RE: [Declude.Virus] Mcafee

It's Mcafee Virus Scan Ver 8.0 Build 8.0.26 There isn't a scan.exe or scan32.exe on the drive. You'll need to do a "Full Install". That should get the scan.exe installed. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail ma

Re: [Declude.Virus] W32.Netsky.B@mm Slipping through

I realize this generally does mean it's corrupt -- but you're missing the "scary" part. If I scan the file that came in with the same install of F-Prot, (from the mail server), it catches it as Netsky. If scanning it from F-Prot on the mailserver catches it, it should get caught when Declude V

RE: [Declude.Virus] Banning zips and user able to requeue.

Scott, feature request: If the banned extension is zip, instead of sending out BanNotify.eml, can Declude be configured to send BanZipNotify.eml? That would allow flexibility to only do this for zip files. We're looking into some options here. -S

RE: [Declude.Virus] Mcafee

I've re-installed it a couple of times but I haven't seen anywhere that I can tell it to do a full install. You'll need to contact McAfee then to see how to do a Full Install (or at least how to get the scan.exe file installed). -Scott --- Declu

Re: [Declude.Virus] Error 9 in AVG

We are seeing errors in our other scanners. At first I thought Error 5 was because of F-Prot's new C release. But now we are seeing Error 9 in AVG as well. That means that AVG is reporting an error 9. Unfortunately, we have no information on what will cause AVG to report an error 9. Most li

Re: [Declude.Virus] F-prot 3.14c Error 5

Scott, if Declude Virus encounters an Error 5 with scanner 1, does it not even attempt to run the message through the second scanner? It should call both scanners, no matter what. 02/25/2004 08:50:21 Qd23b256a001cfa29 Could not find parse string Infection: in report.txt 02/25/2004 08:50:21 Qd23b

Re: [Declude.Virus] F-prot 3.14c Error 5

We're seeing the same thing David did - random error 5's on the newest F-prot. I backed off to the previous version. Is there a way to rescan the error 5's using Declude from the command line if I create a batch file? You could try copying the files back to the spool directory, and then run

Re: [Declude.Virus] F-prot 3.14c Error 5

Can Declude be run from a folder other than the main IMail spool folder? - in which case a "good message" would not be moved to a virus subfolder. The Declude.exe file should be in the \IMail directory, and the scanned files really should be in the spool. Using other directories may work, but

RE: [Declude.Virus] Mcafee

Thanks for the link. I called them to get a price and ran into another brick wall. McAfee is like that. Their normal MO, though, is to oversell, doing everything short of blatant lying to do so. What you may want to do is try asking them "I have one computer running Windows XYZ" (for example,

Re: [Declude.Virus] Another error

I have a lot of these any hints ? 02/24/2004 16:39:12 Q7b5e15400292c67d Error opening mime file E:\IMAILSRVR\spool\D7b5e15400292c67d.SMD 02/24/2004 16:39:12 Q7b5e15400292c67d Scanned: Error starting scanner The happens when Windows won't allow Declude to open the D*.SMD file for some reason. Do

Re: [Declude.Virus] file extensions banned by domain

Would I be able to ban extensions by domain using Declude Junk Mail? No, Declude JunkMail isn't designed to ban file extensions. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catche

Re: [Declude.Virus] Another error

I have Mcafee on access scanner, but i specificaly exclude the imail & the spool directory and all their subdirectories Regarding the backup, the error in occuring all day long, while we only run the backup once a day, so it cannot be that Do you know if this is happening for all E-mails, or just

RE: [Declude.Virus] Per user

> It might be better if instead of INONLY/OUTONLY, it was SENTTO/SENTFROM. Acutually, if you just clarify this point in the manual and in the sample virus_users.txt file, that would be less work for you than changing the coding and everyone having to change their configurations. Thanks for the su

RE: [Declude.Virus] Per user

On a user that is part of a S&F domain, all e-mail to or from that user is considered outbound, correct? Correct. However: So, if you have in the virus_users.txt file [EMAIL PROTECTED] INONLY, anything to or from that user will not be scanned, correct? No. INONLY will scan any E-mail sent *to* a

Re: [Declude.Virus] Per user

If a per user configuration is used and virus scanning is disabled for a user, and a e-mail comes in to a local user with the disabled user as the forged from address, will the message be scanned for viruses? That depends on who it is sent to. While the default will be not to scan it (since it is

