Hmmm, this from someone that sent his signature to the list...
-Original Message-
From: John Tolmachoff [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 07, 2001 6:37 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Declude.Virus] DSN:Signatures
Importance: High
To Andy and all
Wouldn't that skew some of the spam tests, since there would be one extra
hop when the secondary receives the mail and forwards it on to the primary?
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 04, 2002 8:24 AM
To: [EMAIL PROTECTED]
Disable it where? Did you set the McAfee (or Network Associates) services
to manual in Control Panel\Services?
Bill
-Original Message-
From: Craig Gittens [mailto:[EMAIL PROTECTED]]
Sent: Sunday, May 19, 2002 2:37 PM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] OT McAfee RealTime AV
should be OK, but fpcmd is not officially supported, unless they've
changed policy recently.
I chose to stay with f-prot for now because of the ease of updating the .exe
using my existing scripts.
Jerry
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent
I assume you are running F-Prot with Declude Antivirus and IMail? If so,
take a look at the Declude Antivirus manual on the Declude download page.
Bill
-Original Message-
From: Lewis [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 02, 2002 8:57 PM
To: [EMAIL PROTECTED]
Subject: RE:
Why bother if you are adding a weight of 0?
Bill
-Original Message-
From: Patrick Childers [mailto:pchilders;hgbd.com]
Sent: Monday, November 11, 2002 9:33 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] E-card email
I tried your body test and it did NOT catch that email! May
to be virus free.
Bill Landry
Director, Network Operations
Pointshare Division
Now Part of Siemens Medical Solutions Health Services Corporation
DID 425-468-0301
Fax 425-635-0301
[EMAIL PROTECTED]
www.pointshare.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com
Dan, have you taken a look at the Declude web site yet (www.declude.com)?
See additional comments below:
- Original Message -
From: Dan Geiser [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, February 07, 2003 4:21 PM
Subject: [Declude.Virus] A Couple of Declude
Have you tried sending a copy of the virus' that are passing by F-Prot to
FSI for review?
Bill
- Original Message -
From: Robert Grosshandler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 10, 2003 8:56 PM
Subject: RE: [Declude.Virus] Bugbear getting through
One more bit
Depending on how your virus scanner is configured, some will simply reject
archives they cannot scan. That's the default behavior for McAfee's
VirusShield for Exchange.
Bill
- Original Message -
From: Joshua Levitsky [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 24, 2003
Hey Scott, I started to send out this advice, as well. However, it appears
that there is a problem with all of the .eml links. They are showing up
like:
mhtml:http://www.declude.com/Release/170/sender.eml
and even removing the mhtml: at the beginning of the URL does not fix it,
it just
Well imaging that... ;-)
I just figure that since it was a plain text file, that it would also
display in the browser.
Thanks,
Bill
- Original Message -
From: Jonathan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, July 02, 2003 7:00 PM
Subject: Re: [Declude.Virus] Forging
I baffled as to why Declude Virus Pro is suddenly not able to find the
report file. Nothing has changed from earlier this morning till now. The
last F-Prot update was yesterday afternoon and Declude has not been updated
today. Any ideas why Declude might be having this problem?
This one was
.
Bill
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, July 16, 2003 4:47 PM
Subject: Re: [Declude.Virus] Could not find report file
Diagnostics ON (Declude v1.70i20).
Declude JunkMail: Config file found (M:\IMail\Declude\global.CFG
-
From: Joshua Levitsky [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 21, 2003 6:57 PM
Subject: Re: [Declude.Virus] SoBig.E
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 21, 2003 9:27 PM
Subject: Re: [Declude.Virus] SoBig.E
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 21, 2003 7:21 PM
Subject: Re: [Declude.Virus] SoBig.E
Ah yes, thanks for the clarification, I misread John's e-mail. Hmmm, that
is an interesting issue. Might possibly help to enable AI
From: R. Scott Perry [EMAIL PROTECTED]
This is a rare occurrence -- but one that seems completely unacceptable,
especially given how widespread this virus was.
The strange thing is that F-Prot has release three updates since Mimail hit
(including one today) and none have resolved the failure
That's not what I'm seeing. My defs get updated hourly, and the only update
I have seen today was for the macro.def, which did not do anything to help
F-Prot catch Mimail on my system, especially since this virus is not a macro
virus.
