Hi,
Supposedly it's in line 22, layer1:
Outlook 'MIME segment in MIME Preamble' vulnerability in line 22 layer 1
[Content-Type: multipart/altern]
Attached is the original SMD file from the /Virus folder.
I'd like to educate the other side as to what's wrong with their email - but
I fail
The new virus scanner command line version now uses compressed virus
signature and clean files etc.
It's intended for the occasional one-time use for a situation where the
command line is the only option and where you wouldn't mind to wait a minute
or two for the uncompressing to be complete.
Hi,
I had an issue overnight that caused many hundreds of messages to be moved
to the /Spool/Virus folder (Q* and D* pairs) and to the /Spool/Proc/Review
folder (Q* files only).
Question - how to I cause these files to be rescanned (as some may be REAL
Trojans).
Where do I move Q/D
Hi,
For the past few days, I'm seeing AVG suddenly reporting a virus SPAM:
Virus Scanner Summary Report (Integrated AVG Scanner)
Total Messages Processed: 19,499
Virus Infected Messages: 232
Percentage Infected: 1.19%
VIRUS
# INFECTED
PERCENTAGE
SPAM
232
Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
mailto:dbar...@declude.com dbar...@declude.com
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 12, 2010 10:39 AM
To: declude.virus
Dave - you are right! This appears to a matter of poor labeling by AVG -
and has nothing to do with Declude.
I have since looked through a large sample of held emails and they either
are well crafted short Notices about a supposed change in SMTP, POP
settings - which even lists the person's
Hi Don,
Here's what I have in C:\Imail\
11/06/2008 12:49 PM61,440 AvApiBit.dll
11/06/2008 12:49 PM61,440 AvApiSym.dll
04/29/2010 04:13 PM 834,328 avgcerta.dll
04/29/2010 04:13 PM 623,384 avgcertx.dll
04/29/2010 04:13 PM 4,250,392
Hi Dave (just in case this was overlooked in all the activity last week):
Considering that AVG is integrated INTO Declude, it should interface at
LEAST as good as any external scanner.
However, the virus bounce message filename variable is NOT set when a
virus is caught by AVG. Only the
...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Thursday, April 29, 2010 11:13 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to
Reenable Virus Protection!
Declude Users - take note!
CommTouch/Zerohous does
There really is no need for ClamAid, because the recent builds (including
oss.netfarm.it) already are able to install themselves as services, and the
additional ClamAid DLLs will obsolete once you install the official
version.
So unless you need help adding the 3 lines to the Virus.cfg,
the product works.
Just splaining where my head was and leaving a trail here in the archives in
case it helps someone else. :)
- Michael Cummins
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Thursday, April 29, 2010 3:14 PM
To: declude.virus
Declude Users - take note!
CommTouch/Zerohous does a good job, but does not catch all known viruses
(some days I have 5 or 6 DIFFERENT viruses/trojans sneaking by, some to
multiple users each!), it's absolutely imperative that AVG works if you
don't have additional scanners set up.
Hi,
Considering that AVG is integrated INTO Declude, it should interface at
LEAST as good as any external scanner.
However, the virus bounce message filename variable is NOT set when a
virus is caught by AVG. Only the Virus Name variable is populated.
But when a virus is caught by the
Hi,
I've been watching this now for a few months. The internal scanner NEVER
ever catches a virus - while my two other scanner catch them daily.
However, since CommTouch doesn't allow the Eicar file to pass, there is no
way to easily test the internal scanner. I think this is something
...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, April 28, 2010 8:16 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] Testing Internal Scanner
Hi,
I've been watching this now for a few months. The internal scanner NEVER
ever catches a virus - while my two
Generally, ClamD catches most viruses that AVG misses (during those times
when it actually runs), and McAfee catches the occasional virus that ClamD
misses. ClamD downloads updates automatically (using the FreshClam).
I found the http://oss.netfarm.it/clamav build very useful. I don't recall
/clamdscan combo are very
light and fast.
Take care!
John
On 4/28/2010 1:13 PM, Andy Schmidt wrote:
Generally, ClamD catches most viruses that AVG misses (during those times
when it actually runs), and McAfee catches the occasional virus that ClamD
misses. ClamD downloads updates automatically
Native Windows Support: ClamAV will now build natively under Visual Studio.
This will allow 3rd Party application developers on Windows to easily
integrate LibClamAV into their applications.
http://www.clamav.net/lang/en/2010/04/02/announcing-clamav-0-96/
Also:
ClamAV for Windows Released
when the can be deleted and get
back to you.
