RE: [Declude.Virus] ClamAV
In case this is helpful for someone else that isn't so great at rolling their own Clams from the source code: First, I installed ClamAID using the default options. (SmarterMail / Declude install for me) http://www.armresearch.com/tools/arm/clamAID.jsp This installs Clam 0.92, wraps it up as a service, wraps up FreshClam as a service and gets everything pointed and configured for Declude to use. It includes pthreadVC2.dll , but I don't know if it uses it once we replace the files here in a bit, because. .when FreshClam goes to update the DB, it mangles the DB dies, because version 0.92 isn't supported anymore. Immediately after installing ClamAID I stopped the ClamAVSvc and FreshClam services and I commented out the lines it added in virus.cfg so I could get it all running properly again. I downloaded the clamav-win32-0.96.7z from http://oss.netfarm.it/clamav/ and extracted the files to a folder. I grabbed all the .exe and .dll files and replaced the old ones in \Program Files\Clam AV. I edited \conf\clamd.conf and commented out the deprecated MailFollowURLs on line 226. I deleted the files in \data\ and crated a \db\. I set the log levels in clamd.conf and freshclam.conf to high so I could see things chugging along until I was comfortable. I hard set the database to \db\ in the conf files, and set verbose logging. I cranked up the services, and watched FreshClam download new profiles to \db\. Once the db was downloaded, I tested Clam from the command prompt as described on the armresearch page, and everything looked like it was working fine. I uncommented the lines in Declude, restarted Declude, and watched it all start humming. Now I am just keeping an eye on things, and waiting for Clam to catch a virus. -- Michael Cummins --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ClamAV
There really is no need for ClamAid, because the recent builds (including oss.netfarm.it) already are able to install themselves as services, and the additional ClamAid DLLs will obsolete once you install the official version. So unless you need help adding the 3 lines to the Virus.cfg, ClamAid probably makes things unnecessary complicated... From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael Cummins Sent: Thursday, April 29, 2010 2:50 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV In case this is helpful for someone else that isn't so great at rolling their own Clams from the source code: First, I installed ClamAID using the default options. (SmarterMail / Declude install for me) http://www.armresearch.com/tools/arm/clamAID.jsp This installs Clam 0.92, wraps it up as a service, wraps up FreshClam as a service and gets everything pointed and configured for Declude to use. It includes pthreadVC2.dll , but I don't know if it uses it once we replace the files here in a bit, because. .when FreshClam goes to update the DB, it mangles the DB dies, because version 0.92 isn't supported anymore. Immediately after installing ClamAID I stopped the ClamAVSvc and FreshClam services and I commented out the lines it added in virus.cfg so I could get it all running properly again. I downloaded the clamav-win32-0.96.7z from http://oss.netfarm.it/clamav/ and extracted the files to a folder. I grabbed all the .exe and .dll files and replaced the old ones in \Program Files\Clam AV. I edited \conf\clamd.conf and commented out the deprecated MailFollowURLs on line 226. I deleted the files in \data\ and crated a \db\. I set the log levels in clamd.conf and freshclam.conf to high so I could see things chugging along until I was comfortable. I hard set the database to \db\ in the conf files, and set verbose logging. I cranked up the services, and watched FreshClam download new profiles to \db\. Once the db was downloaded, I tested Clam from the command prompt as described on the armresearch page, and everything looked like it was working fine. I uncommented the lines in Declude, restarted Declude, and watched it all start humming. Now I am just keeping an eye on things, and waiting for Clam to catch a virus. -- Michael Cummins --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ClamAV