Have you actually seen proof that F-Prot caught this virus on
Ditto!
- Original Message -
From: Fritz Squib [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, August 04, 2003 7:52 PM
Subject: RE: [Declude.Virus] [EMAIL PROTECTED] Virus Fprot Definitions??
Yep, I save the attachment from one that got through before. Had f-prot
scan it
Waste of time, we've already been through this many times, it currently will
not get caught by F-Prot.
Bill
- Original Message -
From: Dan Star [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 05, 2003 8:44 AM
Subject: Re: [Declude.Virus] [EMAIL PROTECTED] Virus Fprot
What's the message.zip file size? The only one's I've seen pass are
corrupted, zero-byte files.
Bill
- Original Message -
From: David Dodell [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, August 16, 2003 7:19 AM
Subject: [Declude.Virus] followup, Mimail
BANNAMEfilename.ext
Bill
- Original Message -
From: David Dodell [EMAIL PROTECTED]
To: Bill Landry [EMAIL PROTECTED]
Sent: Saturday, August 16, 2003 8:05 AM
Subject: Re[2]: [Declude.Virus] followup, Mimail getting through
Saturday, August 16, 2003, 7:40:00 AM, Bill Landry wrote
McAfee is catching it fine here. Make sure your virus definitions are at
least at 4.0.4287.
Bill
- Original Message -
From: Bill Newberg [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 19, 2003 10:29 AM
Subject: [Declude.Virus] Sobig.F
F-Prot is catching Sobig.F, but
, August 19, 2003 2:12 PM
Subject: Re: [Declude.Virus] Sobig.F
Can anyone share the McAfee definition files for this? Our's is currently
at 4286 and I can't get in manually or automatically to download the
current
definition files.
Thanks,
Dan
- Original Message -
From: Bill
Thanks for the heads-up, Kris. We have applied filter rules to all of our
Internet routers to block all outbound IP access to the IP addresses listed
below and to block all outbound udp access to port 8998.
Bill
- Original Message -
From: Kris Rickerson [EMAIL PROTECTED]
To: [EMAIL
Ditto here.
Bill
- Original Message -
From: Sheldon Koehler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, September 05, 2003 11:10 AM
Subject: Re: [Declude.Virus] Virus protection between users on same iMail
server?
For our own support reasons, we do not give people the option
Wow, check out this latest virus attempt.
This actually came from comcast, but look at how official lookingthe
message body is. It actually contained an attachment called PACK965.exe, which was
the Win32/[EMAIL PROTECTED]virus. Thankfully RAV is already
catching this at our gateways
Well, apparently the graphics did not follow the
message, but suffice it to say that this one looks very professional and very
official, so I can see lots of people falling for this
one.Bill- Original Message -
From:
Bill
Landry
To: [EMAIL PROTECTED]
Sent: Thursday
Kami, I parsed files from 9/1 through today and did not find any incidence
of this string in any of my virus logs. Did find a few Error: 32 opening
new datafile in my logs from 9/3 through 9/16, but nothing since.
Bill
- Original Message -
From: Kami Razvan [EMAIL PROTECTED]
To: [EMAIL
- Original Message -
From: Adolfo Justiniano [EMAIL PROTECTED]
Scott,
That interim version is seriously broken, none of the Declude JunkMail
tests are executed, all messages have 0 as weight, no logs are
generated... I have to go back to 1.76i2.
It's working fine for me (1.76i3).
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
You are correct -- there is a new interim release v1.76i4 at the same URL
that fixes this.
Strange, I have not had any problems with that interim release. What I have
noticed is that all of the 1.76i* releases have a problem
- Original Message -
From: Adolfo Justiniano [EMAIL PROTECTED]
If you don't have a gateway and don't use ipbypass in Declude JunkMail
you probably wouldn't have the problem.
I have two Redhat/Postfix gateways sitting in front of my IMail server and
therefore do use IPBYPASS with
I think it depends on your virus scanner, but I believe that most virus
scanners will now detect the zip of death.
