Sorry for this being off topic, but have a question.
Actually, it could be considered on-topic:
Is there an anti-virus gateway that will check all traffic coming in and
going out of a server for virus's, etc. We're developing a web site for a
company that will be sending and receiving resumes
It turned out they were quite right - Outlook happily placed an End
delimiter between the HTML text of the email and a word attachment. Is this
a known bug? I've done som testing, and this appears to happen whenever I
send a HTML email with an attachment. We are using Outlook 2000 (build
I thought Declude will report this only to the postmaster and the receiver,
and not to the sender?? ;-)
To prevent the notifications from getting sent to the sender of viruses
such as Klez (where the return address is forged), you would also need to
have the following lines at the top of the
Wouldn't that first statement about the license key not be a problem since
the key is specific to the mailserver that is it is run on and could not be
reused unless you used the domain and server name that the keycode was
originally for?
That is correct. :)
Can anybody tell me in which order different Declude products (virus,
junkmail, hijack, ...) work on mails?
Are mails, which are quarantined by junkmail, scanned for viri before?
E-mails quarantined by Declude JunkMail will have been scanned for viruses,
unless you change the default settings
Is there anything to consider before using AVAFTERJM?
Yes -- any E-mail quarantined by Declude JunkMail will not be scanned for
viruses, so if you later deliver the E-mail, it could contain a virus.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
What makes me worrying is that quarantined emails (declude virus) have the
X-Declude Headers from Declude Junkmail. This means that they must have been
scanned by junkmail, before declude virus comes in place. Am i right?
Not necessarily -- the Declude JunkMail headers may get added even if
To enable this feature, do we just put AVAFTERJM ON in the virus.cfg file?
Correct, and:
I assume that one downside is that the spam folder could possibly contain
held spam emails that are do contain viruses, because they were held for
spam before they got scanned for viruses, right?
Correct.
If anyone is catching E-mails from walmart.com that contain the Outlook
'CR' Vulnerability (or any other vulnerability), would it be possible to
E-mail me one of the D*.SMD files from the \Imail\spool\virus directory? I
am working with them on fixing this problem, but it seems to be sporadic,
Is there any back door to declude virus or some way to release it so that
is can be scanned by declude virus before it is delivered?
Not after Declude JunkMail catches it. Although there is a way you could
get Declude to scan the E-mail again, Declude JunkMail would catch it again.
Are there any other cautions with using this feature other than releasing
mail that was held by junkmail's HOLD action?
Such as if junkmail uses the ROUTETO or MAILBOX action prior to the virus
scanning, are there any conditions that would cause the email to not get
virus scanned?
No, that
What the code to inklude the complete header in the mail to the postmaster ?
It is %HEADERS%.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an
Is there a way to just refuse attachments of certain types? instead of
quarantined OR strip the attachment off? I don't want to bounce messages,
I'd be happy with just removing the attachment. maybe add a line to the
mail Attachment removed ? Is this possible? Or something we can add?
No,
Does a Outlook 'CR' Vulnerability virus alert always mean malicious
intent? It seems that a lot possible spam gets flagged like this.
It doesn't always mean malicious intent -- it does, however, indicate that
it is not possible to automatically detect whether or not the E-mail is
malicious
Received: from Satumqc ([63.160.179.245]) by out016.verizon.net
(InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with SMTP
id [EMAIL PROTECTED]
for user; Wed, 2 Apr 2003 19:35:37 -0600
Now that IP shown IS ours, but the brackets tell me it's fake. Besides
How can I deal with this trash that was not realy sent from Yahoo? We have
to add a neg weight so legitimate email does get from Yahoo, but I get stuff
like this every day:
One option might be to set up a filter with the following lines:
MAILFROM 8 CONTAINS @yahoo.com
REVDNS -8 CONTAINS
Actually, the bracket doesn't mean it is fake. The bracket just indicates
an IP address. This header means that the mailserver claims to be called
out016.verizon.net, and that it received the E-mail from a mailserver (or
mail client) claiming to be Saturmqc, from the IP 63.160.179.245.
Ok,
The disadvantage to this it that it would give a weight of -8 to E-mail
from a valid yahoo.com mailserver that was sent with a non-Yahoo return
address.
