RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection!
Andy is correct, it should be remembered that no AV is 100% accurate. This is why besides AVG and Commtouch which are integrated into Declude users can run up to 5 additional external virus scanners using Declude, and as seen from the lists CalmAV is a good choice for a free scanner. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, April 29, 2010 11:13 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Declude Users - take note! CommTouch/Zerohous does a good job, but does not catch all known viruses (some days I have 5 or 6 DIFFERENT viruses/trojans sneaking by, some to multiple users each!), it's absolutely imperative that AVG works if you don't have additional scanners set up. Unfortunately, AVG had stopped working (no one has said for how many weeks or possible months it has not worked). I have confirmed that AVG is now working again after I upgraded from 4.10.42-A to 4.10.48. So - I recommend all Declude users get on top of this quickly! (PS: This is the second time AVG has gone AWOL inside of Declude for extended periods of times - and it's never discovered until I finally insist. Naturally, I have zero confidence in the built-in scanner. It's unreliable and there is no notification whenever it stops working.) From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, April 28, 2010 12:56 PM To: declude.junkm...@declude.com; declude.virus@declude.com; declude.relea...@declude.com Subject: [Declude.Virus] New Release Declude 4.10.48 The following release contains the following changes since 4.7.35 to the current 4.10.48: RELEASE 4.10.48 4.10.48 Fix closing files when PCRE dll encounters an error. 4.10.47 Fix memory leak in AVG SDK Release Instance 4.10.46 Updated AVG SDK to 1.7.9783; Added avgcorex.dll and avgcert.dll 4.10.45 Optimize code for moving files to the spool directory for IMail 4.10.44 Optimize code for moving files to the spool directory for Smartermail 4.10.43 Fixed variable names in the MoveToError function which were declared globally 4.10.42-A Fix for SNF Authentication to turn off without having to restart Decludeproc 4.10.42 Message Sniffer integrated into Declude 4.10.41 Added variable %AUTH% to show the authenticated sender of the email 4.10.40 XWHITELIST ON in the global.cfg will give the reason for why the email was WHITELISTED in the header of the email 4.9.39 Added a function to send a notify e-mail when hijack is triggered and e-mails are being held in the Hold2 folder To turn the Hijack e-mail notify on add the following directive to the hijack.cfg. HIJNOTIFY ON Add the include HijackNotify.eml into the \Declude directory. The recipient of the email can be modified. 4.8.39 IPBYPASS can be configured with CIDR 4.8.38 Add the Recipient, mailfrom and subject information to the blklst.txt file. The format blklst.txt file is Date|time|spool#|IP|TotalWeight|LastAction|RecpList|mailfrom|subject|testsfa iled Example: Multiple Recipients: 10/14/2009|11:40:06.109|53|24.177.234.76|18|s...@hcss.net,s...@hcss.net,test i...@yahoo,beg...@yahoo.com,donotl...@gmail, |owner-nolist-30960_*bigm**ridgewoodcable*-...@soar.soulfulbliss.com|[59]Gua
RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection!
Uhhh.. I am pretty sure that was not the point he was trying to make. While no AV is 100 percent effective, there is no reason for it not to work for days or weeks. It would appear that when core files with AVG are exploited, AVG obviously pushed out a software update to their software and I assume it needs manually implemented in Declude. Some clarification on this matter would be great. Mike -Original Message- From: David Barker dbar...@declude.com Sent: Friday, April 30, 2010 10:21 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Andy is correct, it should be remembered that no AV is 100% accurate. This is why besides AVG and Commtouch which are integrated into Declude users can run up to 5 additional external virus scanners using Declude, and as seen from the lists CalmAV is a good choice for a free scanner. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, April 29, 2010 11:13 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Declude Users take note! CommTouch/Zerohous does a good job, but does not catch all known viruses (some days I have 5 or 6 DIFFERENT viruses/trojans sneaking by, some to multiple users each!), its absolutely imperative that AVG works if you dont have additional scanners set up. Unfortunately, AVG had stopped working (no one has said for how many weeks or possible months it has not worked). I have confirmed that AVG is now working again after I upgraded from 4.10.42-A to 4.10.48. So I recommend all Declude users get on top of this quickly! (PS: This is the second time AVG has gone AWOL inside of Declude for extended periods of times and its never discovered until I finally insist. Naturally, I have zero confidence in the built-in scanner. Its unreliable and there is no notification whenever it stops working.) From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, April 28, 2010 12:56 PM To: declude.junkm...@declude.com; declude.virus@declude.com; declude.relea...@declude.com Subject: [Declude.Virus] New Release Declude 4.10.48 The following release contains the following changes since 4.7.35 to the current 4.10.48: RELEASE 4.10.48 4.10.48 Fix closing files when PCRE dll encounters an error. 4.10.47 Fix memory leak in AVG SDK Release Instance 4.10.46 Updated AVG SDK to 1.7.9783; Added avgcorex.dll and avgcert.dll 4.10.45 Optimize code for moving files to the spool directory for IMail 4.10.44 Optimize code for moving files to the spool directory for Smartermail 4.10.43 Fixed variable names in the MoveToError function which were declared globally 4.10.42-A Fix for SNF Authentication to turn off without having to restart Decludeproc 4.10.42 Message Sniffer integrated into Declude 4.10.41 Added variable %AUTH% to show the authenticated sender of the email 4.10.40 XWHITELIST ON in the global.cfg will give the reason for why the email was WHITELISTED in the header of the email 4.9.39 Added a function to send a notify e-mail when hijack is triggered and e-mails are being held in the Hold2 folder To turn the Hijack e-mail notify on add the following directive to the hijack.cfg. HIJNOTIFY ON Add the include HijackNotify.eml into the \Declude directory. The recipient of the email can be modified. 4.8.39 IPBYPASS can be configured with CIDR
RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection!