Bill
- Original Message -
From: Craig Gittens [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 28, 2003 11:52 AM
Subject: [Declude.Virus] Zip vulnerability
Here's what I have used for over a year and recommended to the list at that
time:
# F-Prot
SCANFILE1
C:\Progra~1\FSI\F-Prot\fpcmd.exe -AI -ARCHIVE -DUMB -NOBOOT -NOBREAK -NOMEM
-PACKED -SILENT -TYPE -REPORT=report.txt
VIRUSCODE1 3
VIRUSCODE1 6
VIRUSCODE1 8
REPORT1 Infection:
I include the
for -packed, for example.
Also a test shows that the /NOBOOT command is applicable to FPCMD.exe
and
saves scanning the boot records.
Mike Nice
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, January 25, 2004 1:35 PM
Subject: Re
Pest Patrol is a spyware application that is support by Declude Virus, at
least it is shown in the manual at http://www.declude.com/virus/manual.htm.
Bill
- Original Message -
From: Bridges, Samantha [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, January 26, 2004 7:49 AM
Subject:
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
I was looking at the virus manual site and noticed that the TrendMicro
config entry does not have a report line. Is this because Trend does
not
provide a report output the Declude can track? Just wondering because we
are
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
Scott, I am running Declude v1.77i24 and I am wondering why Declude Virus
is
using the file name from the second virus scanner instead of the first...
This should only happen if the first virus scanner did not report the
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
This is indeed due to an issue with Declude Virus -- it will be fixed in
the next interim release.
Scott, I upgraded to Declude v1.77i26 and that took care of the file name
issue - thanks! However, I am now noticing that
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
This is indeed due to an issue with Declude Virus -- it will be fixed
in
the next interim release.
Scott, I upgraded to Declude v1.77i26 and that took care of the file name
issue - thanks! However, I am now noticing
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
02/01/2004 09:32:06 Q3816855d009e4e46 Scanner 2: Virus=
[ WORM_MYDOOM.A](1) in
M:\IMail\spool\D38168~1.VIR\1.zip,(body.txt
is that appearing all on one line, or on two separate lines in the log
file?
All
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
Would it be possible to E-mail one of the quarantined D*.SMD files to
our
virustrap@ account? We can then analyze it and should be able to get
a
better idea of why this is happening.
I sent sample d*.smd virus files
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
I resent it last night from my yahoo account. Did you receive it at the
virustrap address?
No -- the only E-mail to arrive there was the one from GroupShield for
Exchange.
Please check the virustrap mailbox again,
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
Please check the virustrap mailbox again, hopefully third attempt is a
charm...
It came through -- it looks like the one from last night probably did as
well, but got caught here.
Are you running 3 virus scanners with
Matt, what does your report line look like?
If it's:
REPORT1
Infections:
maybe try instead
REPORT1Identified
without a colon ":". Just curious if that
fixes it, since the report does not contain "Infections:", but does contain
"Identified".
Bill
- Original Message -
From:
Maybe a corrupted declude.exe file? Try downloading the file again from the
Declude web site and see if that fixes the problem.
Bill
- Original Message -
From: jan k wikhaug [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 19, 2004 1:14 PM
Subject: [Declude.Virus]
A new variant of W32/[EMAIL PROTECTED] that we just caught a couple of. RAV nor
F-Prot caught it, but TrendMico, ClamAV (Clam id it as MyDoom.E) McAfee
did.
The attachments were named: object.zip hnmhjn.exe
Subjects were: JPWMDWXACRNSN Fake
Anyway, be on the lookout...
Bill
---
[This
Typically the McAfee command line scanned, scan.exe, has been located in
c:\program files\common files\Network Associates\VirusScan Engine\4.0.xx, or
whatever version number you are running. Here is the McAfee entry from the
Declude Virus manual at http://www.declude.com/virus/manual.htm:
or scan32.exe on the drive.
Gene Head
ACCRAM Inc.
MCP,Net+,A+,CCNA,CCDA
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry
Sent: Tuesday, February 24, 2004 6:36 PM
To: [EMAIL PROTECTED]
Subject: Re
Scott, if Declude Virus encounters an Error 5 with scanner 1, does it not
even attempt to run the message through the second scanner?
Normal virus detected without Error 5:
=
02/25/2004 05:32:05 Qa3d35c70b2d0 Scanner 1: Virus= W32/[EMAIL PROTECTED]
Attachment=part3.zip [14] O
02/25/2004
Wow, F-Prot is johnny-on-spot and catching these with the latest definition
from about an hour ago. However, RAV and TrendMicro are not catching this
one yet..
