Ich bin bis zum 30.07.2007 im Urlaub.
Bis dahin steht Ihnen Markus Micheler ([EMAIL PROTECTED]) zur Verfuegung
Sono in ferie fino al 30.07.2007.
Per ulteriore domande prego contattare Markus Micheler ([EMAIL PROTECTED])
I'm out of office until July 30. 2007
Please contact Markus Mic
I can find one source of such a message in my virus logfiles. It was catched
as possible malware more then 12 hours ago:
From: [EMAIL PROTECTED]
Subject: Deutsche Gebuehreneinzugszentrale Rechnung
Attachment: Rechnung_GEZ.zip
Markus
> -Original Message-
> From: [EMAIL PRO
rus
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
thank you for turning this out
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott FisherSent:
Monday, October 02, 2006 4:27 PMTo:
Declude.Virus@declude.comSubject: [Declude.Virus] stration
work
It looks like the Stration worm is causing
Looking at the physical/virtual memory utilization for this server displays
a peak for this date/time (see attached mrtg graph - growleft) But the graph
shows a similar peak for today around 16:00PM and clamd is still running
without any result code 2.
I will watch this. Thank you.
Markus
rtain point the only
result code was 2.
Does this mean that clamd can also decease slowly?
Markus
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of george kulman
> Sent: Friday, September 29, 2006 4:22 PM
> To: declude.virus@declu
> Failure I do believe, probably ClamD is not running?
Correct. Thank you.
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at ht
Does anyone know what exit codes ClamAV has and what they mean?
>From 2006-09-27 06:50PM on I can see a huge number of
"Virus scanner 2 reports exit code of 2"
...in the virus-logfile.
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send
As I know yes but
BANNAME my_notebook.doc
wouldn't work for files within zip-archives.
Markus
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of John T (Lists)
> Sent: Tuesday, June 27, 2006 11:48 PM
> To: declude.virus@declu
le_prices.zip
BANNAME sony_prices.zip
BANNAME hp_prices.zip
BANNAME dell_prices.zip
BANNAME My_Notebook.doc
Regards
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
Hi Kami,
I've in use F-Prot 3.16f (latest version) here and can't
find any appearance of "Possibly a new variant
of JS" in my logfiles.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kami
RazvanSent: Saturday, March
I use %LOCALHOST% in my postmaster.eml file. As I understand this should be
the same, or not?
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
> Sent: Wednesday, March 08, 2006 6:24 PM
> To: Declude.Vi
x
Subject:
Recipients: 1
Queuename: Df37a051c0088d3cf.smd
Date: 08 Mar 2006
Time: 16:24:51 (GMT+1)
Remotehost: .it (82.188.97.71)
Localhost: xxx.it
D.Version: 3.0.5.23
BTW: How are you guys notfied for a updated version?
Markus
> -Original Messag
signature update the exit code usualy should become 3 or
6.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bill
LandrySent: Thursday, February 02, 2006 11:31 PMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] [IMail Forum]
Realistic virus th
It's not the only thread remaining without comment from
Declude even if there was replies to other threads in the
meantime.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott
FisherSent: Thursday, February 02, 2006 7:32 PMTo:
Declude.
...seem's beeing a new varaint of Bagle.Virustotal
says
Antivirus
Version
Update
Result
AntiVir
6.33.0.81
02.02.2006
TR/Bagle.Gen.B
Avast
4.6.695.0
02.01.2006
no virus found
AVG
718
02.01.2006
I-Worm/Bagle
Block exe in zips (at least temporaly)!
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
72520]
This
looks very promising that declude is already handling it in order to catch
malicious code inside such attachments.
Note:
the 4.th line is listed due the "MIME"
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Wednes
for grep and epreg on windows machines use the switch -U to
have correct line wraps
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John T
(Lists)Sent: Wednesday, February 01, 2006 10:35 AMTo:
Declude.Virus@declude.comSubject: RE: [Declude.Virus
t code 8 from my configuration because most of the
outbreaks in the last year was catched by this exit code before any
AV-scanner has had updated signatures.
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
> Se
tive and so I requeued it.