Re: [Declude.Virus] a new one

i have loglevel set to high and do not see the "(2 scanners)" line john posted, why ? 02/23/2004 22:23:37.023 Qede8025e01a6820d Scanning files (2 scanners) That's because that is a debug log file entry. The debug mode places a *lot* of log file entries for each E-mail (10 to 100 times the stan

Re: [Declude.Virus] Declude virus not scanning when email sent from web client

I was testing for the Bable.c virus to ensure that my scanners were picking it up. I sent an email with the virus from the Imail web client to my account on the same domain and it wasn't caught. Sending this email back to the same account from an outlook client caught the virus. Is this normal? Ye

Re: [Declude.Virus] IPBypass and notifications

Just set up a gateway mailserver, and I realized that if a virus comes through the gateway, the notification that gets sent out sees the gateway mailservers IP address. Is there a way to hook the IPBypass functionality into Declude Virus? No, there is not. In this case, you may just want to r

Re: [Declude.Virus] BANnotify.eml

Can I add a BCC or a CC to forward a copy of the banned extension e-mail to me so I can investigate whether or not this is a valid file? All that you can do in this case is have multiple recipients on the To: line (separated by a single comma, and no spaces), such as: From: [EMAIL PROTE

Re: [Declude.Virus]

Is it possible to have messages containing attached files with banned extensions land somewhere other than the \declude\virus folder? No, that is not currently possible. However, that is a feature that we will likely be adding. -Scott --- Declu

Re: [Declude.Virus] New send virus test

May I propose a new test for your send test virus webpage? password zip. The eicar.com file within a standard password protected zip file. I think it would put some of our minds at easy if we could test our current config to see whether we are catching password protected zip files with viruse

Re: [Declude.Virus] Server Load

I m curious what kind of server load people have experienced with declude. Like anyone else using this product we re on MS, I/O is quite an issue for us and I d like to know what to expect prior to purchasing declude. We typically find that each GHz of CPU power allows for about 100,000 E-mail

Re: [Declude.Virus] .PIF files being held instead of deleted?

I am running the latest beta 1.78. I have the following in my virus.cfg file: BANEXT scr BANEXT pif BANEXT bat BANEXT exe DELETEVIRUSES ON Yet I am still seeing e-mails with .PIF extensions being held in the virus subfolder. I'm concerned that these are maki

Re: [Declude.Virus] Banext and bannotify.eml questions

Isn't it possible to modify the Bannotify.eml file and only include the recipient and postmaster? Would it still send a notice to the sender somehow? The notification will be sent to anyone listed in the To: header. In this case, you can use "To: %ALLRECIPS%,[EMAIL PROTECTED]".

Re: [Declude.Virus] Banext and bannotify.eml questions

Can I configure the bannotify.eml to not send messages to the sender of the file, but to send them only to the recipient and to me. Not currently. Actually, I believe this can be done, by using a line "To: %ALLRECIPS%,[EMAIL PROTECTED]" in the \IMail\Declude\BANnotify.eml file.

Re: [Declude.Virus] ClamAV

Have you considered adding the ClamAV to the list of scanners on your site? We should have it there soon. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and

RE: [Declude.Virus] Banext and bannotify.eml questions

OK, I have it the other way around, does that matter? No. Any E-mail addresses that appear after "To: " and that are separated by commas will work. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.

Re: [Declude.Virus] Interim release

What was the url for the interim release that catches password protected zip files? I managed to delete it instead of saving the thin. http://www.declude.com/interim . You need to add a line "BANEXT EZIP" to the \IMail\Declude\virus.cfg file with the latest interim, and then password protecte

Re: [Declude.Virus] X-Declude-Status: Waiting for activation code

Installed newest declude file and I'm still getting (X-Declude-Status: Waiting for activation code) within the email header Anyone know of a hack or hex editor I can use to fix this? If you upgrade to the latest interim it will remove that line.

RE: [Declude.Virus] X-Declude-Status: Waiting for activation code

> >Installed newest declude file and I'm still getting > > > >(X-Declude-Status: Waiting for activation code) within the > email header > > If you upgrade to the latest interim it will remove that line. Scott.. I did download and installed it.. Declude 1.78i6 (C) Copyright 2000-2004 Computerized

RE: [Declude.Virus] Scan Password Protected Zip's

WARNING: Couldn't remove .vir directory F:\IMail\spool\Ddf56c4e7006acd96.vir\: EXTRA FILES THERE. 03/02/2004 14:24:32 Qdf56c4e7006acd96 Likely problem: Your virus scanner is leaving extra files/directories behind, so Declude can't delete the directory. What file(s) are left over in that directory?