Bill
- Original Message -
From: Patrick Childers (by way of R. Scott Perry [EMAIL PROTECTED])
[EMAIL PROTECTED]
To: [EMAIL
- Original Message -
From: Serge [EMAIL PROTECTED]
just looked at the directory, and there is only scan32.exe
i may need to reinstall netshield ?
The files, scan32.exe and scan.exe, are not in the same directory. Scan.exe
can be found in:
C:\Program Files\Common Files\Network
That shouldn't make any difference, since virus notifications do not get
sent to IP address, they get sent to the sender's e-mail address or the
[EMAIL PROTECTED]
Bill
- Original Message -
From: Russ Uhte (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, March 01, 2004 6:30
I am trying to understand this, but the reality doesn't work like I think
you are saying it should. If I have the following in my virus.cfg file:
BANEXT EZIP
with or without:
BANZIPEXTS ON
BANEZIPEXTS ON
I catch the encrypted/password protected virus files. However, if I use
just:
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
The new format will ban the same extensions that you are already banning,
but will do so in .ZIP files. The BANZIPEXTS ON option will ban the
files
if they are un-encrypted, the BANEZIPEXTS ON will ban the files if they
Scott, I am see a bunch on the following type entries in my virus logs:
Found potentially dangerous stuff in
M:\IMail\spool\Dc62d3de40042810d.vir\0.!
Found potentially dangerous stuff in
M:\IMail\spool\Dc800179a006ca25f.vir\0.htm!
Found potentially dangerous stuff in
Oops, may to say do NOT get held.
Bill
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 16, 2004 10:42 PM
Subject: [Declude.Virus] Question about virus log entries
Scott, I am see a bunch on the following type entries in my virus logs
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 18, 2004 8:08 AM
Subject: Re: [Declude.Virus] Log error with latest interim release
Scott,
What are your thoughts on the /AI and /PACKED switches? Any particular
reason to use or not
]
To: [EMAIL PROTECTED]
Sent: Thursday, March 18, 2004 9:48 AM
Subject: Re: [Declude.Virus] Log error with latest interim release
Hi Bill,
Yeah, I had seen your configs...just wanted to get Scott's feedback on
the -AI and -PACKED switches.
Darin.
- Original Message -
From: Bill Landry
Very nice! Thanks for sharing this, Bill!
Bill
- Original Message -
From: Bill [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, April 13, 2004 12:33 PM
Subject: RE: [Declude.Virus] Scott, what do you use to generate this report
Hi,
I have a utility to do
Bill, would you consider adding the OK count so that we could also see the
counts and percentages of what was delivered successfully, as well.
Thanks again,
Bill
- Original Message -
From: Bill [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, April 13, 2004
- Original Message -
From: Bill [EMAIL PROTECTED]
The very last line shows the total message count including messages that
did not fail any tests. My program, as it is now, does not look at any
of the declude actions, just the tests failed. I primarily use it is to
determine if any
- Original Message -
From: Jeff Pereira [EMAIL PROTECTED]
Thanks for the reply, but I think you misunderstood
I know the IP of my computer, I don't know the IP of a piece of equipment
that I have, but I do know what the MAC address is.
Ping the broadcast address for the address
- Original Message -
From: Bob McGregor [EMAIL PROTECTED]
what does the /packed parameter on the scanfile line in the config file
do?
Is it a switch that I want on? It's not mentioned in the manual for
declude virus.
Bob, you don't mention which virus scanner you're using, but I'm
- Original Message -
From: Russ Uhte (Lists) [EMAIL PROTECTED]
At 12:17 PM 6/15/2004, Matt wrote:
This domain was recently moved to our DNS and I suspect that someone at
their old DNS hosting provider is infected and using their old unremoved
DNS entries and that is why they are
- Original Message -
From: Brad Morgan [EMAIL PROTECTED]
If you are running Declude Virus Pro, then you could add one or more of
the
free virus scanners to your configuration. I added ClamAV after seeing an
article that said it was very high on the list of who gets updates out the
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
Another one is BitDefender. Their free scanner has just the right
features
for Declude Virus.
It doesn't appear to be free for commercial use.
