Re: [Declude.Virus] Orphaned eml files SMARTERMAIL current DECLUDE 206
Yes, we have same problem. Declude can explain. Basically declude will miss files in the proc directory and will periodically check for files that are not processed in the proc directory and will try moving them back to spool. Something in this routine goes wrong. Our only workaround is to downgrade to 2.0.5.76 which is version that does not have the routine copying files back from proc to spool when declude forgets to process. Downside is that you need to check that directory for files that dont get processed and manually move then back to spool. Not an ideal situation but better than the email not being delivered at all. So long story short yes it is a Declude bug. Hopefully enough people will have the same problem that they will fix - Original Message - From: Douglas Cohn [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, May 10, 2005 9:00 PM Subject: [Declude.Virus] Orphaned eml files SMARTERMAIL current DECLUDE 206 I have orphaned hdr files in my spool directory like this C:\SmarterMail\Spool\62298363.~DR Then I found this in proc C:\SmarterMail\Spool\proc\62298363.EML Has anyone else seen this? Doug --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] about Imail1.exe security issue
We had same issue, then mysteriously got fixed. Imail was aware of it as we had opened ticket. Everytime this would happen, the affected domain registry entry would have some weird users and entries (dont recall exactly but if you search the archives you will find the post). PV - Original Message - From: Mike Wiegers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 9:09 AM Subject: RE: [Declude.Virus] about Imail1.exe security issue This is odd, odd because my server has this problem also and I called Ipswitch about it and they said that my server was the only one having the problems. It had it several months ago (and called) and then started again (and called). Those are the only calls to tech support in the past several years for my SA. I will read the posts to find out more about this. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Wednesday, November 24, 2004 7:05 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] about Imail1.exe security issue we had the same issue few month ago i suspected problem from declude because the addresses that appear in the open imail1 window looked like ones that would be generated by declude notifications (or maybe imail gses ?) anyway, rebooting the server resolved the issue back then Unfortunatly, since upgrading to 8.13 (or 8.14, can't tell exactly, because i did both in less than 48 hours) the problem is coming again, and rebooting did not help this time. if you find a solution, let me know - Original Message - From: Crejob.com [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 10:05 AM Subject: [Declude.Virus] about Imail1.exe security issue My Imail server keep pop up a Create Mail Message, it's seems that Imail1.exe is exploit by someone to try send out spam. I try to limit the imail1.exe user permission, but this will result the webmail can not send out email. Any advice on how to solve this problem? Regards Brian --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] [Encrypted .ZIP file]
Marcus, interesting because NAI is not catching for us... we're at defs version 4.0.4331 and scan engine 4.3.20 Weird thing for us is that if we use the command line to scan file that is infected with bagle.h, then mcafee catches it. But not when it runs with declude using same command line command. Do you have anything special in your config? I am pasting below what we have in our virus cfg SCANFILE C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP /ANALYZE /NOBREAK /UNZIP /SILENT /NODDA /REPORT report.txt VIRUSCODE 13 REPORT Found Thanks Peter - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 11:39 AM Subject: RE: [Declude.Virus] [Encrypted .ZIP file] I've seen that NAI's engine is now able to detect Bagle.h even if contained in passworded zip files. 03/02/2004 17:29:04 Qb64d05700068a0de Scanner 2: Virus=W32/Bagle.h!pwdzip virus !!! Attachment=Readme.zip [18] I 03/02/2004 17:29:04 Qb64d05700068a0de File(s) are INFECTED [[Encrypted .ZIP file]: 13] 03/02/2004 17:29:05 Qb64d05700068a0de Scanned: CONTAINS A VIRUS [MIME: 2 21347] Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, March 02, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] [Encrypted .ZIP file] The interim release 1.78i5 appears to be making headway against the encrypted .zip file but it appears that the sender is forged. Is this suppose to be added to the SKIPIFFORGING database or should I add it to the SKIPIFVIRUSNAMEHAS list and if so what should it be listed as? Encrypted .ZIP file.? Yes, that should work fine. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] bagle.f and mcafee
Looks like some bagle.f are slipping thru on declude with mcafee. Defs are at 4330. Ones that have been forwarded to me are password protected zip archives. As much as I would love to block all zip files, we cannot because too many customers complained when we did this a while back. How are you guys handling this issue? Are you cacthing bagle.f and are they all pwd protected archives? Peter
Re: [Declude.Virus] MyDoom and Mcafee