RE: [Declude.Virus] Scan Password Protected Zip's

03/02/2004 15:52:16 Qf3fc18350038f46d Couldn't delete D:\IMail\spool\Df3fc18350038f46d.vir\1.zip: 32. This will be fixed in the next interim release. In my bounce email, is it suppose to show ZIP-pif rather than ZIP-?? Yes, if it was a .PIF file that was supposed to be blocked.

Re: [Declude.Virus] Scan Password Protected Zip's

I'm only seeing 1.78 beta on your website? Correct. We do not have a direct link to the interims on the website. You must follow the supplied URL. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.

RE: [Declude.Virus] Interim release

Are there any new variables that can be used in the bannotify.eml? No. What will the %BANEXT% variable contain in these cases? "ZIP-" followed by the extension (such as "ZIP-EXE"). -Scott --- Declude JunkMail: The advanced anti-spam solution for

RE: [Declude.Virus] Scan Password Protected Zip's

My test emails never had zip attachments that included PIF files. I only used a CMD and an EXE file as shown in my logs posted. Ah, I see. There is an issue where it may show the wrong extension. This will be fixed with the next interim release.

RE: [Declude.Virus] X-Declude-Status: Waiting for activation code

I just swept the hard drives looking for the global.cfg file and there isn't any. So.. Maybe I should reboot the server? That won't do it. Could those headers be generated by a remote mailserver (you may see them on E-mails sent from this list, for example).

RE: [Declude.Virus] New interim release to ban extensions in .ZIP files

Do these new features, BANZIPEXTS and BANEZIPEXTS, stop both zip files and encrypted zip files if you do not have the BANEXT ZIP setting? Yes (using "BANEXT ZIP" would block all .ZIP files will be banned, regardless of what file extensions they may contain). Just wondering if using the above for

Re: [Declude.Virus] New interim release to ban extensions in .ZIP files

It mostly worked fine for me except when I zipped a .zip file containing a .exe file. This was allowed through. Either recursive searching of .zip within .zip files or a BANZIPinZIP option would be an interesting option. Ah, that's an interesting idea. I hadn't thought of that. :) Certainly a

Re: [Declude.Virus] New interim release to ban extensions in .ZIP files

I am trying to understand this, but the reality doesn't work like I think you are saying it should. If I have the following in my virus.cfg file: BANEXT EZIP Note that "BANEXT EZIP" is the original quickly-implemented format that may have problems. with or without: BANZIPEXTS ON BANEZIPEXTS

Re: [Declude.Virus] Directories Not Being Removed With BANEZIPEXTS ON

I am also seeing the issue below. The files that are being left in the directories are named like this 0.zip (or) 1.zip There is a new interim release 1.78i8 at http://www.declude.com/interim that should take care of this issue. -Scott --- Decl

[Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files

We now have a new interim release 1.78i8 of Declude Virus Pro at http://www.declude.com/interim that will look for invalid .bat, .com, .pif, and .scr files, and will treat them as vulnerabilities. It is expected that this will cut down significantly on the impact of future viruses in the time

Re: [Declude.Virus] New interim release to ban extensions in .ZIP files

Okay, so if I want to continue to ban any zip file that is encrypted, whether I have defined the extension to be band or not, I should continue to use BANEXT EZIP, correct? That is correct. -Scott --- Declude JunkMail: The advanced anti-spam solu

RE: [Declude.Virus] New interim release to ban extensions in .ZIP files

Does BANEXT ZIP cover BANEXT EZIP? BANEXT ZIP will ban all .ZIP files, regardless of what files or encryption may be used. BANEXT EZIP is a temporary measure that blocks .ZIP files where the first file in encrypted. -Scott --- Declude JunkMail

RE: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files

If we are already blocking those extensions, how would that help? If you are already blocking .bat, .com, .pif, and .scr files, the new interim release won't help. However, if you are not blocking all those files (most of our customers are not), it will help. It can also be used if you want to

RE: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files

I switched from i5 to i8 6 hours ago. Until now I can see two empty vir directories. Before I've had one undeleted vir directory per month. (5000 to 7000 msgs / day) What is in those files? Have you checked the Declude Virus log file to see the log file entries for those E-mails?