David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
mailto:dbar...@declude.com dbar...@declude.com
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
out the decludeproc.exe and testing to see if the
issue is resolved.
David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
dbar...@declude.com
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Pete
McNeil
Sent: Friday, March 19, 2010 1:22 PM
To: declude.virus@declude.com
Subject: Re: [Declude.Virus] How to disable CommTouch Zerohour (for testing)
On 3/19/2010 11:26 AM, Andy Schmidt wrote:
Thanks - downloaded
Thanks
If the rulebase does not properly authenticate in the SNF engine then the
reload is rejected.
Once the guard time expires the update script will be run again (by default
after 3 minutes).
Which also means, if the corrupt rulebase persists and the server or
services happen to be
these temp files.
David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
mailto:dbar...@declude.com dbar...@declude.com
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Friday, March 19
systeembeheerder
tio
hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
mailto:b.blok...@tio.nl b.blok...@tio.nl / http://www.tio.nl/
www.tio.nl
- Original Message -
From: Andy Schmidt mailto:andy_schm...@hm-software.com
Hi,
I want to test the virus scanners using EICAR. However, CommTouch gets in
the way and blocks it.
How do I temporarily disable CommTouch in Declude Virus, so that the EICAR
file is handled by the interna/external scanners?
Best Regards,
Andy
---
This E-mail came from the
Hi,
That folder has over 1,000 files, some several MB large, CTM*.tmp,
CTENG*.tmp and CTENG*.dat.
How old do these files have to be, before I can safely delete them?
Best Regards,
Andy
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to
it for you for testing. Let us
know when you want to do it.
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Thursday, March 18, 2010 11:29 AM
To: Declude.virus@declude.com
Subject: [Declude.Virus] How to disable CommTouch Zerohour (for testing)
Hi,
I
Declude 4.6.35 Diagnostics
Compilation Platform: IMail
Copyright (c) 2000-2009 Declude, Inc.
Host Name
MAYWOOD-IS-0012.WEBHOST.HM-SOFTWARE.COM
Daisy Chain smtp32.exe
DNS Server 127.0.0.1
Product Details
JunkMail
Hi,
I noticed that ZeroHour stopped catching any viruses after 6/28 - and, after
investigating, I now realize it no longer traps any Spam. There were NO
changes to any .CFG (or other Declude files). I'm enclosing the most recent
Diags.txt (from 6/18, where CommTouch was ON) and then one from
Hi,
I noticed that ZeroHour stopped catching any viruses after 6/28 - and, after
investigating, I now realize it no longer traps any Spam. There were NO
changes to any .CFG (or other Declude files). I'm enclosing the most recent
Diags.txt (from 6/18, where CommTouch was ON) and then one from
Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
mailto:dbar...@declude.com dbar...@declude.com
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Sunday, June 07, 2009 6:07 PM
To: declude.junkm...@declude.com
Hi David:
The best is http://oss.netfarm.it/clamav - because it's the same one ClamWin
is using and it's kept up-to-date. I don't recall any installation
difficulty. It did have a successful installer and is able to install itself
as a service.
There is a .REG file that sets up a registry entry
Hi David:
Thanks. The Global.cfg configures the Declude.Junkmail - but you said it was
implemented as Declude.Virus. So any configuration would go into the
Virus.cfg file. It seems to me as if it's implemented in some fashion in
both ends.
In the Declude EVA the ZEROHOUR is part of the
. Secondly you are correct about the developer who
integrated Commtouch. This was before I took over the managment of Declude
and it is suffice to say he is no longer with Declude either.
David
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Monday, June 08
Infected Messages: 0
Percentage Infected: 0.00%
VIRUS
# INFECTED
PERCENTAGE
No Records Matched Your Criteria
Best Regards,
Andy
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 13, 2009 11:45 AM
Regards,
Andy Schmidt
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Thursday, June 04, 2009 10:03 AM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Declude Virus inoperable for 13% of th year?
Sorry no marketing department to give you
Hi,
Dave - so now that we have a working Declude Virus again, what can be done
to prevent this from recurring.
a) Apparently Declude Virus has no error tracking in place at all -
otherwise it would have REPORTED to us (or your own Declude to your own mail
server) that the AVG API was
of requirement ?
David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
mailto:dbar...@declude.com dbar...@declude.com
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, June 03, 2009 9
...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, June 03, 2009 9:08 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] Declude Virus inoperable for 13% of th year?