I've noted it due the low number of postmaster virus warnings I receive
because they are send to me only if the detected virus is not a forging one.
Fortunately this legit message wasn't deleted from the virus folder between
thousands of unwanted netsky's an
Matt,
Thank you for this informative report.
As I have many scripts working around Declude (my intention
is to reduce them) I have to verify some things before I can turn on AVAFTERJM.
But if this will be the case here is my vote for the original R-line in the
Q-file.
Markus
e amount of
incomming messages is growing rapidly and so the number of hold viruses and
spam too. (v3 can process much more messages the previous versions!)
So I search for something simple to clean out all this stuff as fast as it's
comming in.
Markus
---
[This E-mail was scanned for
Ok you're right exactly as you was when HOP was introduced.
Such a little feature request was not worth neither the half of all messages
in this topic. Additionaly the entire Declude staff seems to be in holidays.
So I have to write another time my own post-solution.
Markus
> -
tain and serve forging virus
names for all AV-Engines?
I still consider Declude my swiss army knife for handling SMTP-traffic and
keep our customer mailboxes usable for the daily work. And even if I know
that some tools in my knife can be dangerous I want to have them when it
will become neccessary.
M
-messages can be deleted be keeping a
small part of virus messages on the disk for some (more)
days.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Friday, January 27, 2006 7:09 PMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] Feature
ngines is way above the
entire spam filtering even if you use 5-6 external applications like
sniffer, inv-uribl, spamchk, ...
So if you're spam filters are set up properly they will filter out at least
50% of all incomming messages before they will reach the av-engines.
Markus
---
[This E-ma
ow at the moment.
As I can understand a feature like DELETEVIRUSNAME wouldn't require more
then 30 lines of code and 3 hours of work and it would eliminate any need
for own scripts on each server. This is not what I consider a hand
grenade...
Markus
---
[This E-mail was scanned for viruses by D
the virus logfile instead of the content from each
virus-message is definitively an excellent idea. However there is a more
simplier and efficient possibility if we could delete infected messages by
the virus name.
Markus
>
>
> Wednesday, January 25, 2006, 4:37:28 PM, Markus Gufler
> &l
e message will be delivered
without being checked from Declude Virus.
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe
This is still the most significant limit in declude.eva's
extensions banning. As long as we can't specify different BANEXTS for direct
attachments and in-archive-attachments many of us can't enable
BANZIPEXTS.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAI
> As a work around until and if Declude adds the requested
> feature, you could write a script to search the files on a
> timed based for a phrase (virus
> name) and have it delete them.
Do you mean this script on my disk who creates one hour each day with 100%
CPU usage?
Markus
I asked only because as I understand it should be very easy and
unproblematic to add such a feature.
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECT
;suspicious" or
"generic"
But commands to delete certain virusnames should be very easy to implement
and allow us to eliminate > 95% of all hold viruses on out servers.
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from th
That's exactly how I use the notifications.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck,
AndrewSent: Wednesday, January 18, 2006 12:48 AMTo:
Declude.Virus@declude.comSubject: RE: [Declude.Virus] New
Virus?
I agree compl
tion by an initial name of the av-company.
Something like: F-Prot>W32/[EMAIL PROTECTED]
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
> Sent: Tuesday, January 17, 2006 11:21 PM
> To: Declude.Vir
the thread of new sober-variants. so the sober-author might be hiding out
right now.
but if the police don't catch him, i'm afraid he will strike again.
markus
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im
Auftrag von Bruce Loughlin
Gesendet:
Can't fnd anything about "feebsa" on vil.nai.com and the f-prot virus info
page.
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
> Sent: Tuesday, December 20, 2005 6:54 AM
> To: Declu
e BANZIPEXT exe would be a very usefull feature, because with
the current list of recommendet BANEXT's and BANZIPEXTS ON no users can send
or recieve legit packed file attachments like application updates.
And again most AV-engines has showed that they are not more fast enough :-/
Markus
---
my server with newest definitions
it's not blocking it as a virus.
Mcafee at the moment seems not catching it with newest signatures.