I was sure that it allowed commercial use (or rather commercial use was
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
Another one is BitDefender. Their free scanner has just the right
features for Declude Virus.
Does not look like it can be called by command line.
The following Declude Virus configuration works with the
- Original Message -
From: Jeff Maze [EMAIL PROTECTED]
Anyone else see this one yet?
Yep, seen lots of them, and all are being detected by McAfee, TrendMicro,
F-Prot, BitDefender, and ClamAV.
Bill
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
- Original Message -
From: Panda Consulting S.A. Luis Alberto Arango [EMAIL PROTECTED]
What is the suggested configuration for this option?
PRESCAN ON or OFF ?
Comments...? thanks
I have prescan on and, if you are running Virus Pro, I don't know why you
wouldn't want to enable
Yep, I've seen a bunch of them this morning, as
well. Here, only McAfee and BitDefender are currently catching it. I
have reported the virus to ClamAV, F-Prot, and TrendMicro.
Bill
- Original Message -
From:
Markus Gufler
To: [EMAIL PROTECTED]
Sent: Monday, August
- Original Message -
From: Jeff Kratka [EMAIL PROTECTED]
Does anyone have a config they want to share for Declude Junk mail and
SURBL
SURBL is not currently support in Decude JunkMail. However, you can
download the various surbl zone files and run them as a body filter, but
that can
- Original Message -
From: Scott Fisher [EMAIL PROTECTED]
I use three scanners. Which scanner does Declude Virus use to determine
the name of the virus?
Should use the first scanner's naming convention. However, there have been
slip-ups in the past, so it could depend on what version
- Original Message -
From: Mark Smith [EMAIL PROTECTED]
Actually this breaks Declude because Declude Virus can't look for multiple
REPORT lines.
Scott,
How can we setup Declude Virus to look for multiple lines in the
report.txt
file?
I've been running F-Prot Version 3.15b since
I just found that if you have PRESCAN set to on, you will not be able to
catch these BankFraud/Phishing e-mails. However, if you set PRESCAN to
OFF, you can catch these if your virus scanner supports it. So far I have
found that ClamAV, McAfee, and TrendMicro all support detection of these
- Original Message -
From: Mark Smith [EMAIL PROTECTED]
Any way to purge 'em all without writing a script?
We're running about 200k messages per day across 4 servers and don't
bother
to check them all.
Come on, you're talking about a 10 second script:
del c:\imail\spool\virus\*.smd
- Original Message -
From: Chris Patterson [EMAIL PROTECTED]
Does anyone else agree using the 32 bit command
line scanner is better than the dos?
Absolutely! If you have it available to you (meaning you have the Windows
version of F-Prot), using it will provide a nice performance
In addition to what others have been reporting here, I am also seeing F-Prot
reporting these today:
Declude Antivirus v1.81 caught the Possibly a new variant of JS/ virus in
[HTML segment]
They are coming in with subjects like:
Subject:DM Direct Newsletter: October 29, 2004
Subject:
BitDefender work fine with Declude Virus, don't know about mxGuard.
Bill
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 03, 2004 9:27 AM
Subject: RE: [Declude.Virus] BitDefender
PP
For
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Bill Landry
Sent: Wednesday, November 03, 2004 9:41 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] BitDefender
BitDefender work fine with Declude Virus, don't know about mxGuard.
Bill
- Original Message -
From: John
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
What I am wondering is does ICS standard include the same executable for
BitDefender that your are using with your version for Declude?
Don't know, but here are the details of the BitDefender command-line exe I
call
- Original Message -
From: Joey Proulx [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, November 04, 2004 8:03 AM
Subject: [Declude.Virus] F-Prot Updater timing out?
I'm running Declude 1.81 with F-Prot. It's on my NT 4.0 mail server,
which
is one of five servers we have,
And this just arrived from F-Prot:
=
New virus signature files for F-Prot Antivirus have been
released. These files are dated 9 November 2004 and contain
detection for W32/[EMAIL PROTECTED], W32/[EMAIL PROTECTED] and other
new threats.
=
Bill
- Original Message -
From: William
Matt, thanks for the analysis. I would very much like to know what the
additional load is on your server by setting PRESCAN to OFF. Please do post
your results if you test this. I have had PRESCAN OFF for a few weeks now,
and have not noticed much of an increase on my servers, but I was not
actually affects my systems.