Importance: High
Sensitivity: Personal
Hi,
Dave - so now that we have a working
That's the point of the discussion. Declude added a hard-coded end-time but
didn't add a handling mechanism that deals with the event when (not IF) the
end-time was absolutely going to occur on the predescribed date.
Consequently there were/are only indirect ways to find out:
-
I think taking a software company to task on their lack of control DOES
benefit all users technically!
I didn't introduce pricing and staffing into this discussion - YOU did! Now
you take me to task for responding to your pricing/staffing issues that YOU
raised?
Let's not forget you are
options ..? Suggestions ?
David
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, June 03, 2009 12:42 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Declude Virus inoperable for 13% of th year?
Let's turn this around
: $395
So you have a whole lot more for less money, and yes you are complaining.
David
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, June 03, 2009 1:12 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Declude Virus
Hi Andrew:
scanner being the main line of defense is dead . . . it's just that most
people don't know it yet
Well - today there were 80 or so infected emails that would have gone
through. While AV scanning may not be the main line, it certainly is still
a crucial element. Just ONE email
Hi,
For a while, AVG was doing an adequate job - but recently it again has been
missing virtually all infected emails that ClamAV and the trusted McAfee are
identifying.
I inspected several of the held files - and each one clearly was a life
virus (e.g., inside a ZIP attachment etc.)
Of Andy
Schmidt
Sent: Wednesday, May 13, 2009 11:45 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] Internal Scanner missing most viruses
Sensitivity: Personal
Hi,
For a while, AVG was doing an adequate job - but recently it again has been
missing virtually all infected emails
Hi Alex,
I can't imagine that any email tool that is able to send an attachment would
go inside your PDF file and certainly wouldn't delete anything (such as
the embedded font) out of the single attachment. I rather would expect that
there is a difference in the environment on the server and
-ZBOT TROJAN !!!
31
0.14%
GENERIC PWS.Y TROJAN !!!
4
0.02%
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail
Thank you - that is helpful for our understanding.
Would it be practical to take the human element out of the loop and just
have a scheduled script use WGET or similar batch application check for an
updated file on their HTTP server every hour? If the returncode indicates a
new file, download it
Hi,
The general experience has been (as reported by several individuals in two
different lists over the past 3 months), that the Declude AVG updates are
frequently 48 hours behind - which means they are only effective for old
viruses. I even posted the stats for several days where it showed that
Of David
Dodell
Sent: Saturday, December 27, 2008 2:15 PM
To: declude.virus@declude.com
Subject: Re: [Declude.Virus] Force AVG update
On Dec 27, 2008, at 9:59 AM, Andy Schmidt wrote:
Hi,
The general experience has been (as reported by several individuals
in two
different lists over the past 3
Of John T
Sent: Thursday, March 06, 2008 10:54 AM
To: declude.virus@declude.com
Subject: Re: [Declude.Virus] Invalid Zip Vulnerability
No name, just the extenesion?
John T
eServices For You
-Original Message-
From: Andy Schmidt [EMAIL PROTECTED]
Sent 3/3/2008 9:30:59 AM
To: [EMAIL
Hi,
I checked your KB - and it doesn't document that vulnerability:
http://support.declude.com/Customer/KBArticle.aspx?articleid=25
http://support.declude.com/Customer/KBArticle.aspx?articleid=25KBSearchID=
11699 KBSearchID=11699
I checked your manual - and it doesn't document that
Hi,
Test1 (attached SMD file) is a message with a subject but without a body.
It is held by Declude Virus with the Non Standard Header vulnerability.
However, the SAME message Test2 WITH a body is let through (see bottom of
this posting).
The header appears the same - so if the header truly was
Darrell,
I think they are using SOME Imail mailer to send the Virus, Bounce and
Postmaster notifications.
However, I DO believe there is some confusion between the .EXE that is the
mailer vs. the old .EXE that is a mailbox CLIENT software. (There used to be
an Imail client where you could
Darrell,
I think they are using SOME Imail mailer to send the Virus, Bounce and
Postmaster notifications.
However, I DO believe there is some confusion between the .EXE that is the
mailer vs. the old .EXE that is a mailbox CLIENT software. (There used to be
an Imail client where you could
that it is the IMail1.exe executable that Declude uses
and not the IMail.exe executable that is being discontinued.
Regardless, if Declude stopped using IMail1.exe, it could generate bounces
with a null sender, and that's long overdue.
Matt
Andy Schmidt wrote:
Darrell,
I think they are using SOME Imail
Dave,
Lots of confusion here:
a) the subject refers to 4.3.46 - which shows up on my customer screen as
the latest RELEASE
b) however, that's less than the interim 4.3.57 that is shown on my
customer screen?
c) the body of your email refers to 4.3.64 - which would make more sense.
