Usually, the first things to check are [1] Whether the eicar.com file gets caught from our Test Mail Sender at http://www.declude.com/tools , [2] Checking the diagnostics ("\IMail\Declude -diag") for any problems (such as an invalid activation code), and [3] Checking the log file for any warnings/errors. But, given your information, I can guess #1 and #2, and you may have already checked the logs.This weekend we moved our mail server to a new machine and now we have had Klez slip through our mail system (and many more I assume).The new box is running w2k, Imail 7.13, Declude ver 1.62, and McAfee Netshield on the server (engine version 4.1.6 and the latest dat files). I have duplicated the setup from the original mail server, and can't find any anomolies, but I would appreciate it if you all could point me in the right direction as what I should check....(by the way, declude and scan.exe are spawning when an e-mail goes thru, but the only admin e-mails I get from declude are the 'vulnerability' e-mails that get scanned.)
Have you tried running the scan.exe program from a command prompt, to see if it catches the eicar.com file? Do you have a "VIRUSCODE 13" line in the \IMail\Declude\virus.cfg file? Is the SCANFILE line in the virus.cfg file the same as the one in the manual (a different path to scan.exe is OK)?
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.