Bill
- Original Message -
From:
Matt
To: [EMAIL PROTECTED]
Sent: Wednesday, November 10, 2004 1:33
PM
Subject: Re: [Declude.Virus]
PRESCAN
Bill Landry wrote:
Matt, thanks for the analysis. I would very much like to know what the
additional
- Original Message -
From: Alan Walters [EMAIL PROTECTED]
I recently added BitDefender Free Edition v7.2 as a second scanner. This
is
for testing purposes in anticipation of purchasing a more suitable Server
Class version. I attempted to search the archives for information on this
- Original Message -
From: Alan Walters [EMAIL PROTECTED]
As to your comments about my config having extraneous settings (/Files),
I'll agree - but for a different reason. The /Files is used to specify
the
PATH, not the type of files to scan. After reviewing
- Original Message -
From: Jim Nitterauer [EMAIL PROTECTED]
I will try that.
Yes, I checked to make sure.
I also looked at the supported options for fpcmd.exe
The following are not supported:
/nomem
/noboot
/nofloppy
Are these soemthing that you have indluced within Declude?
The updated version is there now. I sent F-Prot support an e-mail asking
why they would send out an update notification before they actually posted
the updated version for download - got a canned auto-reply...
Bill
- Original Message -
From: Rodney Bertsch [EMAIL PROTECTED]
To: [EMAIL
Scott, we have the following entry in our virus.cfg files on
both of our IMail/Declude servers:
SCANFILE2C:\Progra~1\Trend\Sprotect\vscantm.bin /NBPM
/NM /NB /NC /Q /VSTEMP=m:\temp\
/LR=report.txtVIRUSCODE21REPORT2Found
I also have: PRESCANOFF
However, this particularPayPal phishing
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
Scott, we have the following entry in our virus.cfg files on both of our
IMail/Declude servers:
SCANFILE2 C:\Progra~1\Trend\Sprotect\vscantm.bin /NBPM /NM /NB /NC /Q
/VSTEMP=m:\temp\ /LR=report.txt
VIRUSCODE2 1
REPORT2
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
Scott, attached is the raw source of this BOFRA.B message, it looks like
HTML to me. In fact, when I scan the D*.SMD file from the command-line,
TrendMicro identifies the file as HTML_BOFRA.B and ClamAV as
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
Nope, in my testing of three command-line scanners, the attached
test.txt
file contains the minimum needed to detect the file as containing a virus
(copied your virustrap address, as well, in case this gets blocked to the
- Original Message -
From: Matt [EMAIL PROTECTED]
I believe that Declude creates a directory for all attachments in each
message, and then Declude calls the scanner to scan the entire
directory. I believe that for inline content such as text/plain and
text/html, these files will be
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
If the virus scanner were at fault (because of a decoding issue) then I
have
to ask again, why can TrendMicro detect the virus when scanning the raw
D*.SMD file, but not when sent to it by Declude Virus?
You would have to
- Original Message -
From: Matt [EMAIL PROTECTED]
I believe that Declude creates a directory for all attachments in each
message, and then Declude calls the scanner to scan the entire
directory. I believe that for inline content such as text/plain and
text/html, these files will be
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
Hmmm, I thought that since Declude Virus does the decoding and scanner
calls, that you might be interested it testing this yourself...
Yes. That's why I tested it, and found that Declude Virus is decoding the
attachments
I thought that this got fixed many versions ago, but it appears to be back
again (Declude 1.81), where the virus name is taken from Scanner 1, but
the file name is taken from the last scanner listed in the virus.cfg.
Snippet from the postmaster e-mail:
=
Declude Antivirus v1.81 caught the
- Original Message -
From: Nick [EMAIL PROTECTED]
Bill?.. or anyone :)
Is there a way in a single line to use grep or a similar tool on a
virus log file and have it return 2 values: total_scanned and viruses
found?
Total messages scanned for the day and the total number of viruses
- Original Message -
From: Nick [EMAIL PROTECTED]
Total messages scanned for the day and the total number of viruses
found for that day (not count of individual virus)?
Correct.I have no interest in this case of an indv virus count. Just
totals. That is what I want to feed to mrtg
1 - 100 of 132 matches
Mail list logo