Re: [Declude.Virus] Heads up on F-Prot configuration
I noticed while testing the command line output that the switches recommended in the manual doesn't include /NOBOOT and as a result, F-Prot will scan your boot sectors every time it is run. This would waste clock cycles. I also included the /PACK option which is said to unpack compressed executables. I'm no expert on this stuff, but I believe the 32-bit F-Prot instructions should be changed to the following: Actually, the original configuration that we suggested for fpcmd.exe was identical to F-Prot.exe, except without the /NOFLOPPY option (which would break fpcmd.exe), so we kept the /NOBOOT in there. But, someone later pointed out that fpcmd.exe doesn't support the /NOBOOT switch. I'm not sure whether they just left it out of the list of switches, or if it is left undocumented. But that's why we removed it. I'll have to check to see if they have changed this since we last checked. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Heads up on F-Prot configuration
I checked and it scanned the boot records without it, and didn't scan the boot records with it. I think it is undocumented. Matt R. Scott Perry wrote: I noticed while testing the command line output that the switches recommended in the manual doesn't include /NOBOOT and as a result, F-Prot will scan your boot sectors every time it is run. This would waste clock cycles. I also included the /PACK option which is said to unpack compressed executables. I'm no expert on this stuff, but I believe the 32-bit F-Prot instructions should be changed to the following: Actually, the original configuration that we suggested for fpcmd.exe was identical to F-Prot.exe, except without the /NOFLOPPY option (which would break fpcmd.exe), so we kept the /NOBOOT in there. But, someone later pointed out that fpcmd.exe doesn't support the /NOBOOT switch. I'm not sure whether they just left it out of the list of switches, or if it is left undocumented. But that's why we removed it. I'll have to check to see if they have changed this since we last checked. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] NOLEGITCONTENT
Can you tell us what things the test checks for? That might help us fine tune our configurations based on the traffic we see. No -- we don't want spammers knowing what we check for. Spammers have actually purchased copies of Declude JunkMail, so it would not be unreasonable to think that they may monitor this list. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] NOLEGITCONTENT
Understood...thanks, anyway. Darin. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, January 25, 2004 10:43 AM Subject: Re: [Declude.Virus] NOLEGITCONTENT Can you tell us what things the test checks for? That might help us fine tune our configurations based on the traffic we see. No -- we don't want spammers knowing what we check for. Spammers have actually purchased copies of Declude JunkMail, so it would not be unreasonable to think that they may monitor this list. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Heads up on F-Prot configuration
Here's what I have used for over a year and recommended to the list at that time: # F-Prot SCANFILE1 C:\Progra~1\FSI\F-Prot\fpcmd.exe -AI -ARCHIVE -DUMB -NOBOOT -NOBREAK -NOMEM -PACKED -SILENT -TYPE -REPORT=report.txt VIRUSCODE1 3 VIRUSCODE1 6 VIRUSCODE1 8 REPORT1 Infection: I include the VIRUSCODE 8 for holding suspicious files, and -AI to enable neural-network virus detection. I'm not sure why Scott did not add at least the -PACKED switch back then, figured maybe he though I was just being overly cautious. Also, I use hyphen - instead of forward slash / because that's what is shown for the switches when doing fpcmd /? from the command prompt. Probably doesn't matter since both apparently work. Bill - Original Message - From: Matt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, January 25, 2004 6:06 AM Subject: Re: [Declude.Virus] Heads up on F-Prot configuration I checked and it scanned the boot records without it, and didn't scan the boot records with it. I think it is undocumented. Matt R. Scott Perry wrote: I noticed while testing the command line output that the switches recommended in the manual doesn't include /NOBOOT and as a result, F-Prot will scan your boot sectors every time it is run. This would waste clock cycles. I also included the /PACK option which is said to unpack compressed executables. I'm no expert on this stuff, but I believe the 32-bit F-Prot instructions should be changed to the following: Actually, the original configuration that we suggested for fpcmd.exe was identical to F-Prot.exe, except without the /NOFLOPPY option (which would break fpcmd.exe), so we kept the /NOBOOT in there. But, someone later pointed out that fpcmd.exe doesn't support the /NOBOOT switch. I'm not sure whether they just left it out of the list of switches, or if it is left undocumented. But that's why we removed it. I'll have to check to see if they have changed this since we last checked. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Heads up on F-Prot configuration