Under what circumstances would this happen? Does Yahoo provide mail
services for other companies and their domains? I would imagine mail
Does the new beta 1.70 with interims address the issues of the No filename
in disp
Content-Disposition: attachment?
No -- we are not aware of any issue here (except the obvious; that some
E-mails have what appear to be broken Content-Disposition: headers).
Should I be running it (i.e. more
Anyone else noticed a high virus traffic today?
We can see here a lot of different viruses (Klez, Fizzer and by far most
Bugbear.b) coming from all around the world.
Sophos and McAfee just minutes ago announced a new variant of Bugbear,
which apparently started spreading yesterday. They both
06/04/2003 14:51:29 Q3ef6000501666762 ERROR: Virus scanner didn't finish
after 60 seconds; terminating.
what happens to unfinished virus scanner process? is it terminated completely
and correctly?
Yes, it is terminated completely and correctly, and Declude will continue
processing the E-mail
Is it possible to have banned attachment notifications sent to the
recipient as well as the sender? If so, how do you do this?
Yes, you can do this, although they must be identical.
To do so, you can change the To: %MAILFROM% line to To:
%MAILFROM%,%ALLRECIPS% (with just a comma, and no
We have just released Declude Virus v1.70 (beta). See
http://www.declude.com/virus/manual.htm . Notable changes since the last
beta include:
o Will now use the virus name from the first scanner, if multiple scanners
are used.
o Will now look at both intended and actual recipient addresses
The AUTOWHITELIST fix was for Declude JunkMail -- the option isn't listed
yet because it isn't in a released version yet. It automatically
whitelists E-mail addresses in a recipient's address book.
-Scott
At 06:59 PM 5/28/2003, Jonathan wrote:
I see the
Sorry for the dumb question, but which address book? in ( for example)
outlook express or do you mean the webmail porton of imail?
Web messaging (since it isn't possible to access the address book in OE or
other mail clients).
-Scott
---
Anyone know what this means? It has been properly detecting Sobig viruses
today so I know it is working, but I have never seen the errors below.
IMail 8.0, Declude 1.70, F-Prot 3.13a
05/28/2003 20:30:54 Q549e061b00aac30f Error 8 in virus scanner.
The Error 8 from F-Prot means that it detected
Does anyone know what this means (use Declude Virus Pro / F-prot 3.13a /
Win2K SP3)
05/28/2003 22:29:57 Q709502a6010c3baf Error 0 in virus scanner.
05/28/2003 22:29:57 Q709502a6010c3baf Scanned: Error in virus scanner.
[Prescan OK][MIME: 2 27056]
I have started to see several of these since
Does Declude Virus know how to handle IPBYPASS lines in the virus.cfg file,
much along the lines of how Declude JM does?
No.
When I get postmaster notifications on virus interceptions that were
passed along from one of my
secondary mailhosts, I would like the reported %REMOTEIP% to skip those
05/29/2003 06:26:42 Qe05301090146bcae Error 0 in virus scanner.
Are you using two or more virus scanners? There does appear to be an issue
with 1.70 where this message will appear in the log file if one or more
scanners report an error, but the last one does not. This will be fixed in
the
There does appear to be an issue
with 1.70 where this message will appear in the log file if one or more
scanners report an error, but the last one does not. This will be fixed in
the next release (an interim release can be made available immediately if
necessary).
Does this affect the 1.69beta
One thing I noticed when we were moving our servers. I made a mistake in
the file path for the virus scanners (2 of them) and did not realize it
until I received a virus.
The interesting thing that I noticed was the attachment (.scr) was with the
virus. The virus.cfg had it listed as a banned
anyone's declude/f-prot combo 'not' catching the vbs/inor.a virus? updated
to 1.70 and sig files for f-prot(dos) today and this virus got thru.
What does the Declude Virus log file say about the E-mail?
Do you happen to still have a copy in the .mbx file (which would allow us
to analyze it, if
I have done many tests... virus gets caught but none of the scanners
report the name.
Eicar comes as unknown.
Does the log file show Unknown? From the settings you have, it *should*
work.
-Scott
---
Declude JunkMail: The advanced anti-spam
I'm still using 1.66i18 since I hadn't had any problems with it and hadn't
seen any reason to upgrade it. I don't remember 1.70 coming out and why I
didn't install it. Is there a good reason why I should go to the newer
version?
