L PROTECTED] = IGNORE WARN [LAST ACTION="">
06/06/2005 10:01:13 Q109E001900B2AC5A Cumulative
action(s) taken on this email = IGNORE WARN [LAST ACTION="">
Paul Crouch
Technical Manager
Marble Building Products Ltd
Tel: 01759 373352
Fax: 01759 373394
Email: [EMAIL PROTECTED]
What exactly triggers the Invalid ZIP Vulnerability? I am a small ISP, and
one of my client keeps getting expected zips from a graphics company caught
by this.
Thanks,
Paul
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED
Is this a new possible feature for Declude Virus? The option of changing the
attachment file extension to a non-executable extension?
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson
Sent: Monday, July 19, 2004 6:45 PM
To:
assume they were deleted.
Can anybody explain the virus log to me? Has something changed with AVG that now makes
it unusable,
or do I have a problem with my configuration?
For anyone using AVG, I would definitely send yourself a test attachment to be sure it
is working.
Paul Navarre
---
[This E
.
I also don't have any setting that would delete anything as far as I know.
Thanks,
Paul
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED
I'm looking for info on Worm.SomeFool.P
Anyone know where I can find out about this one?
[EMAIL PROTECTED]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to
Thanks Scott,
While I have your attention, what do you use to generate this report from
your log files?
Each month, we go through our spamtraps (E-mail addresses
designed to collect spam), to find out which spam tests
were most effective at catching spam. snip
WEIGHT1099.48%
Hello,
Wednesday, March 3, 2004, 11:54:36 PM, you wrote:
Do I need to do something on my end to hit this DB??
Run recent version of declude
and set AUTOFORGE ON in virus.cfg
Ok that was essy. Thanks.
--
Best regards,
~Paul~ mailto:[EMAIL PROTECTED
with Undeliverable Mail messages. It seems the
guy being
joe-jobbed is the one reporting my mail server.
Anybody have any advice about what (if anything) I should do?
Paul Navarre
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from
behind McAfee if I can.
I am getting this in the logs.
11/27/2003 07:29:56 Qee340fb6011cba7f Could not find parse string Virus in
report.txt
11/27/2003 07:29:56 Qee340fb6011cba7f Error 2 in virus scanner 1.
--
Best regards,
~Paul~ mailto:[EMAIL PROTECTED]
---
{This E
, Of course, we all know not to open EXEs we don't
know the origin of. =) The USERS usually don't, but.
If you DO run it, let us know what you find out.
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com
around this in some cases, but I know I
feel better
about having a license with F-Prot that seems about as clear as you can make it.
Additionally it is
cheap and I have had good luck with support from them.
Paul Navarre
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com
=)
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus
Real life example:
There are two users, we'll call them [EMAIL PROTECTED] and
[EMAIL PROTECTED]
Both users are hosted on the same iMail server, but at different domains
which are separate virtual servers.
Declude virus scans all mail for all users both in and out of
GoodDomain.com.
JS/[EMAIL PROTECTED]
1 1 / 0W32/[EMAIL PROTECTED]
1 1 / 0VBS/Lovelorn.dropper
If only I could get the users with that dang Klez to clean their systems, as
well as the Hybris. It's the same 3 or 4 people. over and over.
Paul
---
[This E-mail
this? Do we have a SKIPIFATTACHMENTIS .scr option?
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail
.the.message..
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
/25/2003 07:21:28 Qf13403e3020a6b9c From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]
[incoming from 216.58.174.203]
08/25/2003 07:21:28 Qf13403e3020a6b9c Subject: Test eicar.com file [eicarzip]
End
--
Best regards,
~Paul
/2003 11:16a 16,700 WSWEEPNT.INF
91 File(s) 12,709,402 bytes
10 Dir(s) 8,329,158,656 bytes free
C:\Program Files\Sophos Sweep for NT
--
Best regards,
~Paul~ mailto:[EMAIL PROTECTED]
---
{This E-mail scanned for viruses
Files
RSP dir Sophos* /x
Thats was it. Enterprise Manger is in c:\progra~1\sophos~1 and sav32cli.exe is in
c:\progra~1\sopos~2
Thanks!!
--
Best regards,
~Paul~ mailto:[EMAIL PROTECTED]
---
{This E-mail scanned for viruses by Declude Virus/McAfee}
---
[This E
In my virus_cfg.txt file, I have:
FORGINGVIRUSKlez
To add the sobig virus, do I add another line? like this?