The official download from Clam wouldn't install on my Windows 2003 box. It said it only supports Windows 7, Vista, told me to go pound sand, yada yada. The stuff at oss.netfarm.it didn't come with very much in the way of instructions, but the ClamAID stuff did and it was also familiar with Declude so it gave me a warm and fuzzy feeling. It also didn't look like clamav-win32-0.96.7z was going to set up FreshClam as a service, or at least didn't mention it, and I hate installing random product just to see what it does. Not dissing anything, just explaining why I chose it. You're completely right. I'm completely clam-n00b. I've never worked with ClamAV, don't know its parts and pieces from a racoon skin hat, and was grateful to have a nice page of instructions (thanks, ARM!), especially on how to test it before configuring Declude.Also, the ClamAID example used the .conf file in their Declude config, while the Declude example didn't. I thought that was handy, too. It at least gave me a place I could kludge from, and now I know a lot more about how the product works. Just splaining where my head was and leaving a trail here in the archives in case it helps someone else. :) - Michael Cummins From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, April 29, 2010 3:14 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV There really is no need for ClamAid, because the recent builds (including oss.netfarm.it) already are able to install themselves as services, and the additional ClamAid DLLs will obsolete once you install the official version. So unless you need help adding the 3 lines to the Virus.cfg, ClamAid probably makes things unnecessary complicated... From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael Cummins Sent: Thursday, April 29, 2010 2:50 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV In case this is helpful for someone else that isn't so great at rolling their own Clams from the source code: First, I installed ClamAID using the default options. (SmarterMail / Declude install for me) http://www.armresearch.com/tools/arm/clamAID.jsp This installs Clam 0.92, wraps it up as a service, wraps up FreshClam as a service and gets everything pointed and configured for Declude to use. It includes pthreadVC2.dll , but I don't know if it uses it once we replace the files here in a bit, because. .when FreshClam goes to update the DB, it mangles the DB dies, because version 0.92 isn't supported anymore. Immediately after installing ClamAID I stopped the ClamAVSvc and FreshClam services and I commented out the lines it added in virus.cfg so I could get it all running properly again. I downloaded the clamav-win32-0.96.7z from http://oss.netfarm.it/clamav/ and extracted the files to a folder. I grabbed all the .exe and .dll files and replaced the old ones in \Program Files\Clam AV. I edited \conf\clamd.conf and commented out the deprecated MailFollowURLs on line 226. I deleted the files in \data\ and crated a \db\. I set the log levels in clamd.conf and freshclam.conf to high so I could see things chugging along until I was comfortable. I hard set the database to \db\ in the conf files, and set verbose logging. I cranked up the services, and watched FreshClam download new profiles to \db\. Once the db was downloaded, I tested Clam from the command prompt as described on the armresearch page, and everything looked like it was working fine. I uncommented the lines in Declude, restarted Declude, and watched it all start humming. Now I am just keeping an eye on things, and waiting for Clam to catch a virus. -- Michael Cummins --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ClamAV
Thanks Michael for the effort to 'splain! I appreciated it. Make sure you are using the sanesecurity sigs as well as the MSRBL's -Nick MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm From: Michael Cummins mich...@i-magery.com Sent: Thursday, April 29, 2010 3:02 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV In case this is helpful for someone else that isn't so great at rolling their own Clams from the source code: First, I installed ClamAID using the default options. (SmarterMail / Declude install for me) http://www.armresearch.com/tools/arm/clamAID.jsp This installs Clam 0.92, wraps it up as a service, wraps up FreshClam as a service and gets everything pointed and configured for Declude to use. It includes pthreadVC2.dll , but I don't know if it uses it once we replace the files here in a bit, because. .when FreshClam goes to update the DB, it mangles the DB dies, because version 0.92 isn't supported anymore. Immediately after installing ClamAID I stopped the ClamAVSvc and FreshClam services and I commented out the lines it added in virus.cfg so I could get it all running properly again. I downloaded the clamav-win32-0.96.7z from http://oss.netfarm.it/clamav/ and extracted the files to a folder. I grabbed all the .exe and .dll files and replaced the old ones in \Program Files\Clam AV. I edited \conf\clamd.conf and commented out the deprecated MailFollowURLs on line 226. I deleted the files in \data\ and crated a \db\. I set the log levels in clamd.conf and freshclam.conf to high so I could see things chugging along until I was comfortable. I hard set the database to \db\ in the conf files, and set verbose logging. I cranked up the services, and watched FreshClam download new profiles to \db\. Once the db was downloaded, I tested Clam from the command prompt as described on the armresearch page, and everything looked like it was working fine. I uncommented the lines in Declude, restarted Declude, and watched it all start humming. Now I am just keeping an eye on things, and waiting for Clam to catch a virus. -- Michael Cummins --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] ClamAV