RE: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files

For whatever reason, any password laid virus zip files containing com, pif, scr, exe, or others are not getting picked up on our system with i8, however, they are with i7. I hope this helps. I assume you are using "BANEXT EZIP" with i7. Are you using it with i8 as well? Do you have

Re: [Declude.Virus] Update- New virus

None are catching this. I just updated all the AV definitions and emialed me the same virus that arrived this morning.. This new one -- ("Dear user of your_domain.com e-mail server gateway...") likely is not going to get caught by any virus scanners. The only information that an AV program ha

Re: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files

I also forwarded the original message to your email addresswith .zip attached. No, no, NO. NEVER send a virus or any file that you think may be malicious to ANY E-mail address that is not expecting it. We have one and only one E-mail address that viruses or suspicious files may be sent to

RE: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files

I am not using BANEXT EZIP with i7 nor i8 per your instructions to remove it in place of the new commands: In that case, i7 will *not* block any encrypted .ZIP files. BANEZIPEXTS and BANZIPEXTS ON I used that encoded file to test it under i8 first and it went straight through, t

Re: [Declude.Virus] Update- New virus

Running McAfee WebShield 4.5 MR1a on a mailrelay before my mailserver (with Declude) with with Scan engine version 4.3.20 DAT version 4.3.4332 and it's detecting W32/[EMAIL PROTECTED] Is it detecting the one with "Dear user of your_domain.com e-mail server gateway..." (or similar text)? Is it d

RE: [Declude.Virus] Update- New virus

At one point, only Declude Virus Pro included this new functionality of detecting virii in encoded zip files. Is that still the case? Actually, Declude Virus never had the ability to detect viruses in encoded .ZIP files (unless the AV program used with it could). The new feature ("BANEXT EZIP")

Re: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files

03/03/2004 10:19:17 Qa313025b008ed2a1 Invalid COM Vulnerability 03/03/2004 10:19:17 Qa313025b008ed2a1 File(s) are INFECTED [: W32/[EMAIL PROTECTED]: 3] does this mean that the "COM Vulnerability" and the virus was discovered? Correct. v1.78i9 fixes this, so that the "Invalid COM Vulnerability"

RE: [Declude.Virus] Update- New virus

I guess considering the concept is forging does not apply to blocking the zip files we should STOP sending banned extension notifications. That is probably a good idea. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailse

Re: [Declude.Virus] Passworded zip files still getting through!

F.Y.I. I am running the latest interim release: 1.78i.8 and have BANEZIPEXTS ON In my config file but several people have complained to me that they are still getting the zipped files. Please read the information on the list very, very carefully. That is the expected behavior. BANEZIPEXTS

RE: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files

I don't know that our firewall is the issue due to it working under i7 and all prior Declude versions. The problem is that it CANNOT be working with previous versions. The BANZIPEXTS/BANEZIPEXTS options were just added to i8; BANEXT EZIP was just added to i7. You're going to need to de

Re: [Declude.Virus] BANEXT Question

I have a question about how DV handles BANEXT. Does DV scan the message first for viruses then check to see if an attachment is in the BANEXT list or does it check the BANEXT list and then scan the message, or does it check the BANEXT list and block based on that without scanning the message? The

Re: [Declude.Virus] New interim release to ban extensions in .ZIP files

I've got BANEZIPEXTS ON And the file got through (encrypeted zip with password in the body of the email) For others having issues with these new features, please be very clear what is happening. There are a lot of possibilities here. You'll need to specify [1] Whether you are using BANZIPEXT

RE: [Declude.Virus] Passworded zip files still getting through!

Confirmed. I commented out # BANEZIPEXTSON I left in: BANEXT EZIP And resent myself the virus and it was blocked. Good catch. :) I'll be investigating this to see why that is happening. -Scott --- Declude JunkMail: The advanced anti-sp

RE: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files

Is yours working with the TAB, I'll try anything? FYI, tabs/spaces should not affect anything (they are only important in .eml files, where only one space/tab per line is allowed in the commands in the headers). -Scott --- Declude JunkM

Re: [Declude.Virus] Question: Do the new zip commands reject the file extension and not pass the file to the virus scanner

Currently does the BANEXT EZIP and BANEZIPEXTS ON commands block the mail based on the file extension and not scan the email with the configured virus scanner (See snippet #1 below) i.e. the virus scanner is not called or doesn't appear to be? The virus scanner will be called with the latest inter

Re: [Declude.Virus] Passworded zip files still getting through!