FORGINGVIRUSKlez
FORGINGVIRUSSobig
[EMAIL PROTECTED]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
button, but will come back if you don't update. People need to
know they need to keep software like this updated.
Plus M$ releasing a patch that doesn't cause more problems is nice too.
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude
got a few
In the end, all you can do is make sure your stuff is secure, and up to
date, and working properly. As long as your virus scanner is catching them
entering, your users should be safe. You could email til your hands fall
off, I doubt it would make any noticable difference. =)
Paul
with those so but I do have to have open
shaers for the last of our Win95 systems.
I have been slammed with an AS/400 down the last three days so if
this is a dumb question please let it pass till I have more sleep.
--
Best regards,
~Paul~ mailto:[EMAIL PROTECTED
FYI: Mcafee's Extra Dat is not catching all instances of this virus...
However, it is still being dropped by the banned pif extension.
Wow! I've noted over 200 hits of this virus today so far. sheesh.
Paul - Glad I have Fprot checking for updates every 2 hours to be safe.
---
[This E
be possible if the syntax allows it.
If anyone has any ideas how this might be done I would appreciate it.
Thanks,
Paul Navarre
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just
21926]
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
act together for this silly virus is
making us look for a 2nd scanner. Granted, the body filters in place are
handling the problem nicely, but it's still a pain.
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http
hasn't updated yet, though
they say it's detected in August 1st's dat list which isn't out yet, as
my live update just run still says 7/30.
That's NAV on my workstation guys, not the server. =)
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned
risky?
I'm just a little surprised that this hasn't come up more often. I am guessing this
has happened to
others too. Are others just using education?
Paul Navarre
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus
Wow, this one just popped up it seems, [EMAIL PROTECTED] nothing on the 28th,
to 68 outgoing yesterday, and a smaller amount incoming. Even more today.
Anyone else seen this increase?
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses
.
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus
.
Hmmm, that's really odd. When someone logs onto our system and is assigned
an an IP, and this particular one was not in us at the time of this
least not issued by us...
Thanks Scott. Any other ideas?
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail
?
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus
W.32gibe.b and/or its variants
http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
Thanks! I've seen this one caught saveral times... whew. I knew I'd get the
answer.
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses
. Tracking users
down can be a pain, but not seeing the 1000 Yaha infected e-mails makes me
happy. Less wasted mail.
Cheers!
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came
any stand-alone CRs in the middle of the header and am a little
confused as to where I should start looking for the culprit.
Thanks much,
Paul Hassinger
Received: from blackbox.ipaul.com
[65.204.120.129] by winonaweb.com
(SMTPD32-7.13) id AC3C327D024E; Thu, 20 Feb 2003 23:42:20 -0600
Scott, and
all potential Declude Virus users Thanks to the handy
Log analyzer tool, I've noticed a HUGE increase inthe Lentin.F virus, and
have just contacted the user on our network thatappears to be infected with
it. But thanks to Declude for making me be ableto see it. And blocking
.
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus
Qdc38012d013e4431 File(s) are INFECTED [0]
So far all of these seem to be spam, but it's amazing the amount of these in
there
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from
formatted E-mails that contain some of the
recently discovered vulnerabilities.
I guess this makes good use of holds for vulnerabilities.
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail
regards,
~Paul~mailto:[EMAIL PROTECTED]
---
[This E-mail scanned for viruses by Declude Virus/McAfee]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just
:
John http://filext.com/
John .CEO Extension associated with Winevar Worm (The worm sets .CEO as an
John executable extension so future files arriving with this extension will be
John automatically run.)
Thanks for the link. I guess that goes in to banext
--
Best regards,
~Paul
.bat.cab.lnk.asp.swf.js
.ceo
--
Best regards,
~Paul~mailto:[EMAIL PROTECTED]
---
[This E-mail scanned for viruses by Declude Virus/McAfee]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came
the letter H added to my subjects and the auto reply
when i mail to these to list. I have check every setting I can find
anything wrong.
Anyone here have any ideas??
Oh I fell so like a user. :(
Sorry for the OT
--
Best regards,
~Paul~mailto:[EMAIL PROTECTED
through. These
have been blocked in the past. What is the best point to start to
fine out how this one made it.
1.63 beta
Imail 7.13
--
Best regards,
~Paul~
---
[This E-mail scanned for viruses by Declude Virus/McAfee]
---
[This E-mail was scanned for viruses by Declude Virus (http
PROTECTED]
X-Note: Sender Host Name: hide5.wspan.com
X-Note: Sender IP Address: 216.113.128.165
X-Note: Sender Country ID: .
