noon and I'm using an interim
downloaded about three days ago.
Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of marc catuogno
Sent: Monday, July 26, 2004 3
blocked all zip files, as I am seeing quite a few
that are not being caught by banned extension or F-Prot or AVG. I am
investigating these.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of marc
Thanks Scott I'm not totally brain dead (only partially) it was definitely a
zip file. I did mistype in my haste to ban the .zip files. I ran a manual
F-protect update moments again and it is all up to date. I am now blocking
all zip files for now.
Any chance wild cards or double extensions
http://www.informationweek.com/story/showArticle.jhtml?articleID=25600493
According to this it is double zipping so the only way I can think of
stopping it is by banning .zip files completely.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent:
for the
time being :)
Matt
marc catuogno wrote:
What do you guys think of this?
http://antivirus.about.com/od/virusdescriptions/a/atakb.htm
I've forwarded it to all my users, maybe they will take their computer
security more seriously.
Marc
---
[This E-mail scanned for viruses by Declude Virus
Bonk Bonk on the head... (yes it was Miri)
I'd just like to get more people thinking about securing their systems (as I
have spent the last hour on a new agents machine removing Ncase and all the
other spyware), at least minimally, because it really is scary thinking
about what a determined
I am running 1.79 (I don't remember which interim but
I wil D/l the latest)
I have in my global config:
BANEXT EZIP
BANEZIPEXTS ON
I am still getting some e-mails through. They are zip files 67 bytes or so
and don't seem to have anything in them nor are they password protected. Any
way to stop
I checked a few out and figured they weren't dangerous and told everyone
that they were corrupted or stripped attachments... but the support calls
and e-mails about the passworded zip files that everyone got, what a waste
of time, sigh.
I did a Baname on what was listed as possible file names
What do you guys think of this?
http://antivirus.about.com/od/virusdescriptions/a/atakb.htm
I've forwarded it to all my users, maybe they will take their computer
security more seriously.
Marc
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by
Start;Programs;Imail;Imail release notes -
I'm really shocked that they don't put this in Imail admin or help or
something...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Hahn
Sent: Wednesday, April 28, 2004 8:40 PM
To: [EMAIL PROTECTED]
I believe you are in the same exact situation you were before the trial.
Imail would've passed on the spam and viruses too with out Declude. I would
buy it, really, it is the only thing saving my butt...
Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
I think this has been brought up a few times, I think it would be a good
option as well once it is tweaked.
You forgot PDF, txt, bmp, wks, wpd, ppt and maybe .zip : )
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Shadix
Sent: Tuesday, March 16,
Sorry, I know Ive brought this up
before but Im befuddled as to how plan old Norton Antivirus 2003 on my
XP desktop using outlook 2002 can pick up this virus within a passworded file
without the password.
This was held in the virus directory by Declude
and I released it to see if it
:[EMAIL PROTECTED] On Behalf Of Nick
Sent: Tuesday, March 16, 2004 6:18 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] NAV 2003 catches passworded virus??
On 16 Mar 2004 at 17:20, marc catuogno wrote:
Marc,
I do not have Norton so I cannot test it - have you sent to your desktop
Plain old NAV 2003 on my Win XP workstation that scans e-mail - sorry for
not being specific. BUT the weird thing is there was no e-mail with a PW.
I had saved the file from one that had gotten through and attached it to a
e-mail with the only the word test in the body of the e-mail. I don't even
If you want I can send it to you, it isn't important but I found it curious.
All I know is it is a virus, it is reported as beagle.j by NAV, it is in a
passworded .Zip file, there in nothing but the word test in the body of
the e-mail and it is caught by the e-mail scanning as it goes out.
I was trying to test the latest interim and when I tried to send myself a
copy of the virus, NAV outbound scanning caught it even though it was
passworded. I tried to unzip it to make sure and it does require a password.
I didn't think they could detect it like that...
---
[This E-mail scanned
Does anyone have a way of using doing this? I mean if scumware people and
pornographers can use the windows messenger service why can't I? I know it
wouldn't always work, but most of the IP's I get in my virus notifications
are from Road Runner or Cablevision. I'll bet more than half of those
I didn't see your last e-mail? What virus?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan
Sent: Wednesday, March 03, 2004 8:32 AM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] Update- New virus
Hi;
Just to update my last email.
F.Y.I. I am running the latest interim release: 1.78i.8 and have
BANEZIPEXTS ON
In my config file but several people have complained to me that they are
still getting the zipped files.
I have added
BANEXT EZIP
In the hopes of stopping them all now.
Marc
---
[This E-mail scanned for
Sorry for my incomplete message what I meant to say is that they are still
getting PASSWORDED zip files.
Even with the addition of BANEXT EZIP
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, March 03, 2004 10:48 AM
To:
Confirmed. I commented out
# BANEZIPEXTSON
I left in:
BANEXT EZIP
And resent myself the virus and it was blocked.
Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Todd Ryan
Sent: Wednesday, March 03, 2004 11:18 AM
To: [EMAIL PROTECTED]
I saw a woefully inadequate report on this virus on Fox 5 NY last night -
don't even get me started, do these reporters even talk to people who deal
with viruses? Love how they report it as new yesterday - but anyway, the
reported called it net-ski. I have been inclined to call it that as well.
I am running the latest beta 1.78.
I have the following in my virus.cfg file:
BANEXT scr
BANEXT pif
BANEXT bat
BANEXT exe
DELETEVIRUSES ON
Yet I am still seeing e-mails with .PIF extensions being held in the virus
subfolder. I'm concerned that these are
That was a great list. I have the following extensions blocked as well:
BANEXT data
BANEXT link
BANEXT unk
BANEXT uue
I wish I remember why - but I imagine it won't hurt...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
I know everyone hates the challenge response system BUT what if there was a
way to adapt it for attachments? If an e-mail is sent with an attachment
the server sends a challenge to the supposed sender who can verify or deny
having sent it. Denial would delete the e-mail, verification would allow
the mail whether she remembers it or not
and cousin Fred is infected.