I would recommend upgrading to 1.70, as interim releases often
We have started to get numerous of these in our log file, do you know what
these may be.
06/02/2003 09:02:09 Q4acf0c270148af58 No filename in disp
Content-Disposition: attachment.
That's quite unusual -- it indicates that the E-mail has an attachment, but
no name was given to it.
We have had a lot of viruses get through today (new Backdoor
AVF), seems McAffee is the only one that has it available (sig file).
Luckily we already alter .exe files so that can't be executed. Should I
be concerned with these Content-Disposition, I just started to see a lot
(100's a
I've been remiss in keeping up to date as to which viruses forge the from
field, so I'm afraid that the 'FORGINGVIRUS' section of my virus.cfg, and
the SKIPIFVIRUSNAMEHAS section of my notification emails is behind on the
times. Would anyone care to share the virus names that you have
I went to get the latest version and remembered why I hadn't downloaded
1.70. It's listed as a beta with 1.65 as the latest release
version.
That is correct. 1.65 is the latest released version; 1.70 is the latest
beta version.
I'm using 1.66i18. I don't remember what the problem was that
Windows .NET Magazine (which mentioned Declude JunkMail in their April,
2003 Enterprise Spam Filters Buyers Guide) is having a Reader's Choice
vote, where you can let them know what software you think is the best in
its class, and even which offer the best support.
If you think that the
Today we had a 'horrible' thing happened with our scanner (have two
in place F-Prot and InoculateIT), not sure which one had issues:
06/04/2003 14:51:29 Q3ef6000501666762 ERROR: Virus scanner didn't finish
after 60 seconds; terminating.
This is the problem -- one of the virus scanners
I only saw this problem after migrating our mail server from a Dell 1550
with a PIII processor to a Dell 2650 with dual Xeons. The only common
thread is the Xeon processors in our machine.
I wonder if Scott has seen anythging like this with Xeon based servers
running Imail/Declude - a shot in the
I've just ran the tool spoolviewer on my system and it reports a number of
orphaned emails. What are these and how do I get rid of them? They number
more than the email.
Those are D*.SMD files with no matching Q*.SMD files, which means that they
are double bounces (where IMail can't deliver the
Is the \imail\spool\virus the only directory I need to exclude from my
realtime virus scanner? For testing, I've excluded the whole \imail
directory from by virus scanning, but when I put this server live, I'd
like to have as much protection on it as possible.
No -- in fact, you can have the
The big problem is if the on-access virus scanner scans the temporary
directories that Declude Virus uses off of the \IMail\spool directory. If
that is done, and the on-access scanner happens to detect a virus, the
virus *will* be delivered.
So would it be best to exclude the \imail\spool
Having corrected the config file for multiple scanning engines properly I
need to ask if the footer needs to be tagged as Scanfile1 footer or
Footer Scanfile1
The FOOTER option in the virus.cfg file is just FOOTER, and can have
anything in there you want to (which will appear at the bottom of
I checked the Declude log file and see no errors.
So Declude Virus says Virus Free, and if you are running Declude JunkMail
it says Message OK?
Only normal reporting on message's that fail whatever test. I checked the
virus.cfg file and I do have DELIVERERRORS ON in the file. I
just turned on
I had two clients contact me today about similar situations. One had
confirmation from United
Airlines blocked, while the other had one from Northwest Airlines blocked.
I understand why this is happening, and the necessity for Declude to stop
malformed messages that
could allow a virus to
[Follow-ups to Declude Virus mailing list, please]
06/11/2003 15:59:31 Q982f0f6 Your virus scanner DOES NOT EXIST (at
d:\IMail\spool\D982f0f6.vir\); NOT SCANNING ATTACHMENTS! [2]
That error means that there is a very unusual problem with the virus
scanner path (as in Declude Virus doesn't even
[Please send any responses to the Declude JunkMail mailing list]
Does anyone have a good example of what and where the white list command
should look like in the global.cfg file.
They can go anywhere in the file, so you could have lines such as:
WHITELIST FROM[EMAIL PROTECTED]
[Follow-ups to the Declude JunkMail mailing list, please]
What is needed to allow this to work. Will it work with v6.06?