Michael, I created a step-by-step guide a little over a year ago for the proper installation. It's pretty simple to do. I can't say however if the steps have changed in the latest release, and obviously the version that I linked to is old now and should be updated. So here are my abridged directions for a standard install. 1) You need 7zip installed (http://www.7-zip.org/), and to open files in 7zip, you open the file manager and double click the 7z or ZIP files. 2) Download the Current Stable code from http://oss.netfarm.it/clamav/ For Windows 32bit, it would be clamav-win32-0.94.2.7z 3) Create a directory structure with C:\ClamAV and also create a sub-directory of C:\ClamAV\DB Put the files from the above 7z file into C:\ClamAV 4) Run C:\ClamAV\clamav.reg to put some directory entries into the registry. These are by default pointing to the directory structure that I am using. 5) From a command prompt run C:\ClamAV\freshclam.exe --datadir=C:\ClamAV\DB --daemon-notify This will download the latest definitions and let the service know to reload them if new ones are found. You want to schedule a task to run this every 15 minutes (there is virtually no load if no updates are available). There is no need to install freshclam as a service. 6) From a command prompt run C:\ClamAV\clamd --install This will install the ClamWin Free Antivirus Scanner Service You then want to edit the service properties to start automatically, and set your recovery options to restart the service. 7) Download the ClamAV GUI Wrapper from http://oss.netfarm.it/clamav/ You only need one file from this zip, ClamAV-GUI.exe, and yo uwant to place that in C:\ClamAV This is a simple GUI for scanning files and directories and can be useful. You can create a short-cut for it if you want. 8) Configure Declude for ClamAV with the following (it is probably best to have this as the first scanner since it is the fastest): SCANFILE1 C:\ClamAV\ClamDScan.exe --quiet --no-summary -l report.txt VIRUSCODE1 1 REPORT1. 9) Check your virus logs for Virus scanner 1 reports in order to verify that it is running. Note, if you want to use a non-default location, you will need to change the location in the following three things (don't quote me on this) 1) clamav.reg 2) clamd.conf 3) The freshclam.exe --datadir argument Matt On 4/29/2010 4:14 PM, Michael Cummins wrote: The official download from Clam wouldn't install on my Windows 2003 box. It said it only supports Windows 7, Vista, told me to go pound sand, yada yada. The stuff at oss.netfarm.it didn't come with very much in the way of instructions, but the ClamAID stuff did and it was also familiar with Declude so it gave me a warm and fuzzy feeling. It also didn't look like clamav-win32-0.96.7z was going to set up FreshClam as a service, or at least didn't mention it, and I hate installing random product just to see what it does. Not dissing anything, just explaining why I chose it. You're completely right. I'm completely clam-n00b. I've never worked with ClamAV, don't know its parts and pieces from a racoon skin hat, and was grateful to have a nice page of instructions (thanks, ARM!), especially on how to test it before configuring Declude.Also, the ClamAID example used the .conf file in their Declude config, while the Declude example didn't. I thought that was handy, too. It at least gave me a place I could kludge from, and now I know a lot more about how the product works. Just splaining where my head was and leaving a trail here in the archives in case it helps someone else. :) - Michael Cummins *From:* supp...@declude.com [mailto:supp...@declude.com] *On Behalf Of *Andy Schmidt *Sent:* Thursday, April 29, 2010 3:14 PM *To:* declude.virus@declude.com *Subject:* RE: [Declude.Virus] ClamAV There really is no need for ClamAid, because the recent builds (including oss.netfarm.it) already are able to install themselves as services, and the additional ClamAid DLLs will obsolete once you install the official version. So unless you need help adding the 3 lines to the Virus.cfg, ClamAid probably makes things unnecessary complicated... *From:* supp...@declude.com [mailto:supp...@declude.com] *On Behalf Of *Michael Cummins *Sent:* Thursday, April 29, 2010 2:50 PM *To:* declude.virus@declude.com *Subject:* RE: [Declude.Virus] ClamAV In case this is helpful for someone else that isn't so great at rolling their own Clams from the source code: First, I installed ClamAID using the default options. (SmarterMail / Declude install for me) http://www.armresearch.com/tools/arm/clamAID.jsp This installs Clam 0.92, wraps it up as a service, wraps up FreshClam as a service and gets everything pointed and configured for Declude to use. It includes pthreadVC2.dll , but I don't