Challenge/Response is ok for end users, but I don't see a real benefit for
it with servers.
Rich
- Original Message -
From: marc catuogno [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, January 31, 2004 10:37 AM
Scott - did you ever find these guys? They still don't get it...
-Original Message-
From: Postmaster [mailto:[EMAIL PROTECTED]
Sent: Friday, January 30, 2004 10:08 AM
To: [EMAIL PROTECTED]
Subject: Your mail server sent us a virus
The Declude Virus software on our mail server detected
Wouldn't you want to also update your otherpostmater.eml and sender.eml
with:
SKIPIFVIRUSNAMEHAS Bagle
SKIPIFVIRUSNAMEHAS Beagle
To stop the bogus warnings?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler
Sent: Monday, January 19,
AH! That is a nice feature that I must have missed!
Gratzie!
Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler
Sent: Monday, January 19, 2004 09:42 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] new forging worm: Bagle
Wouldn't
I have been doing that, but I have heard that IMAIL's CAL can only
handle 100 IPS and I am running at about 90 now. Most of the offenders
are from Optimum online, I could block their whole IP range, but then I
think my home Optimum users trying to POP or SMTP (maybe even
Webmail)won't be able to
Last night I got hammered with about 3,000 sobigs in the course of
about 2 hours from one infected computer - it seems this particular
computer had almost every address from my domain on it. This morning I
got about 100 from another computer - the strange thing was that all 100
were sent to a
This maybe a stupid observation so bear with me please.
As I was adding more and more IPs to the control access list something
occurred to me. It seems that most of the offending IPs are from
cablevision companies. If I could get the range of their dynamic IPS I
could block them all,
Scott can you bitch slap this moron? I've sent him three separate
e-mails with detailed instructions (I think I even copied one to the
list) on how to turn this off in Declude and he hasn't replied once.
Maybe you have a better contact e-mail.
Marc
-Original Message-
From: Postmaster
I've been sticking the IPs into IMAIL's control access list as fast as
they have been coming in. Declude reports them and I'm popping them in
there and I'm not sure I'm ever going to remove them.
Under local host SMTP second tab SMTP security Control access
button
You must stop and restart
I had to argue with an IMAIL admin with Declude for two days and had to
e-mail him the damn otherpostmaster and sender eml files before he would
change them.
I hope my change took effect... : )
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
The sobig virus forges the sender, as you should know. The Declude
software allows you to indicate this in the bounce message to yourself
by putting the line FORGINGVIRUS Sobig in the virus.cfg fie. It also
allows you not send this notification by putting the line
SKIPIFVIRUSNAMEHAS Sobig in
So if a forged user from my domain sends a message to another IMAIL machine
to a user that doesn't exist and then their Imail Machine rejects the
message. I'm assuming that postmaster gets the entire message (virus
included) based upon the forged domain. So I would get the message, even
though
Um - I'm not sure, but I think he may be right. The declude virus catch
looks like a bounce from his server, not sent through his server. As
you said the e-mail address is forged - so if an infected computer has a
user from your domain and a bad address from his, once his server can't
deliver
But since the subject that you are receiving is undeliverable : RE:
Details isn't that his server is just returning the message Unless the
virus has more subjects then the list of subjects that I am aware of.
Looks like the original message had the virus attached and that was
Declude detected
Please excuse this if it has already been answered-
Just like everyone else, we are getting hammered by Sobig.F. Declude seems
to be catching and holding the virus e-mails with the attachments because of
the BANEXT option. The potential exists to overload our hard drive. There
were over 3,000
I thought BANEXT worked before the scanner? DAMN... maybe my f-protect.exe
is old and not catching viruses?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Wednesday, August 20, 2003 04:03 PM
To: [EMAIL PROTECTED]
Subject: Re:
I just ran a manual scan on the spool virus directory with F-protect and it
identified all the held viruses as [EMAIL PROTECTED] - BUT I did run an update
immediately before that even though I ran it this morning.
Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Does anyone else bother to look at the header, do a who is on the IP and
notify the responsible party of the possible problem on their IP? I see the
IPs in the e-mail headers so if someone was notified do you think they can
find the actually infected user? Would they bother?
I checked some of my
The Pentagon? REALLY??? That's friggin scary as hell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Wednesday, August 20, 2003 06:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Notifying Postmasters/ISPs etc of viruses
I have BANEXT active, and as a courtesy I have a notification through
Delcude going out in case someone is legitimately trying to send an .exe
file. Is there anyway to turn this off for the .pif extension? The SOBIG.F
Virus is sending this to all my users with fake e-mail addresses and then
the
I do a weekly scan
with of my Imail sever with F-protect and disturbingly enough it found two
viruses in the main.mbx files of two of my users. F-protect 3.12a reported
them as klez.E@mmand the attachment was
called logon [2].pif. I copied the MBX file to a test user to see
ifI could find
Declude has been installed for months, BUT you are right, these e-mails
were delivered two days and a month before it seems that declude was
installed (respectively). The weird thing is that the full system scan
only reported them recently... one last week and another this week.
Strange.
Strictly paranoia.
In case something does get through. In case one of my users sends out a
virus through their webmail. I usually just do a full system scan once a
week or so, I don't have the scanner running all the time.
Marc
- Original Message -
From: John Tolmachoff [EMAIL
76 matches
Mail list logo