Mike, I understand what the point of Andy's email is. I was commenting on CommTouch/Zerohour does a good job, but does not catch all known viruses Yes AVG made a change to their database structure - Declude 4.10.46+ makes use of their new data structure, this is integrated into the new release. In order for Declude to work with the latest AVG updates one needs to be running Declude version 4.10.46 or greater. If you have additional virus scanners other than AVG or are running Commtouch then the move to the latest version is not as imperative. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael Biddle (via mobile device) Sent: Friday, April 30, 2010 4:40 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Uhhh.. I am pretty sure that was not the point he was trying to make. While no AV is 100 percent effective, there is no reason for it not to work for days or weeks. It would appear that when core files with AVG are exploited, AVG obviously pushed out a software update to their software and I assume it needs manually implemented in Declude. Some clarification on this matter would be great. Mike _ From: David Barker dbar...@declude.com Sent: Friday, April 30, 2010 10:21 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Andy is correct, it should be remembered that no AV is 100% accurate. This is why besides AVG and Commtouch which are integrated into Declude users can run up to 5 additional external virus scanners using Declude, and as seen from the lists CalmAV is a good choice for a free scanner. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, April 29, 2010 11:13 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Declude Users - take note! CommTouch/Zerohous does a good job, but does not catch all known viruses (some days I have 5 or 6 DIFFERENT viruses/trojans sneaking by, some to multiple users each!), it's absolutely imperative that AVG works if you don't have additional scanners set up. Unfortunately, AVG had stopped working (no one has said for how many weeks or possible months it has not worked). I have confirmed that AVG is now working again after I upgraded from 4.10.42-A to 4.10.48. So - I recommend all Declude users get on top of this quickly! (PS: This is the second time AVG has gone AWOL inside of Declude for extended periods of times - and it's never discovered until I finally insist. Naturally, I have zero confidence in the built-in scanner. It's unreliable and there is no notification whenever it stops working.) From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, April 28, 2010 12:56 PM To: declude.junkm...@declude.com; declude.virus@declude.com; declude.relea...@declude.com Subject: [Declude.Virus] New Release Declude 4.10.48 The following release contains the following changes since 4.7.35 to the current 4.10.48: RELEASE 4.10.48 4.10.48 Fix closing files when PCRE dll encounters an error. 4.10.47 Fix memory leak in AVG SDK Release Instance 4.10.46 Updated AVG SDK to 1.7.9783; Added avgcorex.dll and avgcert.dll 4.10.45 Optimize code for moving files to the spool directory for IMail 4.10.44 Optimize code for moving files to the spool directory for Smartermail 4.10.43 Fixed variable names in the MoveToError function which were declared globally 4.10.42-A Fix for SNF Authentication to turn off without having to restart Decludeproc 4.10.42 Message Sniffer integrated into Declude 4.10.41 Added variable %AUTH%
[Declude.Virus] ClamD and mangled DB's
Hello! I have had freshclam mangle the DB a number of times, and when it does, clamd will freak out until the next successful DB update fixes things, which may be several hours. For this reason, I do not run clamd as a service, but as a process in a window which is started with a script that loops. When clamd resets for a new (mangled) DB, the script will delete and refresh all of the DB's and then restart clamd. A side benefit is that you can also pull up the clamd windows to see its output. Take care! John On 4/29/2010 11:10 PM, Michael Cummins wrote: When I set up Clam earlier today, I was able to run it from the command line and test it against an EICAR file, get a response, etc. I saw it fail against the bad database and succeed when properly configured. I imagine that I could easily schedule that, pipe the results to a text file and schedule a bot to read it regularly and e-mail me if the test fails. That would let me know if FreshClam ever mangled the database. Is there a way we could do the same with Declude and the Internal AVG scanner / database? Is there some way to execute it from a command line, point it at EICAR and get a parse-able result? That could be awfully handy. -- Michael Cummins From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, April 29, 2010 11:13 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Declude Users - take note! CommTouch/Zerohous does a good job, but does not catch all known viruses (some days I have 5 or 6 DIFFERENT viruses/trojans sneaking by, some to multiple users each!), it's absolutely imperative that AVG works if you don't have additional scanners set up. Unfortunately, AVG had stopped working (no one has said for how many weeks or possible months it has not worked). I have confirmed that AVG is now working again after I upgraded from 4.10.42-A to 4.10.48. So - I recommend all Declude users get on top of this quickly! (PS: This is the second time AVG has gone AWOL inside of Declude for extended periods of times - and it's never discovered until I finally insist. Naturally, I have zero confidence in the built-in scanner. It's unreliable and there is no notification whenever it stops working.) From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, April 28, 2010 12:56 PM To: declude.junkm...