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, jus
www.virustotal.com (se me previous posting for results)
At the moment i consider blocking at least temporaly eye in zips and update
the virus definitions
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
> Se
not all
scanners seems catching it right now
This is a report processed by VirusTotal on 12/15/2005 at 16:35:59 (CET) after
scanning the file "Stephen.zip" file.
Antivirus
Version
Update
Result
AntiVir
6.33.0.61
12.15.2005
TR/Bagle.Gen.B
file
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http:
It seem's to be a virus with low prevalence but today I've had a case with
many virus warnings to forged recipient adresses due to one infected client.
FORGINGVIRUS Ircbot2.gen
or for Sophos
FORGINGVIRUS Forbot-FO
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.d
ed by declude.virus?
Should it be an external test for d.junkmail in order to have much more
possibilities or should it act like an av-scan engine with simple result
codes and a report-file that is able to give the feedback as virusname like
"file ... is a possible virus"
Markus
sword.zip or p amela.zip and go using names like update.zip,
data.zip or setup.zip
Yes I know you will block this by the exe inside the zip. But I
unfortunately can't do this and I can't neither block such filenames.
Markus
---
This E-mail came from the Declude.Virus mailing list.
> I am scanning for viruses first. I block executables within
> zips.
Yes I know you can do this.
But on my systems banning exe in zips is like having a restaurant where
people can eat but drinking is not allowed.
Markus
---
This E-mail came from the Declude.Virus mailing lis
n is that last week av-companies showed that
they are not able to provide accurate detection-quality.
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
Imail 8.15 and Declude 1.82 here
We will wait for smartermail 3 the compare it with Imail2006 and then set up
a complete new box with Declude v3.
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
> Sent: Thursday, Novem
lines like
BANNAME price.exe
in the logfiles.
So I can
A.) easily create reports for currently active banned filenames and so
remove inactive names from the config file
B.) check if "BANNAME price.exe 120" maybe was a false positive because
it has a filesize of 1,2 MB
Markus
---
T
to
update virus signatures.
Markus
In the last 2 hours I can see something new.F-Prot is
catching it with result code 8 as unknown virusLooking
at the first examples:Subject: a random name like Alice, Emanuel,
Martha, Cybil, Ester, Body: empty htmlAttachment: ZIP-file with
another random name like them in the subject line
n the junkmail list.
BTW: this days I can't notice such a wide backscatter like some month ago.
At the moment I've disabled this filters.
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe De
while it was definitively catching some others.
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
> Sent: Tuesday, November 15, 2005 2:33 PM
> To: Declude.Virus@declude.com
> Subject: Re: [Declude.Virus] N
Hmm, looks like there is one single variable containing the last detected
virus name and several threads writing to and reading from this variable...
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Darrell
> ([EMAIL PROTEC
Yes sir ;)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John
> Tolmachoff (Lists)
> Sent: Wednesday, September 21, 2005 12:24 AM
> To: Declude.Virus@declude.com
> Subject: [Declude.Virus] VBE attachments
>
> Everyone is banning vbe attachment
I can see a lot of returning NDR's from our virus warnings (unknown virus)
in the last 3 hours now (03:00PM - 06:00PM GMT+1)
As I can see F-Prot is detecting some suspicious file but does not have an
exact definition or name for this virus.
I have temporaly disabled virus warnings.
M
I have to check my script because it still works fine up to
now.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Monday, September 12, 2005 9:58 PMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] McAfee
DailyDAT download
> OK, so it is cpl file, which we should all have in our list
> of banned extensions including banned if within a zip file,
> so we should all be safe, correct?
As save as the world can be ;-)
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just
Ah, and not to forget: whatever name this virus will have: it's a forging
worm.
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Matt
> Sent: Monday, September 12, 2005 4:52 PM
> To: Declude.Virus@declude.com
>
I can confirm this and can also see that Declude virus + f-prot seems
catching it now as "unknown virus"
In the past 30 minutes there was several of this infected messages on our
servers.
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROT
> It looks as though the Bagle author is back from his
> vacation. Today we've detected several new variants (actually
> old variants which have been repacked) and they are still coming in.
I can see some "unknown virus" detections in the last 24 hours.
