> Very likely,
> most users in Italy have more than one mailbox with different
> ISP, so even if we filter messages for viruses it is possible
> they get infected through other mailboxes.
Franco,
Some of our customers have also "old" mailboxes from other ISPs
(something like [EMAIL PROTECTED])
Lists)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, September 27, 2003 7:48 AM
Subject: RE: [Declude.Virus] Is Declude Hijack run before Declude Virus -
Swen virus
Does that mean one of your users is infected with Swen?
John Tolmachoff MCSE CSSA
Engineer/Consul
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
> That is intentional. The Declude diagnostics will create an eicar.com
> file, and try to delete it. If it can't create or delete the file, it
> displays a warning. This is designed for us to help discover when people
>
What I have noticed is that all of the 1.76i* releases have a problem with
creating
Eicar files in the directory that you run declude -diag in, except the IMail
directory. For example, if I run three times at the root "C" prompt:
C:\>m:\imail\declude -diag
I will find the following in the root
- Original Message -
From: "Adolfo Justiniano" <[EMAIL PROTECTED]>
> If you don't have a gateway and don't use ipbypass in Declude JunkMail
> you probably wouldn't have the problem.
I have two Redhat/Postfix gateways sitting in front of my IMail server and
therefore do use IPBYPASS with
>Strange, I have not had any problems with that interim release. What I
have
>noticed is that all of the 1.76i* releases have a problem with creating
>Eicar files in the directory that you run declude -diag in, except the
IMail
>directory. For example, if I run three times at the root "C" prompt:
>You are correct -- there is a new interim release v1.76i4 at the same
URL
>that fixes this.
Thanks Scott, now it's working.
Adolfo Justiniano
Santa Cruz BBS
e-mail: [EMAIL PROTECTED]
http://www.scbbs.net
---
[This E-mail was scanned for viruses by the Santa Cruz BBS anti-virus system]
---
[T
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
> You are correct -- there is a new interim release v1.76i4 at the same URL
> that fixes this.
Strange, I have not had any problems with that interim release. What I have
noticed is that all of the 1.76i* releases have a pr
>We've made a change to the code for interim release v1.76i3 (at
>http://www.declude.com/release/176i/declude.exe ) that should take care of
>this issue.
That interim version is seriously broken, none of the Declude JunkMail
tests are executed, all messages have 0 as weight, no logs are
generated.
Consultant
eServices For You
www.eservicesforyou.com
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.Virus-
> [EMAIL PROTECTED] On Behalf Of Adolfo Justiniano
> Sent: Friday, September 26, 2003 10:07 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.Virus]
- Original Message -
From: "Adolfo Justiniano" <[EMAIL PROTECTED]>
> Scott,
>
> That interim version is seriously broken, none of the Declude JunkMail
> tests are executed, all messages have 0 as weight, no logs are
> generated... I have to go back to 1.76i2.
It's working fine for me (1
September 26, 2003 7:52 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.Virus] Is Declude Hijack run before Declude Virus -
Swen
> virus
>
>
> The same thing is happening here.
> I have the folder HOLD2 full of messages, most of them are actually
infected
> with Swen.A v
>>The same thing is happening here.
>>I have the folder HOLD2 full of messages, most of them are actually
infected
>>with Swen.A virus, few are legitimate (sent after the IP was blocked
by
>>hijack).
>We've made a change to the code for interim release v1.76i3 (at
>http://www.declude.com/release/
> I'm still using the default Hijack hold levels, they seem OK for our
> case. Since I started using it (5 days ago) I've seen 3-5 hold cases,
> usually from users sending chain letters, missioner's pray letters,
> e-mails to group of friends, relatives, etc. I'm whitelisting those that
> have a re
> It shows that I'm running 1.76i1 but still I've found today messages on
> hold with suspicious double extension attachments like .xls.pif. Also
> pif is in my list of banned extensions.
I would do a test.
Put both Virus and Hijack logs into DEBUG mode and then send an attachement
to yourself. J
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Tuesday, September 23, 2003 9:53 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Is Declude Hijack run before Declude Virus
>Is there anyway to invert the order, make Declude Virus to run before
>
Is there anyway to invert the order, make Declude Virus to run before
Hijack? I would like that to happen because of the banned extensions
too.
If you are running the latest version (1.75 or later; you can type
"\Imail\Declude -diag" from a command prompt to see which version you are
running), D
lfo Justiniano
Santa Cruz BBS
e-mail: [EMAIL PROTECTED]
http://www.scbbs.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Tuesday, September 23, 2003 9:14 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Is Declude
t; [EMAIL PROTECTED] On Behalf Of Adolfo Justiniano
> Sent: Tuesday, September 23, 2003 5:51 PM
> To: [EMAIL PROTECTED]
> Subject: [Declude.Virus] Is Declude Hijack run before Declude Virus
>
> I've seen several messages in Hijack's hold directories that seem to be
> infect
I've seen several messages in Hijack's hold directories that seem to be
infected messages, some have attached files with double extensions like
xls.pif.
I'm worried because sometimes I've to move back to the queue some false
positives and as I've seen that once I do it Declude won't see those
mess
20 matches
Mail list logo