Precedence: bulk
Sender: [EMAIL PROTECTED]
Status: U
X-UIDL: 333656655
--
Best regards,
~Paul
.The archives can be found
John at http://www.mail-archive.com.
John ---
John [This E-mail scanned for viruses by Declude Virus/McAfee]
I was trying to do that and stop people from sending this thing out
any more. Thanks John. I am trying. :)
--
Best regards,
~Paul
\body.txt x 10 0
The email that was sent matched the body text above 100%
Why would i need to block on the domain name also??
Not saying i don't need to just trying to see why.
--
Best regards,
~Paul~mailto:[EMAIL PROTECTED]
---
[This E-mail scanned
the space
and it got caught.
Still want to know how to add the domains and is it needed if you
filter on body of message.
--
Best regards,
~Paul~mailto:[EMAIL PROTECTED]
---
[This E-mail scanned for viruses by Declude Virus/McAfee]
---
[This E-mail was scanned
in gobla.cfg and 50 is delete so i think it should work.
Hmmm is there away to test something like this. I can't just forward
the email because it would then come from our domain. correct??
--
Best regards,
~Paul~mailto:[EMAIL PROTECTED]
---
[This E-mail scanned
hate to look at
spamviwer all day.
Hmmm is there away to test something like this. I can't just forward
John the email because it would then come from our domain. correct??
John Ask and ye shall receive.
Please send on to [EMAIL PROTECTED]
Thanks!!
--
Best regards,
~Paul
know EOF, End Of File, right? I see several of these in the logs, but
don't know if it's important, or just messed up e-mail.
Thanks!
Paul
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail
Scott,
Is the ability there for F-prot to give you the NAME of the virus in the
log? instead of Infected with a virus.? We have the Windows version
running.
Does F-Prot keep a log of useage by Declude with infections? I'd like to
get some feel for what is coming in.
Thanks!
Paul
good grief! what a difference F-prot made! Declude's working now! hoo-ray!
It's nice to see no error messages popping up in the logs. LOL! way to go
Scott, and thanks to everyone on this list who put up with me over the last
week. I'm sure I'll have questions, but you people are the best!
Paul
Ok, I've tossed Innoculan in favor of F-prot, about set to start Declude
again, For users of F-prot, or Scott, what's the precautions to take going
this route? Obviously disabling real time protector on install, but anyone
else have any comments?
Paul
---
[This E-mail was scanned for viruses
Is it possible you have your client set to send HTML? This can screw up the
confirmation.
Paul Navarre
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mitch Irvine
Sent: Thursday, October 10, 2002 4:28 PM
To: [EMAIL PROTECTED]
Subject: SPAMCOP:Re
?
Thanks,
~Paul~
---
[This E-mail scanned for viruses by Declude Virus/McAfee]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
has the geatest latest defs and the
other does not.
~Paul~
---
[This E-mail scanned for viruses by Declude Virus/McAfee]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E
So Declude JunkMail can not be set to scan a specific domain's out-bound
email?
[EMAIL PROTECTED]
Using the latest beta of Declude JunkMail, this might be possible. You
could have a per-domain configuration set up for the domain, with a line
CATCHALLMAILS COPYTO [EMAIL PROTECTED].
Sheldon,
Does the windows updater work for you? I should say reliably? I have
found it does don't seem to work at all. I do use the scripts for the
server and that works. F-Prot 3.12a
~Paul~
If you are using the DOS version, there are scripts available to check
and
download automatically. I
Is there a way to add the footer to only outgoing messages?
I though this might be an easy way to put a company disclaimer in every
out going email. Unless someone else has a better way.
~Paul~
---
[This E-mail scanned for viruses by Declude Virus/McAfee]
---
[This E-mail was scanned
Would the notification emails be something like this:
SKIPIFVIRUSNAMEHAS Magistr
SKIPIFVIRUSNAMEHAS Kelz
ONLYSENDIFREMOTESENDER
From: postmaster@%LOCALHOST%
To: postmaster@%SENDERHOST%
Subject: Your mail server sent us a virus
Or
SKIPIFVIRUSNAMEHAS W32/Magistr.b@MM; W32/Klez.h@MM;
Man I hate that. I can't put desktop AV here so Declude is it! They
scream they have to have Hotmail then scream they have a virus. I love
my job! Here come the men in white coats so I must go now!
~Paul~
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf
Thanks For the great product and A++ support!!!