Markus
-
rt of the recipients adress +
some random domain name.
I've added "1.txt" to the Declude Virus BANNAME-List.
Markus
--- Begin Message ---
1
1.txt
Description: Binary data
--- End Message ---
--- Begin Message ---
1
1.txt
Description: Binary data
--- End Message ---
Have seen some NDR's yesterday and this morning and so I've added Breatel to
the list of forging viruses.
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The a
e that Declude or the AV-Engine will catch this vulnerability as
soon as possible.
As much as I can understand from reading the KB-Article it's something
similar to the GDI-Exploit but not the same.
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send
declude logfile. Some further messages was not scanned.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)Sent: Friday, July 08, 2005 9:05 AMTo:
Declude.Virus@declude.comSubject: RE: [Declude.Virus] Limit Size of
message to be scanned
erday evening (06/26/2005 22:37:24 GMT+1)
Scanner 2 is Mcafee and following the logfiles it's
called "Bagle.dldr"
Scanner 1 (F-Prot) has catched it 2 hours later with
errorlevel 8.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck,
And
can't see any file "kitten.zip" in the past 8
hours...
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin
CoxSent: Sunday, June 26, 2005 8:33 PMTo:
Declude.Virus@declude.comSubject: [Declude.Virus] FYI - new virus
as yet unidenti
main Names ??
Still seeing the following
Declude Virus v2.0.6 caught the [Outlook 'Boundary Space Gap' Vulnerability]
virus in [No attachment] from [EMAIL PROTECTED]
even with
ALLOWVULNERABILITIES FROMbigclient.com
Any help ??
- Original Message -
From: "Gu
hi jeff,
try
ALLOWVULNERABILITIESFROM
in the virus.cfg
we use it for certain adresses, but the releasenotes of 2.0 tells that you can
use it on domains too.
mfg
i.a.
gez. guhl
***
lds nrw
ref. 241
tel.: 0211 9449 2578
fax.: 0211 9449 8344
mailto:[EMAIL PROTECT
used to notify the
recipient.
look in the manual (http://www.declude.com/virus/manual.htm) chapter 14 to learn
about this.
hope it helps (and my english is not to bad)
greetings from germany
mfg
i.a.
gez. markus guhl
***
lds nrw
ref. 241
tel.: 0211 9449 2578
fax
round 20 spam messages.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott
FisherSent: Monday, June 06, 2005 11:29 PMTo:
sniffer@SortMonster.comCc:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] [sniffer] New
Spam/Virus?
Yes I have
hi darin,
we use AVAFTERJM ON with Declude 2.0.6.14 and it works like we need it.
mfg
i.a.
gez. markus guhl
***
lds nrw
ref. 241
tel.: 0211 9449 2578
fax.: 0211 9449 8344
mailto:[EMAIL PROTECTED]
***
-Ursprüngliche
h one of the mirror
drives.
So if there is a problem on the RAID who has caused a
"disaster" we have at all time a running system that will boot within minutes
and begin to restore the daily backup files.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
My F-prot does catch some W32.Eyeveg-Massmailers in the last 5 days. The are
is always a NDR bounce, so I believe it should be added to the forging virus
list.
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
d PopConns.
> Gr
..r!
We should set up a filter that will send back to each sender who's mail
header contains sources of unpatched exchange MTAs a warning message...
Markus
---
This E-mail came from the Declude.Virus mailing list. T
hi john,
ALLOWVULNERABILITIESFROM is in the
releasnotes for version 2.0, but there is nothing about it in the manual.
mfg
i.a.
gez. markus
guhl
***
lds nrw
ref. 241
tel.: 0211 9449 2578
fax.: 0211 9449
8344
mailto:[EMAIL PROTECTED
XTS ON will work, as
absolutely no content from the archive could be read. Only BANNAMEs will
work to block it before it reaches the recipients mailbox. At least such
corrupt files can't create any damage beside the problem that some user
could believe the virus filter does not work as g
there was
several attempts to deliver this virus.
>From around 2 hours ago Mcafee is catching it as Sober.p
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archive
Question: Have you all running the latest v3.16b ?