F-Prot Windows, was never able to resolve this so we disabled until today since we're not catching mydoom with mcafee PV - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 7:12 PM Subject: RE: [Declude.Virus] MyDoom and Mcafee Are you using F-Prot DOS, or Windows? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mailing Lists Sent: Monday, January 26, 2004 4:08 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] MyDoom and Mcafee Anyone using Mcafee catching Mydoom? We're running declude with Mcafee and is not catching new virus. Adding F-Prot as second scanner now catches it but we're having other unrelated BSOD issues with F-PROT. Any suggestions? Peter --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update
Scott, no we were using fpcmd.exe and /NOFLOPPY was not present. I contacted f-prot support last Friday but have not heard back from them to date. Peter SCANFILE1 D:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /DUMB /NOBOOT /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection SCANFILE2 D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC /REPORT=report.txt VIRUSCODE2 2 VIRUSCODE2 6 REPORT2identified SCANFILE3 C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP /NOBREAK /UNZIP /SILENT /NODDA /REPORT report.txt VIRUSCODE3 13 REPORT3 Found - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 10:48 AM Subject: Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update FYI if anyone else experienced this problem, we pinned this down to F-Prot. Disabling F-prot has resolved the problem. Are you using F-Prot.exe or fpcmd.exe? Are you using the /NOFLOPPY switch in the SCANFILE line in the \IMail\Declude\virus.cfg file (which must be there for F-Prot.exe, and must not be there for fpcmd.exe)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update
F-Prot version 3.14a - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 10:51 AM Subject: RE: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update Which exact version please? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Mailing Lists Sent: Wednesday, September 17, 2003 7:37 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update FYI if anyone else experienced this problem, we pinned this down to F-Prot. Disabling F-prot has resolved the problem. Peter - Original Message - To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 1:07 PM Subject: Blue Screen on Imail with Declude Virus and Declude Junkmail Hi all, hopefully someone can give us some insight to a problem related to BSOD we have been encountering on our Imail server Server is running Imail 8.02 with Declude Virus with scanners below and Declude Junkmail. Nothing else is running on the server. Declude Virus Config appears at end of this email. Ipswitch claims this is not caused by Imail Declude Virus has the following virus scanners: F-Prot version 3.14a Netshield 2000 SP1 Grisoft AVG 7 Server Edition On access virus scanning is disabled. What seems to be happening is that when there is a high volume of mail processed, the server will blue screen with: The computer has rebooted from a bugcheck. The bugcheck was: 0x007f (0x000d, 0x, 0x, 0x). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\MEMORY.DMP. BSOD shows UNEXPECTED_KERNEL_MODE_TRAP At first we thought it was a hardware related issue since this was a new server built for Imail. So we rebuilt another server and installed to that new server but problem still persists. Examining logs (Declude and Imail) show nothing peculiar, and nothing is reported in the event log except for the reboot and bugcheck. We then thought it may be related to the Imail Queue manager so to test this we stopped Imail Queue Service for a while and simulated the problem by sending large amounts of mail to the server and sure enough it crashed again (with Queue Manager stopped). This should exclude Queue Manager. Server specs are: Intel 7501WV2 Motherboard with dual onboard Nics Intel SRCZCR Raid Controller Card 2 x 18 GB u320 Maxtor Raid 1 (OS) 2 x 36 GB u320 Maxtor Raid 1 (Imail) 1 GB Crucial RAM Any insight anyone? Thanks Peter Verzoni # # Declude Virus configuration file # CODE # The in the LOGFILE option automatically gets replaced with the month/date LOGFILE e:\spool\vir.log LOGLEVELHIGH CONSOLE OFF # # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. # SCANFILE1 D:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /DUMB /NOBOOT /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection SCANFILE2 D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC /REPORT=report.txt VIRUSCODE2 2 VIRUSCODE2 6 REPORT2identified SCANFILE3 C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP /NOBREAK /UNZIP /SILENT /NODDA /REPORT report.txt VIRUSCODE3 13 REPORT3 Found # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'virus' (\IMail\spool\virus). VIRDIR e:\spool\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. MAXATONCE 0 # # The following options allow you to limit scanning to only incoming or outgoing # E-mail. # INCOMING ON OUTGOING ON # # The ONACCESS option should be set to OFF unless you have an on-access virus scanner # that will be deleting attachments with viruses. # ONACCESS OFF # # The SCANNERTIMEOUT option lets you choose the number of seconds that Declude will # wait for the virus scanner to finish. The minimum value is 10 seconds. Most # scanners will not need to take that long. This option is mainly to prevent # defective scanners (that never finish) from interfering with your outgoing E-mail. # Raising this will NOT help if your virus scanner always times out. # SCANNERTIMEOUT 60 # # The SKIPEXT option will let you skip scanning of certain file extensions
[Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail
Hi all, hopefully someone can give us some insight to a problem related to BSOD we have been encountering on our Imail server Server is running Imail 8.02 with Declude Virus with scanners below and Declude Junkmail. Nothing else is running on the server. Declude Virus Config appears at end of this email. Ipswitch claims this is not caused by Imail Declude Virus has the following virus scanners: F-Prot version 3.14a Netshield 2000 SP1 Grisoft AVG 7 Server Edition On access virus scanning is disabled. What seems to be happening is that when there is a high volume of mail processed, the server will blue screen with: The computer has rebooted from a bugcheck. The bugcheck was: 0x007f (0x000d, 0x, 0x, 0x). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\MEMORY.DMP. BSOD shows UNEXPECTED_KERNEL_MODE_TRAP At first we thought it was a hardware related issue since this was a new server built for Imail. So we rebuilt another server and installed to that new server but problem still persists. Examining logs (Declude and Imail) show nothing peculiar, and nothing is reported in the event log except for the reboot and bugcheck. We then thought it may be related to the Imail Queue manager so to test this we stopped Imail Queue Service for a while and simulated the problem by sending large amounts of mail to the server and sure enough it crashed again (with Queue Manager stopped). This should exclude Queue Manager. Server specs are: Intel 7501WV2 Motherboard with dual onboard Nics Intel SRCZCR Raid Controller Card 2 x 18 GB u320 Maxtor Raid 1 (OS) 2 x 36 GB u320 Maxtor Raid 1 (Imail) 1 GB Crucial RAM Any insight anyone? Thanks Peter Verzoni # # Declude Virus configuration file # CODE # The in the LOGFILE option automatically gets replaced with the month/date LOGFILE e:\spool\vir.log LOGLEVELHIGH CONSOLE OFF # # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. # SCANFILE1 D:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /DUMB /NOBOOT /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection SCANFILE2 D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC /REPORT=report.txt VIRUSCODE2 2 VIRUSCODE2 6 REPORT2identified SCANFILE3 C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP /NOBREAK /UNZIP /SILENT /NODDA /REPORT report.txt VIRUSCODE3 13 REPORT3 Found # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'virus' (\IMail\spool\virus). VIRDIR e:\spool\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. MAXATONCE 0 # # The following options allow you to limit scanning to only incoming or outgoing # E-mail. # INCOMING ON OUTGOING ON # # The ONACCESS option should be set to OFF unless you have an on-access virus scanner # that will be deleting attachments with viruses. # ONACCESS OFF # # The SCANNERTIMEOUT option lets you choose the number of seconds that Declude will # wait for the virus scanner to finish. The minimum value is 10 seconds. Most # scanners will not need to take that long. This option is mainly to prevent # defective scanners (that never finish) from interfering with your outgoing E-mail. # Raising this will NOT help if your virus scanner always times out. # SCANNERTIMEOUT 60 # # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG SKIPEXT PNG # # The BANEXT option will let you ban file extensions. E-mails containing attachments # with these file extensions will be quarantined, and if you have a BANnotify.EML file # (version 1.29 and higher), it will be sent out. # #BANEXT scr #BANEXT pif # # Declude Virus Pro v1.27 and higher allow you to pre-scan HTML files. If no dangerous # code is detected, the virus scanner will not get called. This can cut down on CPU usage # tremendously. # PRESCAN OFF # # Declude Virus v1.29 and higher can block treat files using CLSID extensions as viruses. # This type of extension will force a certain type of program to be run, while making the # file appear to be a .TXT or other safe file. There is no known legitimate reason to # send this type of file through E-mail. # BANCLSID ON # # The FOOTER lines will add a footer to the bottom of E-mails that are scanned. v1.30 and higher. # # FOOTER --- # FOOTER [This E-mail scanned for viruses by Declude Virus] # # The DELETEVIRUSES option, when set to ON, will delete viruses, rather than quarantine them. # It is
Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail
Thanks Scott, I have a feeling it is F-Prot because when this first started happening, we did not have Netshield or AVG on the server. So we've disabled both F-prot and AVG for now and let's see what happens. If anyone else has seen similar issues please reply! Peter - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 1:15 PM Subject: Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail hopefully someone can give us some insight to a problem related to BSOD we have been encountering on our Imail server I'm guessing that it is one of the 3 virus scanners. AV programs often access memory and hard drives at a low level, and are a bit more prone to issues like this than most applications. What I would do is remove one at a time, to see if removing one of them fixes the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail
Well, yes. We only used Fprot till Mimail came out. At that time it took Fprot 4 days to update their definitions. So many customers started getting Mimail and complaining. To avoid the problem we decided to use multiple scanners to lower possibility of a virus slipping thru. However I don't think our issue is related to the # of scanners as this first started happening when we only had 1 scanner (fprot) Peter - Original Message - From: Greg Foulks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 1:29 PM Subject: RE: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail I hate to hijack the thread but... Why run so many scanners? We only run one scanner and have never had a problem... Are we missing something by not running more than one? Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, September 08, 2003 1:16 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail hopefully someone can give us some insight to a problem related to BSOD we have been encountering on our Imail server I'm guessing that it is one of the 3 virus scanners. AV programs often access memory and hard drives at a low level, and are a bit more prone to issues like this than most applications. What I would do is remove one at a time, to see if removing one of them fixes the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- -- -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail
Windows version, Peter - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 3:26 PM Subject: RE: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail Are you using the DOS version or Windows version of F-Prot? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Mailing Lists Sent: Monday, September 08, 2003 10:43 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail Well, yes. We only used Fprot till Mimail came out. At that time it took Fprot 4 days to update their definitions. So many customers started getting Mimail and complaining. To avoid the problem we decided to use multiple scanners to lower possibility of a virus slipping thru. However I don't think our issue is related to the # of scanners as this first started happening when we only had 1 scanner (fprot) Peter - Original Message - From: Greg Foulks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 1:29 PM Subject: RE: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail I hate to hijack the thread but... Why run so many scanners? We only run one scanner and have never had a problem... Are we missing something by not running more than one? Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, September 08, 2003 1:16 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail hopefully someone can give us some insight to a problem related to BSOD we have been encountering on our Imail server I'm guessing that it is one of the 3 virus scanners. AV programs often access memory and hard drives at a low level, and are a bit more prone to issues like this than most applications. What I would do is remove one at a time, to see if removing one of them fixes the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- -- -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail
John, right now only Netshield 2000 SP1 is running, hasn't crashed yet but too early to tell. No, we haven't run any performance monitors yet - but the common thing in the BSOD is 100+ emails being processed by Imail/Declude. This will generally happen during peak hrs, we can actually duplicate it by sending large amounts of mail to Imail for processing. We'll probably try to duplicate it during our maintenance window this weekend, if it happens again then it is most likely fprot. If not we'll need to dig a little deeper and maybe call MS. No other AV insgalled aside from Fprot (now disabled), Grisoft (also disabled) and Netshield (currently active). No AV is protecting the server itself, I know this is not a good idea... Peter - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 4:12 PM Subject: RE: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail So right now, you only have Gristoft running, correct? Exactly when did this start? Have you run any performance monitors to see what is happening just before the BSOD? Any other AV software installed? What AV is protecting the server itself? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Mailing Lists Sent: Monday, September 08, 2003 12:54 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail Windows version, Peter - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 3:26 PM Subject: RE: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail Are you using the DOS version or Windows version of F-Prot? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Mailing Lists Sent: Monday, September 08, 2003 10:43 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail Well, yes. We only used Fprot till Mimail came out. At that time it took Fprot 4 days to update their definitions. So many customers started getting Mimail and complaining. To avoid the problem we decided to use multiple scanners to lower possibility of a virus slipping thru. However I don't think our issue is related to the # of scanners as this first started happening when we only had 1 scanner (fprot) Peter - Original Message - From: Greg Foulks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 1:29 PM Subject: RE: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail I hate to hijack the thread but... Why run so many scanners? We only run one scanner and have never had a problem... Are we missing something by not running more than one? Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, September 08, 2003 1:16 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail and Declude Junkmail hopefully someone can give us some insight to a problem related to BSOD we have been encountering on our Imail server I'm guessing that it is one of the 3 virus scanners. AV programs often access memory and hard drives at a low level, and are a bit more prone to issues like this than most applications. What I would do is remove one at a time, to see if removing one of them fixes the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- -- -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner
Re: [Declude.Virus] AVG - Not identifying virus found.