Might this be the issue with other folks reporting this "problem"? Quite possibly, yes, but that's why I keep saying that people need to read the information carefully before posting that it doesn't work. :) -Scott --- Declude JunkMail: The adv

Re: AW: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files

i just went to 1.78i9 but i still get lines like: 03/03/2004 17:42:33 Q0af90280009aab8a Invalid PIF Vulnerability 03/03/2004 17:42:33 Q0af90280009aab8a File(s) are INFECTED [: W32/[EMAIL PROTECTED]: 3] 03/03/2004 17:42:33 Q0af90280009aab8a Scanned: CONTAINS A VIRUS [MIME: 4 18391] but it is no

Re: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files

But...I'm curious as to why this new Vulnerability feature is a PRO only one. If this is truly a feature that "will cut down significantly on the impact of future viruses in the time before new virus definitions are available" that sounds like a feature that should be implemented for ALL Declude u

Re: [Declude.Virus] Passworded zip files still getting through!

I've been using BANEXT .com I am seeing on this list that is wrong, and the *dot* should be removed...correct? Correct. It must be "BANEXT com". -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. De

Re: [Declude.Virus] Update- New virus

> Is it detecting them in an encrypted file? It may be that the virus is spreading in non-encrypted .ZIP > files as well. An email from <[EMAIL PROTECTED]>, addressed to <[EMAIL PROTECTED]> , with subject E-mail account disabling warning. was infected with the virus W32/[EMAIL PROTECTED] in att

Re: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files

I tried this with 1,2,3 spaces and tabs between the BANZIPEXTS, BANZIPEXTS and the ON. Just a reminder for people who didn't see it: spaces/tabs are irrelevant here (they are only relevant in .eml files). Then I send myself a compress .pif file both pw protected and not pw proteced and every si

Re: [Declude.Virus] Declude Virus & Trend Pattern File 799

Got Declude running and it is catching virus however, the Declude test is still getting through to me. I am running with Trend's # 799 file. But Declude's Tests EICARENCODEDZIP and EICARDYNAMICENCODEDZIP and EICARZIP is too. It you upgrade to the latest interim at http://www.declude.com/interim

Re: [Declude.Virus] Test Eicar.com file

Is this correct? With Test eicar.com file [eicardynamicencodedzip] Is what correct? That's the E-mail that should be blocked. If it came from your \IMail\spool\virus directory, that's good; if you saw it in your mail client, that's bad (and you need to to upgrade to v1.78i9 at http://www.dec

Re: [Declude.Virus] How to set no notifications for Encrypted zip?

Scott, I've noticed a lot of my BANEXT EZIP files are sending out notifications, which most look like are forged addresses. Correct. It doesn't look like you've added EZIP files as a forging virus to the declude master database, so is there a way to do SKIP for it? It can't be added, as it isn'

Re: [Declude.Virus] SKIPIFFORGING Question

> 1. Put virus names in virus.cfg That is not needed, new version will look up in a declude.com database to find if it is a forging virus Correct. Hopfuly, scott promised that a future version will automaticaly replace sender by [Forged] in forging viruses identified by new method, so we wont hav

RE: [Declude.Virus]

Since Declude isn't auto detecting zips, thus I guess the BANZIPEXTS, BANEZIPEXTS and BANEXT EZIP are hardcoded to look at just .zip file extensions. Correct (otherwise, people can't say 'if you must get the file through, rename it...'). For example, BANZIP ERAR or BANZIP RAR for an

Re: [Declude.Virus] Ban notice

Is EICAR considered forged? No, it is not. Using Tools page I sent myself tests for eicardynamicencodedzip and eicarencodedzip. Both were stopped (see logs below) but no notice was sent. Should I have gotten a notice if: - Running i9 - VIRUS.CFG (logging MID) has BANEXT ZIP and BANEXT EZIP - BA

Re: [Declude.Virus] SKIPIFFORGING Question

The release notes tend to indicate it is On by default. Scott? Yes, the release notes are correct. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is th

Re: [Declude.Virus] Ban notice

Is EICAR considered forged? Sorry, my mistake. While the eicar.com file is not considering a forging virus, the eicarencodedzip and eicardynamicencodedzip are blocked by the BANEXT EZIP option, which won't know what the virus name is. Therefore, it is assumed to be a forging virus.