The AUTOWHITELIST feature in Declude JunkMail will work with all versions
of IMail from v5 through v8.
-Scott
---
Declude
i have been getting since saturday many attachement that were supposed to be
banned
declude is still intercepting vulnaribilities, but banned extension, and
even viruses are going thru (maybe corrupted viruses, but they were caught
by local norton av)
I assume these were getting blocked before
no changes lately
sent mbx file and cfg files to [EMAIL PROTECTED]
They haven't arrived yet -- could you try sending them again?
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known
How can I find messages that were Held by Declude Junk Mail.
This is the third time within a few days that you've posted Declude
JunkMail questions to the Declude Virus list. Would you mind posting this
to the Declude JunkMail mailing list instead?
RHome Loans!... Debt Consolidation... Refinance
One of our customers does not want to receive these messages any more.
Obviously they still want the viruses to be caught by I guess they don't
care of see the notifications. I was wondering if there is a way that I can
isolate their domain
every time i try to send mbx (zipped, renamed, ), it is now getting
caught
how can i send it ?
and how did it get into my mailbox in the first place ?
Have you checked the log files to see what they say?
If it arrived, but couldn't make it out, something isn't right.
I deactivated declude for my adress and sent you the mbx, have you receive
it ?
also, do you need the declude log, or imail log ?
We did receive a copy of the .mbx file, but it was caught here. That means
it won't be of much use -- if it gets caught here, then it should get
caught on your
The best (in my opinion) would be to add a line SKIPIFVIRUSNAMEHAS
Vulnerability to the top of the \IMail\Declude\*.eml files, which will
prevent the notifications from getting sent out when spam gets caught
(since spam seems to be the main source of vulnerabilities).
If I use this option,
I've read through the archives and release notes concerning the SKIPIFRECIP
option.
If the domain name which we want to skip notifications for was sample.com
then I think the correct syntax for SKIPIFRECIP is...
SKIPIFRECIP @sample.com
...and I want to add that line to the top of recip.eml?
Is
seems that the messages are not beiing scanned by declude
nothing added to the header
is this possible? or the only possibility is that they are being sent by
imail1 /web messaging ?
E-mail sent via imail1.exe or web messaging will not get scanned by Declude
with IMail v7 and earlier (unless you
Does V8.0 hand this off to Declude differently?
With IMail v8, web messaging (and IMail1.exe) will send E-mail to Declude
for scanning.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches
I have two scanners running, McAfee and F-Prot. On the McAfee side, I
believe I'm running the 4.2.60 engine and the 4273 DAT file, but I'm not
at the shop where I can triple check. F-Prot is catching these So-Big-E
[name munged to protect the guilty] viruses like a champion, but the
McAfee
attached are the 2 part of imail log file, receiving and delivering
too long, to many recepients
maybe thats why it went thru ?
Do you have any C:\Declude.gp1 or C:\Declude.gp2 files? If so, could you
send them to me (off the list)?
-Scott
---
if a file has a banned extension and a virus
will it trigger the banned extension email or the recep, ... virus email?
is a banned extension first scanned for viruses ?
In the case of an E-mail with a banned file extension and a virus, Declude
Virus will treat it exactly the same as if it did
here is declude log
it did detect the virus, but why did it let it thru, and whithout changing
the header
Are you *positive* that the E-mail that was delivered is the one from the
log file? If you are running Declude JunkMail as well, were there any log
file entries for this E-mail (ones that
In checking the log file for errors to see why the .vir directories were
left I found this.
06/27/2003 02:50:52 Qf73c13c Error 183 creating temp directory
d:\IMail\spool\Df73c13c.vir\.
What version of Declude Virus are you running (you can type \IMail\Declude
-diag from a command prompt to find
This problem can be seen better at
http://www.dnsreport.com/tools/[EMAIL PROTECTED] --
your primary mailserver is down. The Test Virus Sender tool will only
attempt to connect to the primary mailserver.
Unfortunately, until the primary mailserver is back online, the Test Virus
Sender tool
212.173.132.2 is ALSO the address of our intranet, it's served from the
same server and mailgate.sidcot.co.uk resolves to this IP. I have stopped
the intranet server but no improvement.