Works great Fritz! BTW, what is the difference between avgscan.exe and avg.exe? And which should be used? Peter - Original Message - From: Fritz Squib [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 8:20 AM Subject: RE: [Declude.Virus] AVG - Not identifying virus found. Eddie, After some fooling around, I *THINK* this will work, at least this is how mine is set up and it *APPEARS* to be working. SCANFILE c:\Progra~1\FSI\F-Prot\fpcmd.EXE -TYPE -SILENT -NOMEM -ARCHIVE -NOBOOT -DUMB -REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORTInfection: SCANFILE2 C:\Progra~1\Grisoft\AVG6\avgscan.exe /NOMEM /NOSELF /ARC /REPORT=report.txt VIRUSCODE 2 VIRUSCODE 6 REPORT2identified The key here is REPORT2, that is the text string declude looks for to find the virus name. For my test I changed AVG to be my primary and I received: The Declude Virus software on wpa.net has reported that you were sent an E-mail from [EMAIL PROTECTED], containing the EICAR_Test virus in the eicar.com attachment. The subject of the E-mail was Test eicar.com file [eicarplain]. The E-mail containing the virus has been quarantined to prevent further damage. Scott will correct me if I am wrong. Fritz Frederick P. Squib, Jr. Network Operations Citizens Telephone Company of Kecksburg Citizens Internet Services http://www.wpa.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eddie Pang Sent: Tuesday, August 05, 2003 5:01 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] AVG - Not identifying virus found. For those using the trial version, have you noticed that AVG is not identifying what virus is caught. This is a eicar.zip test file. 08/04/2003 21:48:13 Q61390032023c9aef Scanner #1 detected a virus 08/04/2003 21:48:13 Q61390032023c9aef File(s) are INFECTED [: 6] 08/04/2003 21:48:13 Q61390032023c9aef Deleting file with virus 08/04/2003 21:48:13 Q61390032023c9aef Deleting E-mail with virus! 08/04/2003 21:48:13 Q61390032023c9aef Scanned: CONTAINS A VIRUS [MIME: 2 610] 08/04/2003 21:48:13 Q61390032023c9aef From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 24.94.xxx.xxx] 08/04/2003 21:48:13 Q61390032023c9aef Subject: test Is there a way to have AVG pass through the name of the virus, so that our sender.eml will know what viruses to skip. Sincerely, Eddie :) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot and Mimail
Is anyone else using Grisoft? Is it more reliable than F-prot? We're using just f-prot and are so disappointed that it's been letting thru mimail for the past 3 days. I know want to add a 2nd scanner, initially wanted to add mcafee but I can't seem to buy less than 11 licenses. What are all you guys using as a seconds scanner and your thoughts? Peter - Original Message - From: Hirthe, Alexander [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 04, 2003 10:32 AM Subject: RE: [Declude.Virus] F-Prot and Mimail Hello, I bought AVG 6 some weeks ago from Grisoft.com as a second scanner. Now I finally installed it :-) 75 US$ for 2 systems. They detect it as Unknown Virus in Unknown File. Alex -Original Message- From: Billy [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 4:12 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-Prot and Mimail At this point is F-Prot catching it? If not has anyone found a good work around, without having to block all .zips... --- [This E-mail was scanned for viruses by QuestNet.net (http://www.QuestNet.net)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