RE: [Declude.Virus] ClamAV
Nothing really changed with the current version - other than making sure that you have the proper version of the VC runtime installed. It absolutely HAS to match - so it's worth mentioning as an installation step. From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Matt Sent: Thursday, April 29, 2010 6:05 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] ClamAV Michael, I created a step-by-step guide a little over a year ago for the proper installation. It's pretty simple to do. I can't say however if the steps have changed in the latest release, and obviously the version that I linked to is old now and should be updated. So here are my abridged directions for a standard install. 1) You need 7zip installed (http://www.7-zip.org/), and to open files in 7zip, you open the file manager and double click the 7z or ZIP files. 2) Download the Current Stable code from http://oss.netfarm.it/clamav/ For Windows 32bit, it would be clamav-win32-0.94.2.7z 3) Create a directory structure with C:\ClamAV and also create a sub-directory of C:\ClamAV\DB Put the files from the above 7z file into C:\ClamAV 4) Run C:\ClamAV\clamav.reg to put some directory entries into the registry. These are by default pointing to the directory structure that I am using. 5) From a command prompt run C:\ClamAV\freshclam.exe --datadir=C:\ClamAV\DB --daemon-notify This will download the latest definitions and let the service know to reload them if new ones are found. You want to schedule a task to run this every 15 minutes (there is virtually no load if no updates are available). There is no need to install freshclam as a service. 6) From a command prompt run C:\ClamAV\clamd --install This will install the ClamWin Free Antivirus Scanner Service You then want to edit the service properties to start automatically, and set your recovery options to restart the service. 7) Download the ClamAV GUI Wrapper from http://oss.netfarm.it/clamav/ You only need one file from this zip, ClamAV-GUI.exe, and yo uwant to place that in C:\ClamAV This is a simple GUI for scanning files and directories and can be useful. You can create a short-cut for it if you want. 8) Configure Declude for ClamAV with the following (it is probably best to have this as the first scanner since it is the fastest): SCANFILE1 C:\ClamAV\ClamDScan.exe --quiet --no-summary -l report.txt VIRUSCODE1 1 REPORT1. 9) Check your virus logs for Virus scanner 1 reports in order to verify that it is running. Note, if you want to use a non-default location, you will need to change the location in the following three things (don't quote me on this) 1) clamav.reg 2) clamd.conf 3) The freshclam.exe --datadir argument Matt On 4/29/2010 4:14 PM, Michael Cummins wrote: The official download from Clam wouldn't install on my Windows 2003 box. It said it only supports Windows 7, Vista, told me to go pound sand, yada yada. The stuff at oss.netfarm.it didn't come with very much in the way of instructions, but the ClamAID stuff did and it was also familiar with Declude so it gave me a warm and fuzzy feeling. It also didn't look like clamav-win32-0.96.7z was going to set up FreshClam as a service, or at least didn't mention it, and I hate installing random product just to see what it does. Not dissing anything, just explaining why I chose it. You're completely right. I'm completely clam-n00b. I've never worked with ClamAV, don't know its parts and pieces from a racoon skin hat, and was grateful to have a nice page of instructions (thanks, ARM!), especially on how to test it before configuring Declude.Also, the ClamAID example used the .conf file in their Declude config, while the Declude example didn't. I thought that was handy, too. It at least gave me a place I could kludge from, and now I know a lot more about how the product works. Just splaining where my head was and leaving a trail here in the archives in case it helps someone else. :) - Michael Cummins From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, April 29, 2010 3:14 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV There really is no need for ClamAid, because the recent builds (including oss.netfarm.it) already are able to install themselves as services, and the additional ClamAid DLLs will obsolete once you install the official version. So unless you need help adding the 3 lines to the Virus.cfg, ClamAid probably makes things unnecessary complicated... From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael Cummins Sent: Thursday, April 29, 2010 2:50 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV In case this is helpful for someone else that isn't so great at rolling their own Clams from the source code: First, I installed ClamAID using the default options. (SmarterMail / Declude install for me)
RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection!
