RE: [Declude.Virus] Spool Dir
I personally do not like installing anything on my Imail servers. That said I use a sinple dos batch file to delete everything that is X days old. I run it as a scheduled task daily. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Wednesday, October 13, 2004 1:15 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Spool Dir I was wondering what everyone does with the Imail\spool\virus directory. Do you delete all the files regularly? I've got 7000 files in there since I installed Declude (2 weeks ago). --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Spool Dir
Do you happen to have the batch? I've been writing some xcopy lines, but have had problems finding a simple date-specific delete statement. Thanks Douglas Cohn wrote: I personally do not like installing anything on my Imail servers. That said I use a sinple dos batch file to delete everything that is X days old. I run it as a scheduled task daily. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Wednesday, October 13, 2004 1:15 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Spool Dir I was wondering what everyone does with the Imail\spool\virus directory. Do you delete all the files regularly? I've got 7000 files in there since I installed Declude (2 weeks ago). --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Couldn't find console/Error starting deccon.exe
Since switching to version 1.80 and subsequently 1.81, I get the following messages in my virMMDD.log file: That's due to the \IMail\Declude\hijack.cfg file -- it looks like a bug in the install program caused the Declude Hijack config file to be installed whether or not you run Declude Hijack. You can just delete that file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Couldn't find console/Error starting deccon.exe
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Thursday, October 14, 2004 2:48 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Couldn't find console/Error starting deccon.exe Since switching to version 1.80 and subsequently 1.81, I get the following messages in my virMMDD.log file: That's due to the \IMail\Declude\hijack.cfg file -- it looks like a bug in the install program caused the Declude Hijack config file to be installed whether or not you run Declude Hijack. You can just delete that file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Couldn't find console/Error starting deccon.exe
Deleting the hijack.cfg did the trick. Thanks for helping me de-clutter my logs. -Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Thursday, October 14, 2004 2:48 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Couldn't find console/Error starting deccon.exe Since switching to version 1.80 and subsequently 1.81, I get the following messages in my virMMDD.log file: That's due to the \IMail\Declude\hijack.cfg file -- it looks like a bug in the install program caused the Declude Hijack config file to be installed whether or not you run Declude Hijack. You can just delete that file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Spool Dir
FORFILES -pc:\foldername -s -m*.* -d-7 -cCMD /C del @FILE -p = path -s = include subdirs -m = match filetype -d = age in days (can also be set as an absolute date ie DDMM) note that - or + can be used here -c = command to execute -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Thursday, October 14, 2004 1:39 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Spool Dir Do you happen to have the batch? I've been writing some xcopy lines, but have had problems finding a simple date-specific delete statement. Thanks Douglas Cohn wrote: I personally do not like installing anything on my Imail servers. That said I use a sinple dos batch file to delete everything that is X days old. I run it as a scheduled task daily. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Wednesday, October 13, 2004 1:15 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Spool Dir I was wondering what everyone does with the Imail\spool\virus directory. Do you delete all the files regularly? I've got 7000 files in there since I installed Declude (2 weeks ago). --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] FW: F-Prot/Declude Problem
Here is my virus.cfg Kyle Declude Virus configuration file # # This file was distributed with v1.81. # # The in the LOGFILE option automatically gets replaced with the month/date LOGFILE D:\Imail\spool\vir.log LOGLEVEL HIGH # # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. # SCANFILE C:\FSI\F-Prot\fpcmd.exe /SLIENT /DUMB /NOBEEP /NOMEM /NOBOOT /Archive=5 /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORT Infection: # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'spool\virus' (\IMail\spool\virus). VIRDIR D:\Imail\spool\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. MAXATONCE 0 # # The following options allow you to limit scanning to only incoming or outgoing # E-mail. # INCOMING ON OUTGOING ON # # The ONACCESS option should be set to OFF unless you have an on-access virus scanner # that will be deleting attachments with viruses. It is recommended NOT to have an # on-access scanner interfering, and to leave this at OFF. # ONACCESS OFF # # The SCANNERTIMEOUT option lets you choose the number of seconds that Declude will # wait for the virus scanner to finish. The minimum value is 10 seconds. Most # scanners will not need to take that long. This option is mainly to prevent # defective scanners (that never finish) from interfering with your outgoing E-mail. # Raising this will NOT help if your virus scanner always times out. # SCANNERTIMEOUT 60 # # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG SKIPEXT PNG # # The BANEXT option will let you ban file extensions. E-mails containing attachments # with these file extensions will be quarantined, and if you have a BANnotify.EML file, # it will be sent out. This works in the Standard and Pro versions. # BANEXT scr BANEXT pif BANEXT vbs BANEXT exe BANEXT hta BANEXT com # # The BANEXT EZIP line blocks all encrypted .ZIP and .RAR files, which is necessary # to be fully protected against viruses (since it is impossible to detect a well- # constructed virus within an encrypted .ZIP or .RAR file). # BANEXT EZIP # # Declude Virus Pro can pre-scan HTML files. If no dangerous code is detected, the # virus scanner will not get called. This can significantly cut down on CPU usage. # PRESCAN ON # # Declude Virus can block treat files using CLSID extensions as viruses. This type of # extension will force a certain type of program to be run, while making the file appear # to be a .TXT or other safe file. There is no known legitimate reason to send this # type of file through E-mail. BANPARTIAL ON bans the Partial Vulnerability. # BANCLSID ON BANPARTIAL ON # # The FOOTER lines will add a footer to the bottom of E-mails that are scanned. This may # not be visible if you send HTML or attachments with the E-mail. # FOOTER --- FOOTER [This E-mail scanned for viruses by Declude/F-Prot Virus] # # The DELETEVIRUSES option, when set to ON, will delete viruses, rather than quarantine # them. E-mails that are blocked but not virus is detected (such as banned file extensions # and vulnerabilities) will not be deleted, regardless of this setting, as they have the # potential of being legitimate E-mails. # # It is recommended to leave this at OFF, just to be safe, but many people set this to ON. # DELETEVIRUSES ON # # The DELIVERERRORS option, when set to ON, will treat errors from the virus scanner as if no # virus was found. When set to ON, this could cause viruses to get through in rare situations, # but will also prevent legitimate mail from being quarantined due to an error in the scanner. # It is recommend to leave this at ON. # DELIVERERRORS ON # # The BANCRVIRUSES option will automatically treat E-mail with malformed headers that could # contain a virus as if they did contain a virus. It is strongly recommended that you keep # this set to ON; otherwise, viruses could slip through. # BANCRVIRUSES ON # # The FORGINGVIRUS option is used to list viruses that forge the return address, so Declude # can replace the name of the sender with [Forged]. # FORGINGVIRUS Vulnerablility FORGINGVIRUS Yaha FORGINGVIRUS Braid FORGINGVIRUS Bridex FORGINGVIRUS Bugbear FORGINGVIRUS Dumar FORGINGVIRUS Fizzer FORGINGVIRUS Ganda FORGINGVIRUS Holar FORGINGVIRUS Hybris FORGINGVIRUS Lentin FORGINGVIRUS Magistr FORGINGVIRUS Mimail FORGINGVIRUS Mydoom FORGINGVIRUS Netsky
[Declude.Virus] F-Prot/Declude Problem
I have just moved everything to a new server and installed F-Prot 3.15b and Declude Virus Pro 1.81 for the first time. I keep getting an error in the log files saying you should not have an on access scanner running and it will not put anything in the report.txt file I only installed the On Demand Scanner and the Updater for F-Prot. I did go into F-Prot and Disabled/Deleted all of the windows default scan or on demand options. This is the only virus scanner I have on the server. When I look at the processes the only F-Prot process running is fpavupdm.exe. I have uninstalled and reinstalled 3 times. I did have Symantec from Imail installed on the old server, but I am pretty sure I deleted all the entries in the registry for that when I imported the old registry into the new server. I also put the eicar.com in the in every drive and in any Imail directory to see if it would delete it and 12 hours later it is still there and no pop windows have shown up. I am about to give up. I have emailed F-Prot, Declude, Imail and I still havent found anything to fix this. Every time I reinstalled I deleted any leftover registry keys and the last time I even installed it into a different directory. If you have any ideas please let me know. Thanks Kyle 2003 Std. Server Imail 8.13 Declude Junkmail Pro 1.81 Declude Virus Pro 1.81 F-Prot 3.15b 0/14/2004 21:48:49 Q3a91021100becab0 Scanned: Virus Free [MIME: 1 2067] 10/14/2004 21:48:51 Q3a92021200becab5 1 [1 of 2 not deleted] files were deleted. You should not use an on-access virus scanner that scans the IMail directory or sub-directories. 10/14/2004 21:48:51 Q3a92021200becab5 Scanned: Virus Free [MIME: 1 4041] 10/14/2004 21:48:52 Q3a85011700d2ca8e Outlook 'CR' vulnerability [Subject: F] in line 3 10/14/2004 21:48:52 Q3a85011700d2ca8e Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 1 527] 10/14/2004 21:48:52 Q3a85011700d2ca8e From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 84.129.53.154] 10/14/2004 21:48:52 Q3a85011700d2ca8e Subject: Fwd: high quality pills 10/14/2004 21:48:52 Q3a92073500f4cab4 1 [1 of 2 not deleted] files were deleted. You should not use an on-access virus scanner that scans the IMail directory or sub-directories. 10/14/2004 21:48:52 Q3a92073500f4cab4 Scanned: Virus Free [MIME: 1 330] 10/14/2004 21:48:53 Q3a9001cd0034caac MIME file: [text/html][quoted-printable; Length=12309 Checksum=929937] 10/14/2004 21:48:53 Q3a9001cd0034caac Scanned: Virus Free [Prescan OK][MIME: 1 12339] 10/14/2004 21:48:53 Q3a820440013cca8d Scanned: Virus Free [MIME: 1 10634] 10/14/2004 21:48:55 Q3a94015f00cacaba MIME file: [text/html][7Bit; Length=1008 Checksum=89919] 10/14/2004 21:48:55 Q3a94015f00cacaba Scanned: Virus Free [Prescan OK][MIME: 2 2490] 10/14/2004 21:48:58 Q3a97011800d2cabf MIME file: [text/html][8bit; Length=8450 Checksum=633815] 10/14/2004 21:48:58 Q3a97011800d2cabf Scanned: Virus Free [Prescan OK][MIME: 2 10568] 10/14/2004 21:49:00 Q3a8d029f00cccaa3 Scanned: Virus Free [Prescan OK][MIME: 1 161]