Re: [Declude.Virus] marking subject line

We host email for many companies and ban certain file types but allow them to get sent if they are zipped. Being a hosting company we do not want to prevent customers from sending certain files because each company has their needs. However, the sophistication of some of the emails containing

Re: [Declude.Virus] Variable in bannotify.eml

Today I received a banned attachment message and the extension name was blank: You have sent an attachment with the . extension. Why is the variable not being set? How can I tell what is going on with this message? If you look at the D*.SMD file that was caught, that will provide some clues.

RE: [Declude.Virus] marking subject line

Scott - you may shoot me for suggesting this, especially if it has been suggested before. I am not a programmer so I suggest this not knowing how difficult it may be, but if both Virus and Junkmail use the declude.exe is it possible to have things like BANEZIP be defined as a test in the global fi

Re: [Declude.Virus] Declude Virus Questions

1. It was previously stated that the BANEXT EZIP checked to see if only the first file was encrypted. I'm tentatively planning on keeping the encrypted zip's blocked. Does the BANEXP EZIP now check all files within the .ZIP? If not I wish it would. No, but it will. 2. It would be interesting

Re: [Declude.Virus] Bannotify.eml missing extension.

I just received a notification message that said: The mail server for continentaloffice.com does not accept E-mail with attachments that contain the extension. --pbgivjxdscnisewbjysa Content-Type: application/octet-stream; name="Readme.zip" Content-Transfer-Encoding: base64 Content-Di

Re: [Declude.Virus] 32-bit avgscan.exe does now work.

I should have read the previous message closer, so point the finger at me for jumping the gun totally. The 32-bit version of avgscan.exe does in fact now work (this definitely wasn't the case earlier). The switches for this should be modified when moving to the 32-bit version. I'm not posit

RE: [Declude.Virus] Bannotify.eml missing extension.

Good morning. Here's a new twist. I got one this morning that read: The mail server for continentaloffice.com does not accept E-mail with attachments that contain the readme.zip extension. That's how the new change works to prevent it from saying "... contain the . extension", until a better so

Re: [Declude.Virus] Network Associates Products Will Soon Detect Bagle Variants with Encrypted Zip Attachments

c) Creating completely new functionality to target this specific virus where the password string is retrieved from the message body and then used to unlock the file before scanning it (Kaspersky and BitDefender) The downside to this is that it took them 4 days to cre

Re: [Declude.Virus] Bagle.J / news.com article on AV software opening zipped files.

the minimum that would be practicaly usable for us : 1- Notifications based on banned extension: ONLYSENDIFEXT, SKIPIFEXT This we hope to add. 2-BANEZIPEXT2 independant from banext, as in BANEZIPEXT2 exe BANEZIPEXT2 com BANEXT scr BANEZIPEXT ON This we will likely be adding. 3- ONLYSENDIFFORGIN

Re: [Declude.Virus] Virus log

03/05/2004 08:12:14 Q7cae0ec702baecc7 Could not find parse string >>> Virus in report.txt 03/05/2004 08:12:14 Q7cae0ec702baecc7 File(s) are INFECTED [: 2] 03/05/2004 08:12:14 Q7cae0ec702baecc7 Scanned: CONTAINS A VIRUS [MIME: 2 5390] What does could not find parse string mean? I got a postmaster

Re: [Declude.Virus] Bagle.J / news.com article on AV software opening zipped files.

That is exactly why I suggested scanning for file types instead of extension. I think Scott mentioned that they need to include full MIME decoding before something like that would be possible. Scott, how feasible is this idea for inclusion? I'm not sure exactly what the idea is. Some of the idea

RE: [Declude.Virus] Virus log

Ok, Yes I'm running Sophos. Scott, on a previous email that you wrote to me on Wednesday night I was reporting a error code 2 because of the bagle virus encrypted zip file. You said I should use the VIRUSCODE 2. Here is the email before: I'm guessing that the "Error 2" from Sophos means that Sopho

Re: [Declude.Virus] Bagle.J / news.com article on AV software opening zipped files.