Declude Users - take note! CommTouch/Zerohous does a good job, but does not catch all known viruses (some days I have 5 or 6 DIFFERENT viruses/trojans sneaking by, some to multiple users each!), it's absolutely imperative that AVG works if you don't have additional scanners set up. Unfortunately, AVG had stopped working (no one has said for how many weeks or possible months it has not worked). I have confirmed that AVG is now working again after I upgraded from 4.10.42-A to 4.10.48. So - I recommend all Declude users get on top of this quickly! (PS: This is the second time AVG has gone AWOL inside of Declude for extended periods of times - and it's never discovered until I finally insist. Naturally, I have zero confidence in the built-in scanner. It's unreliable and there is no notification whenever it stops working.) From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, April 28, 2010 12:56 PM To: declude.junkm...@declude.com; declude.virus@declude.com; declude.relea...@declude.com Subject: [Declude.Virus] New Release Declude 4.10.48 The following release contains the following changes since 4.7.35 to the current 4.10.48: RELEASE 4.10.48 4.10.48 Fix closing files when PCRE dll encounters an error. 4.10.47 Fix memory leak in AVG SDK Release Instance 4.10.46 Updated AVG SDK to 1.7.9783; Added avgcorex.dll and avgcert.dll 4.10.45 Optimize code for moving files to the spool directory for IMail 4.10.44 Optimize code for moving files to the spool directory for Smartermail 4.10.43 Fixed variable names in the MoveToError function which were declared globally 4.10.42-A Fix for SNF Authentication to turn off without having to restart Decludeproc 4.10.42 Message Sniffer integrated into Declude 4.10.41 Added variable %AUTH% to show the authenticated sender of the email 4.10.40 XWHITELIST ON in the global.cfg will give the reason for why the email was WHITELISTED in the header of the email 4.9.39 Added a function to send a notify e-mail when hijack is triggered and e-mails are being held in the Hold2 folder To turn the Hijack e-mail notify on add the following directive to the hijack.cfg. HIJNOTIFY ON Add the include HijackNotify.eml into the \Declude directory. The recipient of the email can be modified. 4.8.39 IPBYPASS can be configured with CIDR 4.8.38 Add the Recipient, mailfrom and subject information to the blklst.txt file. The format blklst.txt file is Date|time|spool#|IP|TotalWeight|LastAction|RecpList|mailfrom|subject|testsfa iled Example: Multiple Recipients: 10/14/2009|11:40:06.109|53|24.177.234.76|18|s...@hcss.net,s...@hcss.net,test i...@yahoo,beg...@yahoo.com,donotl...@gmail, |owner-nolist-30960_*bigm**ridgewoodcable*-...@soar.soulfulbliss.com|[59]Gua ranteed*-payment-center|CATCHALLMAILS=0,NOLEGITCONTENT=0,IPNOTINMX=0,SORBS-D UL=5,FIVETENRC=2,ZEN=7,SORBS=7,DYNHELO=5,FROMNOMATCH=2,WEIGHT10=10,WEIGHT14= 14,| One Recipient: 10/14/2009|11:40:06.296|15|218.16.123.185|37|s...@hcss.net,|info_claimsproce ssgabjgfu...@gmx.net|CONTACT AGENT FOR CONFIRMATION|CATCHALLMAILS=0,NOLEGITCONTENT=0,IPNOTINMX=0,FIVETEN-SRC=2,NJAB L=4,BASE64=4,CMDSPACE=8,DYNHELO=5,HELOBOGUS =5,REVDNS=10,SPFFAIL=10,WEIGHT10=10,WEIGHT14=14,WEIGHT20=20,WEIGHT30=30,| 4.8.37 PostiniFix, Add a new directive POSTINIFIX ON/OFF goes in the declude.cfg file Configuration: In
[Declude.Virus] Internal (AVG Scanner) does NOT report file name
Hi, Considering that AVG is integrated INTO Declude, it should interface at LEAST as good as any external scanner. However, the virus bounce message filename variable is NOT set when a virus is caught by AVG. Only the Virus Name variable is populated. But when a virus is caught by the external scanners, then the infected file is reported correctly. This is also evident in the LOG file. Here's the EICAR virus caught by AVG in the .48 build. It only reports the virus name EICAR_Test. 04/29/2010 22:22:20.277 qeae800cc0002.smd AVG Reports VIRUS: EICAR_Test 04/29/2010 22:22:20.277 qeae800cc0002.smd File(s) are INFECTED [EICAR_Test: 7] 04/29/2010 22:22:20.293 qeae800cc0002.smd Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 3 905] If the SAME file is detected by an external scanner (in this case ClamAV) it reports the virus name AND the file name: 04/28/2010 12:49:29.722 q6748c63e0425.smd Virus scanner 1 reports exit code of 1 04/28/2010 12:49:29.722 q6748c63e0425.smd Scanner 1: Virus= Eicar-Test-Signature Attachment=eicar.zip [61] I 04/28/2010 12:49:29.722 q6748c63e0425.smd Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 3 875] The AVG integration should be improved to match the quality of external scanner. Best Regards, Andy --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection!