~Paul~
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Thursday, April 25, 2002 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Another virus to skip notify
Would
the Address so I can't really blame him.
Can I?
~Paul~
---
[This E-mail scanned for viruses by Declude Virus/McAfee]
---
[This E-mail was scanned for viruses by Declude
I just ran VirusLog Analyzer this is what I have gotten today. We have
around 300 users that's it. I looked at the last 7 days and each has
been pretty heavy.
Scott you are DMAN! Thanks for a great product
Count= 72 Virus Name= the W32/Klez.h@MM virus !!!
Count= 50
Test of list. Awful quite today?
~Paul~
---
[This E-mail scanned for viruses by Declude Virus/McAfee]
---
[This E-mail was scanned for viruses by Declude
Thanks and yes everything is working fine with Declude for me as usual.
Yet there is usually some activity on this list. Which started I see
with the update to F-Prot ver3.12. I have also updated my server and
about 15 desktops and all seems fine.
Thanks again,
Paul
-Original Message
I believe it comes with Imail. Information on it is on page 256 of the
manual.
Regards,
Paul
Paul W. Lucido
www.GeekWithaBox.com
312-583-0084
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jim Jones, Jr.
Sent: Tuesday, February 19
The PRESCAN line doesn't currently exist in my Global.cfg. I simply add it,
anywhere I like, to the file, correct?
I just upgraded Declude to this new released v1.40. Do I need to add the
following options to my cfg file
PRESCAN OFF Can I use this option. Do I have Declude Pro
You have two negatives in your question, which confuses me a little. I
haven't tried using it with only one switch. I'm guessing it will work,
only deleting non-log files. I recommend giving it a run it and finding
out.
Regards,
Paul
Original Message-
From: [EMAIL PROTECTED]
[mailto
/ARCHIVE
/NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt
VIRUSCODE 3
VIRUSCODE 6
VIRUSCODE 8
REPORT2Infection
Paul Ingram
CI Travel, IT Systems Analyst
888.461.0022 ext.826
mailto:[EMAIL PROTECTED]
---
[This E-mail scanned for viruses by Declude Virus/McAfee]
---
[This E-mail was scanned
I changed the lines as you had in the email and still test virus comes
through. So I take out the line and works fine.
So here is a copy of the config again and the log with both scanners when it
is not catching and a log with the original setup that works
Paul Ingram
CI Travel, IT Systems
No I fixed all that in the working config
Thanks
Paul
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Marcel Sangers
Sent: Thursday, January 31, 2002 4:45 PM
To: [EMAIL PROTECTED]
Subject: MISSING_REVERSE_DNS:Re: [Declude.Virus] Re well i still can't
Thanks!!! Just got it and stop 5 more within 10 min.
Paul Ingram
CI Travel, IT Systems Analyst
888.461.0022 ext.826
mailto:[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Michael Abbott
Sent: Monday, January 28, 2002 12:34 PM
Thanks Scott! The windows version would not work but the DOS version works
like a champ.
Paul Ingram
CI Travel, IT Systems Analyst
888.461.0022 ext.826
mailto:[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent
and outstanding product. Thanks!!
Paul Ingram
CI Travel, IT Systems Analyst
888.461.0022 ext.826
mailto:[EMAIL PROTECTED]
---
[This E-mail scanned for viruses by Declude Virus/McAfee]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from
Ummwhat happens to the email does it get deleted or is it sitting in
file somewhere? I am assumeing it is in the \Imail\spool\virus(just looked
it is)
If this is the case then could still some how if need get the email
delivered?
Paul
-Original Message-
From: [EMAIL PROTECTED
I wish that all of the software we use (as a web site hosting company) was
support like Declude.
I would have a lot more hair - and a lot more days off :)
[EMAIL PROTECTED]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the
You are right about F-Prot!!:) I just download and tried it again it it is
now catching it. But as of 45min ago the defs on frisk.is where not
cathching at least it didn't work here but all is rosey now:)
Thanks, Paul
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Paul Ingram
Sent: Tuesday, December 04, 2001 02:54 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] New W32/Goner-A virus
Is not the extra.dat only for the bootdisk for emergency recovery or did I
look
Does anyone use
F-prot for workstations?
For $2 a system I
thought it might be worth looking into.
Also if I go to
F-Prot on my servers should I use the on demand scanner or just the command line
part?
Paul Ingram
IT Systems Analyst
CI Travel
1.888.461.0022 Ext:826
[EMAIL PROTECTED]
83 matches
Mail list logo