Except, THAT
Dave,
Lots of confusion here:
a) the subject refers to 4.3.46 - which shows up on my customer screen as
the latest RELEASE
b) however, that's less than the interim 4.3.57 that is shown on my
customer screen?
c) the body of your email refers to 4.3.64 - which would make more sense.
Except, THAT
Hi,
Actually, the Partial/Fragmented Vulnerability is one that ideally should
be left in place. I'm not certain that this test can be circumvented
individually - at least it's not on this list:
http://www.declude.com/Version/Manuals/EVA/EVA_4.0.8.asp.
Before HTML messages and picture
Of Andy
Schmidt
Sent: Thursday, October 04, 2007 6:53 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Hi,
I put in 4.3.62 in this afternoon (was running a different interim from a
few months ago). Since then I had numerous
Hi Dave,
Well, I dropped in 4.3.62 in the afternoon and throughout the afternoon was
getting reports from people using VARIOUS email systems (not limited to
Yahoo's mail service), that just happened to be the one that I had at my
finger tips.
I can also say that it happened to people
I did not have this problem with .57. So we can rule out .46.
Sorry, jumped right from .57 to .62 - so can't say if it was introduced with
.59 already.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David
Barker
Sent: Friday, October 05, 2007 10:49 AM
To:
Of David
Barker
Sent: Friday, October 05, 2007 11:27 AM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] 4.3.62 countless false positives for
vulnerabilties
Ok so if you revert to .57 the issue goes away correct.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy
Schmidt
Sent: Thursday, October 04, 2007 9:53 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Hi,
I put in 4.3.62 in this afternoon (was running a different
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] 4.3.62 countless false positives for
vulnerabilties
Ok so if you revert to .57 the issue goes away correct.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy
Schmidt
Sent: Friday, October 05, 2007 11:18 AM
Other emails from this same Thunderbird 2.0.0.6 user, using the same smtp
relays, were also blocked.
File: [No attachment]
Result: Found[Outlook 'Blank Folding' Vulnerability]
-Original Message Headers-
Received: from smtp.webhost.hm-software.com [63.107.174.32] by
hm-software.com
Your Email!
To: Michael Page [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=0-1745477977-1191536601=:15605
Message-ID: [EMAIL PROTECTED]
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
This E
That's my experience too. I update McAfee hourly - which helps with new
outbreaks. It's the last scanner in sequence and always manages to catch
viruses that the internal didn't. (Of course, I don't know if there are
virus that the internal caught that McAfee might have missed.)
From: [EMAIL
So - shall we all call that emergency number and ask that he turn off his
vacation notice, or shall we just fake the return address an unsubscribe him
since the Declude staff is not taking action?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
Hi,
My sender.eml has the line:
SKIPIFFORGING
And my virus.CFG has:
AUTOFORGE ON
FORGINGVIRUS Anonymous Driver
FORGINGVIRUS Antiman
FORGINGVIRUSAvril
FORGINGVIRUSBagle
Yet, declude virus just sent the sender.eml for the following details:
File: Unknown File
Oh?
I've never had the problem with my external McAfee scanner.
Could this be a problem with Declude's internal AVG scanner?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED
Hi,
is this still being
actively maintained?
If so,
W32/Stration.dldr
should be added as
forging. Based on bounces that I'm seeing (from inbound-only mailboxes on our
domain)it is forging the sender.
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
There is a parameter in the Virus.cfg to disable the internal scanner. I
don't have it in front of me, but it was in the comments just below the
external virus sample.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From
EXTERNAL McAfee Scanner?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
,
such as Scanner nnn not defined - this and all subsequent scanneres are
skipped.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David
Barker
Sent: Wednesday
Do you have a second/external scanner defined.
May be the internal scanner (AVG) deletes an attachment and then Declude
complains that its gone when it tries to launch the secondary?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original
Example attached (sorry, German/English in this case).
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
Sent: Thursday, February 23, 2006 02:12 PM
Hi,
I kill most of the incoming mail (with help of Sniffer).
I've never seen a complaint by an innocent users, but occasionally educate a
corporate end user or manager about the incompetence of his/her I/S
department.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1
Clear enough for me.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry Simpson
Sent: Sunday, February 12, 2006 03:26 PM
To: Declude.Virus@declude.com
Subject
Has anyone figured out yet WHAT exactly Declude 4.0
IS?