My guess here is that you have a firewall that is blocking the packets --
upon inspection with a packet
Does anyone have a semi-current list of forging viruses? I'd appreciate if
someone could just paste me that block of their config - I haven't been
keeping up on the forging ones.
You can find the latest ones that we know of by going to
http://www.declude.com/virus/manual.htm and looking at the
Since upgrading to F-Prot 3.14 windows (without real-time) I've now seen
web messaging lock up twice and I get a SMTP error on the IMail
server. The error message (didn't write it down) is a pop-up window on
the server. I'm running Declude Virus v1.70 also.
F-Prot 3.14 shouldn't be able to
Hi Scott, therefore if use on-access virus scanner also using the option
/report however I will not have the possibility to know the type of virus?
Still thanks.
That is correct. The on-access scanner will delete the attachment, without
recording what virus was found or what attachment it was
Hi Scott, but if not use on-acces scanner I cannot control the mail that
they come sended through web-mail, just ? I bring back you of continuation
an extract of a mail that you have sended to time ago:
One option would be to upgrade to IMail v8, which will let Declude Virus
scan web messaging
I have been contacted by one of our users who had a message blocked by
Declude Virus and was sent a warning about a Outlook vulnerability contained
in the email. The problem is that it was a web server generated email
message and not sent from an Outlook/Outlook Express client.
A vulnerability
Thanks for the quickly response Scott. The information was sent on to the
programmer involved and here is his response.
I'll be quoting a lot here. Be warned; it gets very technical.
The usual format for a MIME message is this, where you can have any
number of boundary-header-content blocks.
I no longer have the original message, but I could probably have my user try
to do what he did to get the message sent from the web server in question.
That would be very helpful.
I am quite confident that the problem is on the other end, but it is
helpful to know for certain.
I baffled as to why Declude Virus Pro is suddenly not able to find the
report file. Nothing has changed from earlier this morning till now. The
last F-Prot update was yesterday afternoon and Declude has not been updated
today. Any ideas why Declude might be having this problem?
What version of
I upgraded my Imail system from 6.06 to 8.01.
I thought that as part of the upgrading process I had to run again
declude.exe
I was going to do it, but I saw that Declude was running Ok ( catching
viruses as usual) after I finished the upgrade.
So it seems that I did not need to run declude.exe
Declude is catching some instances of bugbear but letting others through!
What do the log files show when it goes through?
What version of Declude Virus are you running?
Are your virus definitions (and the virus scanner .exe file) up to date?
It's not informing me or users of viruses either!
Imail Log
At 09:00:00 I see an infected machine send 101 emails!
Declude Log
At 09:00:57 I see files are infected [3]
and the line below says contains a virus
What would be most useful is the log file entries for the E-mails that were
not caught. For example, there are very big differences in
We have just released Declude Virus v1.75 (release version). See
http://www.declude.com/virus/manual.htm . Notable changes since the last
beta include:
o A number of minor fixes
Other additions and fixes can be found in the release notes, at
http://www.declude.com/relnotes.htm . Anyone
A customer asked me if our virus-filter protects also for
Macintosh-viruses.
Now I'm not 100% sure what I should answer.
My opinion is yes, but does a DOS-scanner really check for viruses
written for another plattform?
Declude Virus supports BinHex, which is the common Mac format. So if the
Using Declude V?
What version (you can type \IMail\Declude -diag from a command prompt to
find out)?
-diag returns nothing
Are you sure that typing \IMail\Declude -diag from a command prompt
doesn't return anything?
If so, that means that you are running an old version (at least 2 years old
When this switch is used in the virus.cfg file, should JM not write its
results to the headers and then send it on to AV?
The headers are added to the E-mail after all the Declude programs are done
handling the E-mail (so that the file only needs to be updated once), so
the Declude JunkMail
The MIME/SMTP architects must have envisioned some use for two different
names or there would be no reason to specify it twice. Does one take
precedents over the other?
The short answer is that this is a known vulnerability, so it must be
caught. :)
The slightly longer answer is that there is
I have sent the file to you.
These do look very suspicious. It appears as though they are malformed
viruses -- specifically, the message.zip file contains a file
message.htm. The message.htm file appears to start with MIME headers,
followed by a file foo.exe that appears to connect to the
I am using F-Prot and it is completely update to date, and not catching it
the virus...is anyone using F-prot actually stopping it?