@declude.com; declude.virus@declude.com; declude.relea...@declude.com Subject: [Declude.Virus] New Release Declude 4.10.48 The following release contains the following changes since 4.7.35 to the current 4.10.48: RELEASE 4.10.48 4.10.48 Fix closing files when PCRE dll encounters an error. 4.10.47 Fix memory leak in AVG SDK Release Instance 4.10.46 Updated AVG SDK to 1.7.9783; Added avgcorex.dll and avgcert.dll 4.10.45 Optimize code for moving files to the spool directory for IMail 4.10.44 Optimize code for moving files to the spool directory for Smartermail 4.10.43 Fixed variable names in the MoveToError function which were declared globally 4.10.42-A Fix for SNF Authentication to turn off without having to restart Decludeproc 4.10.42 Message Sniffer integrated into Declude 4.10.41 Added variable %AUTH% to show the authenticated sender of the email 4.10.40 XWHITELIST ON in the global.cfg will give the reason for why the email was WHITELISTED in the header of the email 4.9.39 Added a function to send a notify e-mail when hijack is triggered and e-mails are being held in the Hold2 folder To turn the Hijack e-mail notify on add the following directive to the hijack.cfg. HIJNOTIFY ON Add the include HijackNotify.eml into the \Declude directory.
RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection!
Hi Dave, I guess the key question is - WHEN did AVG make the change. They released Version AVG 9 last October. Is THAT when AVG made the database structure change which disabled the internal Virus Scanner in Declude until 4.10.46 was made available as an interim? If so - I must have missed the big announcement that 4.10.46 was critical to install (since there is no way of knowing how many Declude customers are using secondary scanner and thus are not fully exposed.). Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Friday, April 30, 2010 4:52 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Mike, I understand what the point of Andy's email is. I was commenting on CommTouch/Zerohour does a good job, but does not catch all known viruses Yes AVG made a change to their database structure - Declude 4.10.46+ makes use of their new data structure, this is integrated into the new release. In order for Declude to work with the latest AVG updates one needs to be running Declude version 4.10.46 or greater. If you have additional virus scanners other than AVG or are running Commtouch then the move to the latest version is not as imperative. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael Biddle (via mobile device) Sent: Friday, April 30, 2010 4:40 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Uhhh.. I am pretty sure that was not the point he was trying to make. While no AV is 100 percent effective, there is no reason for it not to work for days or weeks. It would appear that when core files with AVG are exploited, AVG obviously pushed out a software update to their software and I assume it needs manually implemented in Declude. Some clarification on this matter would be great. Mike _ From: David Barker dbar...@declude.com Sent: Friday, April 30, 2010 10:21 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Andy is correct, it should be remembered that no AV is 100% accurate. This is why besides AVG and Commtouch which are integrated into Declude users can run up to 5 additional external virus scanners using Declude, and as seen from the lists CalmAV is a good choice for a free scanner. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, April 29, 2010 11:13 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Declude Users - take note! CommTouch/Zerohous does a good job, but does not catch all known viruses (some days I have 5 or 6 DIFFERENT viruses/trojans sneaking by, some to multiple users each!), it's absolutely imperative that AVG works if you don't have additional scanners set up. Unfortunately, AVG had stopped working (no one has said for how many weeks or possible months it has not worked). I have confirmed that AVG is now working again after I upgraded from 4.10.42-A to 4.10.48. So - I recommend all Declude users get on top of this quickly! (PS: This is the second time AVG has gone AWOL inside of Declude for extended periods of times - and it's never discovered until I finally insist. Naturally, I have zero confidence in the built-in scanner. It's unreliable and there is no notification whenever it stops working.) From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, April 28, 2010 12:56 PM To: declude.junkm...@declude.com; declude.virus@declude.com; declude.relea...@declude.com Subject: [Declude.Virus] New Release Declude 4.10.48 The following release contains the following changes since 4.7.35 to the current 4.10.48: RELEASE 4.10.48 4.10.48 Fix closing files when PCRE dll encounters an error. 4.10.47 Fix memory leak in AVG SDK Release Instance 4.10.46 Updated AVG SDK to 1.7.9783; Added avgcorex.dll and avgcert.dll 4.10.45 Optimize code for moving files to the spool directory for IMail 4.10.44