By detecting the file type instead of just the extension, and allowing configurable actions based on detected filetype, we could avoid future viruses that ask the user to rename the file upon receipt. But, that prevents people from doing the same for good purposes, too. So you can no longer say

Re: [Declude.Virus] NAV 2003 catches beagleJ in encrypted zip?

I was trying to test the latest interim and when I tried to send myself a copy of the virus, NAV outbound scanning caught it even though it was passworded. I tried to unzip it to make sure and it does require a password. I didn't think they could detect it like that... Is this a NAV E-mail gateway

RE: [Declude.Virus] NAV 2003 catches beagleJ in encrypted zip?

Plain old NAV 2003 on my Win XP workstation that scans e-mail - sorry for not being specific. BUT the weird thing is there was no e-mail with a PW. I had saved the file from one that had gotten through and attached it to a e-mail with the only the word "test" in the body of the e-mail. I don't ev

Re: [Declude.Virus] BANEXT question

No such thing as BANEXT EZIP?? I believe he meant "There is no such thing as BANEZIP ON" (because there isn't one of those). But Don re-posted the summary that I had sent out last week, which has all the details in it. -Scott --- Declude JunkM

Re: [Declude.Virus] Swen not tagged as forging?

Yes, Swen forges. FWIW, we haven't yet seen a single copy of Swen that forges. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver v

Re: [Declude.Virus] Swen not tagged as forging?

I'm not seeing both a "From" and a "Mail from" listed in the headers that come back from Declude. So, it must be in some detail that not in %headers%. I take it that Declude will send it to the "Mail from". Looks like I'll be testing with Swen Not forging. You'll see the return address in the

Re: [Declude.Virus] Unknown Virus

I'm getting LOTS of unknown viruses with Subject lines that look like W32/[EMAIL PROTECTED] http://vil.nai.com/vil/content/v_101083.htm McAfee does not yet have DAT 4335 released. Netsky.J likes to use *.pif files. The "Unknown virus" will occur when

Re: [Declude.Virus] declude with mcafee virus scan 8

We have Imail 8.05, declude standard v1.75 and recently we have got mcafee virus scan8. In combination with declude and virus scan 8 on demand scanning is working fine. We have more than 20,000 users in single domain. In mcafee virus scan 8 (Active shield) we don't have option to exclude users and

RE: [Declude.Virus] declude with mcafee virus scan 8

I have one more doubt, we have mcafee virus scan8 and Norton anti virus corporate edition 7.6 also. Can we install both on mail server, is it recommended to install two AV scanners on the server? If so then I will disable active shield in mcafee and will use it for declude as on-demand scanner, an

Re: [Declude.Virus] eicar in a .zip file

Using the test virus sender on your website, the eicar plain file gets caught as a virus, where the eicar in a .zip file gets caught as a banned extension. That's because: 03/10/2004 08:42:40 Q295c000501aa26d2 Banning .ZIP file with encrypted COM extension. It's not a standard .ZIP file, it is

Re: [Declude.Virus] RE Maybe a Bagle got through

I just had a user send me an email with all the signes of Bagle in it. Password zip and all. It came right throught to the user and then it was forwared to me. When I try to extract the zip on a test system I get "invaild archive format". That's the problem. Most likely, it wasn't a valid .ZIP fi

Re: [Declude.Virus] RE Maybe a Bagle got through

Even though I have not caught any since 09:30 do you think it is safe to just use BANZIPEXTS ON BANEZIPEXTS ON Add drop BANEXT EZIP I had been getting a few ever hour before this. It depends on what your needs are. If you are already blocking attachments based on the file extensions, then using

Re: [Declude.Virus] Declude is blocking password protected excel files

Hi, I running declude virus Ver.1.178i9 and I'm using Sophos anti virus. In the virus.cfg I have a virus code 2 under sophos but when someone is sending a xls file with a password on it I get this error in the virus log below. 03/10/2004 15:02:03 Q743829a501eaae18 Could not find parse string >

Re: [Declude.Virus] ClamAV settings in virus.cfg

Are the settings for ClamAV in the Declude Virus Manual complete? Yes, but: SCANFILE C:\clamav-devel\bin\clamscan.exe --quiet --log-verbose --no-summary -l report.txt VIRUSCODE 1 I would have thought there would be a REPORT line. There isn't. The problem is that ClamAV doesn't report the virus n

  1   2   3   4   5   6   7   8   9   10   >