When I set up Clam earlier today, I was able to run it from the command line and test it against an EICAR file, get a response, etc. I saw it fail against the bad database and succeed when properly configured. I imagine that I could easily schedule that, pipe the results to a text file and schedule a bot to read it regularly and e-mail me if the test fails. That would let me know if FreshClam ever mangled the database. Is there a way we could do the same with Declude and the Internal AVG scanner / database? Is there some way to execute it from a command line, point it at EICAR and get a parse-able result? That could be awfully handy. -- Michael Cummins From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, April 29, 2010 11:13 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Declude Users - take note! CommTouch/Zerohous does a good job, but does not catch all known viruses (some days I have 5 or 6 DIFFERENT viruses/trojans sneaking by, some to multiple users each!), it's absolutely imperative that AVG works if you don't have additional scanners set up. Unfortunately, AVG had stopped working (no one has said for how many weeks or possible months it has not worked). I have confirmed that AVG is now working again after I upgraded from 4.10.42-A to 4.10.48. So - I recommend all Declude users get on top of this quickly! (PS: This is the second time AVG has gone AWOL inside of Declude for extended periods of times - and it's never discovered until I finally insist. Naturally, I have zero confidence in the built-in scanner. It's unreliable and there is no notification whenever it stops working.) From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, April 28, 2010 12:56 PM To: declude.junkm...@declude.com; declude.virus@declude.com; declude.relea...@declude.com Subject: [Declude.Virus] New Release Declude 4.10.48 The following release contains the following changes since 4.7.35 to the current 4.10.48: RELEASE 4.10.48 4.10.48 Fix closing files when PCRE dll encounters an error. 4.10.47 Fix memory leak in AVG SDK Release Instance 4.10.46 Updated AVG SDK to 1.7.9783; Added avgcorex.dll and avgcert.dll 4.10.45 Optimize code for moving files to the spool directory for IMail 4.10.44 Optimize code for moving files to the spool directory for Smartermail 4.10.43 Fixed variable names in the MoveToError function which were declared globally 4.10.42-A Fix for SNF Authentication to turn off without having to restart Decludeproc 4.10.42 Message Sniffer integrated into Declude 4.10.41 Added variable %AUTH% to show the authenticated sender of the email 4.10.40 XWHITELIST ON in the global.cfg will give the reason for why the email was WHITELISTED in the header of the email 4.9.39 Added a function to send a notify e-mail when hijack is triggered and e-mails are being held in the Hold2 folder To turn the Hijack e-mail notify on add the following directive to the hijack.cfg. HIJNOTIFY ON Add the include HijackNotify.eml into the \Declude directory. The recipient of the email can be modified. 4.8.39 IPBYPASS can be configured with CIDR 4.8.38 Add the Recipient, mailfrom and subject information to the blklst.txt file. The format blklst.txt file is Date|time|spool#|IP|TotalWeight|LastAction|RecpList|mailfrom|subject|testsfa iled Example: Multiple