I can't see any appearance of "HTML/ObjData" in the entire current logfile,
but I've still running 3.16a
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John
ot set up a declude virus configuration
in a separate folder with or without the second scanner and test the hold
message (by scanner2) again? It should be interesting if the same space gap can
be reproduced or if we must search another reason for the sporadic
appearance...
good night from GMT
it seems to me that talking (or writting) is a good
idea.
why viruscode 9 and 10? Have I missed
something?
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bill
LandrySent: Thursday, April 28, 2005 10:32 PMTo:
Declude.Virus@declude.comSubject: Re
no absolutely no trace of the spool filename before the
"parse string" line.
I've checked now multiple cases in todays
logfile
Note:
F-prot is my first, Mcafee my second
scanner.
F-Prot 3.15 not 3.16
I've PRESCAN ON in my virus.cfg line
bye
Markus (have to
ECTED] [incoming from
x.x.x.x]04/28/2005 08:00:13 Q7be703950112a342 Subject:
Re:
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Thursday, April 28, 2005 7:28 PMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] High CPU
F-Prot
Markus,Take the
sage. So I can't
determine if there is a space gap or not. Each of this log lines is for F_prot
while Scanner2 Mcafee is detecting a virus (Netsky, Bagle, ... but no Mytob in
this case)
I've still in use F-prot 3.15 not 3.16
Markus
From: [EMAIL PROTECTED]
[mailto:
In the last hour I've seen some NDR's comming back for a new virus called
"Antiman"
Maybe we should ad it to the FORGINGVIRUS list. Anyone else can see this
virus in his virus logfiles?
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, ju
11:59pm here so it's not a good time to watch the cpu usage as most people
has leaved the office some hours ago. Time to say good night for me too
after haven't seen anything strange with f-prot on my server at the moment.
|-)
Markus
> -Original Message-
> From:
out.
From the other switches you mentioned MIME was already part
of my Mcafee config line. Haven't had any problem with up to
now.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Wednesday, April 27, 2005 5:53 AMTo:
Declude.Virus
or a "small zip file with suspicious content blocking"
But I think we must do here something because durring the latest virus wave
a week ago some viruses has passed our filters - and I fear not only ours
but also most others. If virus writters note that this will work the next
wave will be sp
ants until there are
available appropriate signatures from the AV-companies. I'm not 100% sure
but I can't imagine why someone should send a legit zip-file having a small
executable inside.
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to
iatly if it's a new virus.
This will create the necessary time to react on new
viruses.
I can confirm that our system has let trough last weekend
some few viruses. Both F-Prot, F-Secure and Mcafee was too slow in this
case. Bitdefender has had ready updates very fast.
Markus
idea to combine this test
with some mailfrom validating test as this addresses are
forged.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Tuesday, April 19, 2005 3:33 AMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] Another new
In the past hours we've seen some NDR's coming back for virus notifcations
send out after detection of W32/[EMAIL PROTECTED]
So I've added
FORGINGVIRUS Mytob
so my virus.cfg file as it is realy a forging mass mailer even if not wide
spreaded.
Markus
---
This E-mai
having an
yearly cost of USD 338 ?
Anyone has running this enginge?
Any way to have less yearly costs?
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archi
> The odd thing on this was I had to add the "/MIME" flag to
> the scanner command line in order for my systems to start
> catching these.
Hmm, I've added it now too for the Mcafee engine. Let's see how does it have
an effect on cpu usage...
Markus
---
[This E
s already catching this as an "unknown virus".
In the meantime i've blocked .zip attachments on my server.
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just
Seems there is something going on, please check your virus logs.
...
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
operly deal with whatever traffic comes their way as a result.
Ok, I understand.
The original SMD file contained a CRCRLF at the end of the "X-header:
PITA-Server" line.
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came fro
).
No problem. I've replaced the original domain names by domain.net and
cutomer-domain.it before sending it to the public list.
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe,
Beside the question: I've send this message (with the message in the body)
yesterday evening but it was not delivered to the list. So I've resend the
message (with the message as attachment) this morning and it showed up
immediatly on the list. ??
Markus
> -Original Messag
1 - 100 of 262 matches
Mail list logo