I include the VIRUSCODE 8 for holding suspicious files, and -AI to enable neural-network virus detection. I'm not sure why Scott did not add at least the -PACKED switch back then, figured maybe he though I was just being overly cautious. The -PACKED switch is used for .exe files that are compressed (unlike .ZIP files, which compress many various file types into one file). If a virus comes in a compressed .exe, F-Prot should be able to detect it without the -PACKED switch. So the -PACKED switch should only apply if -AI or VIRUSCODE 8 is used (which are designed to detect dangerous files that the virus definitions do not detect). Also, I use hyphen - instead of forward slash / because that's what is shown for the switches when doing fpcmd /? from the command prompt. Probably doesn't matter since both apparently work. Both work, and F-Prot uses both (I believe / in most documentation, and - in the list of switches). I believe someone determine that one was used internally and the other translated to the internal one, which could give one a very slight performance improvement over the other, but it is unlikely to make a noticeable difference either way. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Heads up on F-Prot configuration
The Help shows the commands beginning with dashes. FPCMD.EXE recognizes the dashes as commands, however it fails to remove them from the argument list and ends up scanning for the arguments as additional file specifications. Try it both ways and note the output - it says it searches for -packed, for example. Also a test shows that the /NOBOOT command is applicable to FPCMD.exe and saves scanning the boot records. Mike Nice - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, January 25, 2004 1:35 PM Subject: Re: [Declude.Virus] Heads up on F-Prot configuration Also, I use hyphen - instead of forward slash / because that's what is shown for the switches when doing fpcmd /? from the command prompt. Probably doesn't matter since both apparently work. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Heads up on F-Prot configuration
Mike, I did some very basic testing using the - and / on different size files ranging from under 1mb to 50mb, and what I found was that the tests either ran at the same speed or the tests with the / ran a bit slower (out of ten tests I ran, 4 ran slower with the /). Here is one example: == With - == C:\Program Files\FSI\F-Protfpcmd.exe -AI -ARCHIVE -DUMB -NOBOOT -NOBREAK -NOMEM -PACKE D -SILENT -TYPE -REPORT=report.txt f:\SolarWinds-NetPerfMon-V6-AX100-Eval.zip C:\Program Files\FSI\F-Protcat report.txt Virus scanning report - 25 January 2004 @ 14:22 F-PROT ANTIVIRUS Program version: 3.14b Engine version: 3.14.7 VIRUS SIGNATURE FILES SIGN.DEF created 23 January 2004 SIGN2.DEF created 24 January 2004 MACRO.DEF created 19 January 2004 Search: -AI -ARCHIVE -DUMB -NOBOOT -NOBREAK -NOMEM -PACKED -SILENT -TYPE -RE PORT=report.txt f:\SolarWinds-NetPerfMon-V6-AX100-Eval.zip Action: Report only Files: Attempt to identify files Switches: /ARCHIVE /PACKED /REPORT=report.txt /NOBREAK /SILENT /NOBOOT /NOMEM /AI Memory was not scanned. Hard disk boot sectors were not scanned. Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 2 Time: 0:14 No viruses or suspicious files/boot sectors were found. == With / == C:\Program Files\FSI\F-Protfpcmd.exe /AI /ARCHIVE /DUMB /NOBOOT /NOBREAK /NOMEM /PACKED /SILENT /TYPE /REPORT=report.txt f:\SolarWinds-NetPerfMon-V6-AX100-Eval.zip C:\Program Files\FSI\F-Protcat report.txt Virus scanning report - 25 January 2004 @ 14:22 F-PROT ANTIVIRUS Program version: 3.14b Engine version: 3.14.7 VIRUS SIGNATURE FILES SIGN.DEF created 23 January 2004 SIGN2.DEF created 24 January 2004 MACRO.DEF created 19 January 2004 Search: f:\SolarWinds-NetPerfMon-V6-AX100-Eval.zip Action: Report only Files: Attempt to identify files Switches: /ARCHIVE /PACKED /REPORT=report.txt /NOBREAK /SILENT /NOBOOT /NOMEM /AI Memory was not scanned. Hard disk boot sectors were not scanned. Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 2 Time: 0:17 No viruses or suspicious files/boot sectors were found. = Note the time difference. I would be curious to know what your results are like. Bill - Original Message - From: Mike Nice [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, January 25, 2004 12:54 PM Subject: Re: [Declude.Virus] Heads up on F-Prot configuration The Help shows the commands beginning with dashes. FPCMD.EXE recognizes the dashes as commands, however it fails to remove them from the argument list and ends up scanning for the arguments as additional file specifications. Try it both ways and note the output - it says it searches for -packed, for example. Also a test shows that the /NOBOOT command is applicable to FPCMD.exe and saves scanning the boot records. Mike Nice - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, January 25, 2004 1:35 PM Subject: Re: [Declude.Virus] Heads up on F-Prot configuration Also, I use hyphen - instead of forward slash / because that's what is shown for the switches when doing fpcmd /? from the command prompt. Probably doesn't matter since both apparently work. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Heads up on F-Prot configuration
I think those results may be anecdotal. A program wouldn't execute more slowly to the extent that you could detect it based on using either a hyphen or slash. These arguments are read once per file, or once per session I would assume, and there's no way that the process of translating one into the other should be noticeable. The only thing that could explain a difference in speed (IMO) would be if some of the arguments were not functional with either a hyphen or slash. I think we're talking about nanoseconds here otherwise. Matt Bill Landry wrote: Mike, I did some very basic testing using the "-" and "/" on different size files ranging from under 1mb to 50mb, and what I found was that the tests either ran at the same speed or the tests with the "/" ran a bit slower (out of ten tests I ran, 4 ran slower with the "/"). Here is one example: == With "-" == C:\Program Files\FSI\F-Protfpcmd.exe -AI -ARCHIVE -DUMB -NOBOOT -NOBREAK -NOMEM -PACKE D -SILENT -TYPE -REPORT=report.txt f:\SolarWinds-NetPerfMon-V6-AX100-Eval.zip C:\Program Files\FSI\F-Protcat report.txt Virus scanning report - 25 January 2004 @ 14:22 F-PROT ANTIVIRUS Program version: 3.14b Engine version: 3.14.7 VIRUS SIGNATURE FILES SIGN.DEF created 23 January 2004 SIGN2.DEF created 24 January 2004 MACRO.DEF created 19 January 2004 Search: -AI -ARCHIVE -DUMB -NOBOOT -NOBREAK -NOMEM -PACKED -SILENT -TYPE -RE PORT=report.txt f:\SolarWinds-NetPerfMon-V6-AX100-Eval.zip Action: Report only Files: Attempt to identify files Switches: /ARCHIVE /PACKED /REPORT=report.txt /NOBREAK /SILENT /NOBOOT /NOMEM /AI Memory was not scanned. Hard disk boot sectors were not scanned. Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 2 Time: 0:14 No viruses or suspicious files/boot sectors were found. == With "/" == C:\Program Files\FSI\F-Protfpcmd.exe /AI /ARCHIVE /DUMB /NOBOOT /NOBREAK /NOMEM /PACKED /SILENT /TYPE /REPORT=report.txt f:\SolarWinds-NetPerfMon-V6-AX100-Eval.zip C:\Program Files\FSI\F-Protcat report.txt Virus scanning report - 25 January 2004 @ 14:22 F-PROT ANTIVIRUS Program version: 3.14b Engine version: 3.14.7 VIRUS SIGNATURE FILES SIGN.DEF created 23 January 2004 SIGN2.DEF created 24 January 2004 MACRO.DEF created 19 January 2004 Search: f:\SolarWinds-NetPerfMon-V6-AX100-Eval.zip Action: Report only Files: Attempt to identify files Switches: /ARCHIVE /PACKED /REPORT=report.txt /NOBREAK /SILENT /NOBOOT /NOMEM /AI Memory was not scanned. Hard disk boot sectors were not scanned. Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 2 Time: 0:17 No viruses or suspicious files/boot sectors were found. = Note the time difference. I would be curious to know what your results are like. Bill - Original Message - From: "Mike Nice" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, January 25, 2004 12:54 PM Subject: Re: [Declude.Virus] Heads up on F-Prot configuration The Help shows the commands beginning with dashes. FPCMD.EXE recognizes the dashes as commands, however it fails to remove them from the argument list and ends up scanning for the arguments as additional file specifications. Try it both ways and note the output - it says it searches for -packed, for example. Also a test shows that the /NOBOOT command is applicable to FPCMD.exe and saves scanning the boot records. Mike Nice - Original Message - From: "Bill Landry" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, January 25, 2004 1:35 PM Subject: Re: [Declude.Virus] Heads up on F-Prot configuration Also, I use hyphen "-" instead of forward slash "/" because that's what is shown for the switches when doing "fpcmd /?" from the command prompt. Probably doesn't matter since both apparently work. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