The catch here is that the virus just came out a few hours ago. McAfee is
catching it because it detects the exploit that is used, but F-Prot doesn't
detect the
However when running, I found these messages in the logs: Check the bold lines
08/04/2003 17:53:34.796 Qe3ee000801266a26 Starting scanner #1:
D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC
d:\IMail\spool\DE3EE0~1.VIR\
08/04/2003 17:53:41.937 Qe3ee000801266a26 Starting scanner
#2:
Scott they were 11 different ones and in about
5 different directories. We run Serve-U on this
machine just for our employees access. No IIS,
or SQL. We do have web servers and SQL machines
running here but they run Grisoft and none of them
have had any instances. This machine is not mapped
We use the F-PROT scaning engine. It has the most current config files
installed. Its not catching messages with the
new W32/Mimail.Ahttp://www.f-prot.com/news/vir_alert/mimail.html virus
attached in them.
Anyone else seeing this-- F-PROT not catching this virus ?
If you upgrade F-Prot to
It will block files based on the file name. So if you use BANNAME
message.zip, it will ban any attachments that are named message.zip
Can you use wildcards?
No -- it just looks for an exact match.
-Scott
---
Declude JunkMail: The advanced
Scott, on this particular one, I have also seen 2 caught. Should we initiate
a dialog with Paypal so that they fix their problem?
We've already contacted them. They are most likely deleting the reports to
them. Unfortunately, large companies like PayPal and Amazon are often
unable to process
We'd been going along just find catching minmail right and left, then a few
minutes ago a copy slipped in. It wasn't detected by the desktop scanner
either, even though definitions are up to date.
Do you mean that it did not get caught by Declude Virus, and it also did
not get caught by the
do i send an email from webmail opened on a terminal session, and sending
eicar.com out in the world it will NOT trigger any of the
options witch are in the virus config file f.ex banext
Why ?
That's because in versions of IMail before v8, they set it up so that
outgoing E-mail from web
Where is the batch file that uses wget to update the f-prot dos software for
use with declude? The version I have has been updating the virus
definitions but it has not been updating the engine (I had to upgrade
manually to ver 3.14a.
If you go to http://www.declude.com/tools , I believe there
with the new engine and using f-prot.exe and sending from my outlook
client i get a virus warning and its ok
but doing the same with fpcmd.exe it get caught of the banext
This sounds like a separate issue -- the command lines for F-Prot.exe and
fpcmd.exe should be identical *except* that you
I have an enclosed the headers of an e-mail which got blocked by Declude
Virus as having the Vulnerability listed in the title of this message.
Great! Declude Virus is doing its job. :)
Any up-to-date mailserver virus scanner should have caught this E-mail:
...
Subject: Don't forget to claim
Well I found how to make it report. Use avg.exe instead of
avgscan.exe in declude command line settings for AVG:
08/12/2003 17:45:26 Q6e00024c0264e7c1 Scanner 1: Virus=: EICAR_Test_File
Attachment=eicar.com [1] I
08/12/2003 17:45:27 Q6e00024c0264e7c1 Scanner 2: Virus= the W32/TryMem
virus !!!
You should have the ban's in your \IMail\spool\virus\Hold directory.
I didn't have the hold directory at first (perhaps deleted in error in the
past), but I've since added it. Since then I've seen e-mails banned by the
ban extension but nothing has shown up in the hold directory. Is there
Can somebody tell me what this vulnerability is as I do not see it list in
the Declude Virus site nor have I seen it discussed here. This is also the
first time I have seen this specific vulnerability caught.
This vulnerability occurs when the headers of an E-mail claim that two or
more
That's Mimail. If you are using F-Prot, v3.14 or higher is required to
catch this.
-Scott
At 10:07 AM 8/11/2003, Bridges, Samantha wrote:
Below is a message that one of my users is getting daily. The message
below also comes with an attachment called
I have the following in my vulnerability.eml file:
SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability
ONLYSENDIFREMOTESENDER
SKIPIFRECIP [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: %ALLRECIPS%,[EMAIL PROTECTED]
Subject: We blocked an e-mail sent to you!
The notice is still being sent to [EMAIL
501 - 600 of 1188 matches
Mail list logo