I'm looking around on the web site (figured, it's been days
since I receive the notice that it's available), but I still haven't seen
anything on the web site that tells me what my extra money would be buying - or,
what it is I'd be
Hi Kevin,
I understand what you're saying- you believe Declude
4.0 is really just a"Declude 3.x Suite" vs. the Declude 3.x "legacy
products".New customers can only purchase the Suite, while old customers
will continue to upgrade their individual products. The code base is the
same.
In
Hi David:
Thanks for acknowledging the hardware
problem.
However, I don't think anyone here really would be too
upset about hardware problems on your end - if it didn't uncover what appears to
be a HUGE software problem? It's the DecludeSOFTWARE that
deactivates/downgrades itself, if we
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Subject: AVERT Medium Threat Advisory: W32/[EMAIL PROTECTED]
Advisory
This is a Medium Threat Advisory for W32/[EMAIL PROTECTED]
Justification
W32/[EMAIL PROTECTED] has been deemed Medium due to prevalence.
Read
process doesn't handle that error condition
right - who knows.)
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer
Sent: Friday, September 23, 2005 08
class
of machines is only working with a bandage.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Thursday, September 22, 2005 12:28 PM
give it try to
see if I get lucky.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bill Billman
Sent: Thursday, September 22, 2005 08:44 PM
To: Declude.Virus
Can you wait 7 minutes?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Friday, September 09, 2005 02:09 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Sudden Internet Slowdown
Since when is Maine no longer in
How do you prevent DoS attacks by someone sending a 405 MB
attachment 100 times to a list of 10 cc's over a weekend, when it's likely not
to be read?
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Title: Message
Uh - thanks - got it. Now that I read how you phrased
the question I see how the original poster meant it.
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan
HorneSent:
certain vulerabilities, just
because they only occur very rarely.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: Nick FitzGerald [mailto:[EMAIL PROTECTED]
Sent: Sunday, May 29, 2005 9:31 AM
To: Bugtraq@securityfocus.com
Title: Message
Hi
Goran:
The
"cc:" information is part of the (spoofable) SMTP header - the "bcc:" is not
ANYWHERE.
The
only entitythat knows about the "bcc"s is the sending mail sever, it will
simply distribute the message to anyone in the bcc and cc header. To each BCC or
CC
Title: Message
Yep, that same happened with their hardware raid-1 on an ML
530 (a pretty up-scale server). Had one bad drive (apparently) and the
controller managed to wipe out the complete string. The other controller
channel was unaffected.
I'm pretty certain, I've see this happen twice
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, May 02, 2005 04:36 PM
Subject: AVERT Medium Threat Advisory for Home Users Only: W32/[EMAIL PROTECTED]
Advisory
This is a Medium Threat Advisory for W32/[EMAIL PROTECTED] for Home Users Only.
Justification
W32/[EMAIL PROTECTED] has
Deleting E-mail with virus!
04/15/2005 16:43:42 Q275DA0790152A6BF Scanned: CONTAINS A VIRUS [MIME: 2
19430]
04/15/2005 16:43:42 Q275DA0790152A6BF From: [Forged] To: [EMAIL PROTECTED]
[incoming from 207.30.155.52]
04/15/2005 16:43:42 Q275DA0790152A6BF Subject:
Best Regards
Andy Schmidt
Phone: +1
and propagate the
information.
As you say - it's absolutely necessary (and proper) to run your own DNS to
avoid trouble with upstream providers.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto
and with
viruses but not withBanned file extensions.
- Original Message -
From:
Andy Schmidt
To: Declude.Virus@declude.com
Sent: Wednesday, March 16, 2005 11:38
AM
Subject: RE: [Declude.Virus] Spam .com
files being blocked.
Hm
Another variation - came with a foto.rar attachment.
Received: from host46.ipowerweb.com [66.235.216.140] by hm-software.com
(SMTPD32-8.14) id A70B620D0124; Fri, 28 Jan 2005 14:48:27 -0500
Received: from riqotscr (168.113.230.53)
by host46.ipowerweb.com; Fri, 28 Jan 2005 11:48:22 -0800
PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Andy Schmidt
Sent: Thursday, January 27, 2005 6:27 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] RAR Support - why not?
1.82 will treat encrypted .RAR files the same as encrypted .ZIP
files,
and will block banned file
I may have to start doing that. I used to be able to keep 30 days of logs -
but volume, dictionary attacks and SPAM volume are making it increasingly
difficult.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1
1 - 100 of 177 matches
Mail list logo