I have BANEXT active, and as a courtesy I have a notification through
Delcude going out in case someone is legitimately trying to send an .exe
file. Is there anyway to turn this off for the .pif extension? The SOBIG.F
Virus is sending this to all my users with fake e-mail addresses and then
the
Just like everyone else, we are getting hammered by Sobig.F. Declude seems
to be catching and holding the virus e-mails with the attachments because of
the BANEXT option. The potential exists to overload our hard drive. There
were over 3,000 held messages today (that is about 2x what we would
I thought BANEXT worked before the scanner?
Both are done on all E-mail, and if a virus is found, it takes priority
over the banned file extension.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude
Twice today I have been sitting at local users machines for unrelated tasks,
and in both cases I noticed notifications in their local email inboxes
warning about inbound sobig messages. I didn't give it a lot of notice at
the time, I knew we got a zillion of them already. The problem is that I
I'm thinking of leaving the banext in place but want to allert the sender
and/or recipient when a mail is being held. I've downloaded the
BANnotify.eml file but don't see how Declude decides when to use it. Do I
need to put any extra control lines at the beginning?
Declude knows by the name of
I''ve found this line in some mails but can not determine which program
put it there.
X-MailScanner: Found to be clean
The reason I realy want to know is because this line was in several
virusinfected e-mails. So, which program decided the e-mail was clean, and
it what sense was it clean?
Does anyone else bother to look at the header, do a who is on the IP and
notify the responsible party of the possible problem on their IP?
We occasionally do so (that's how we found out that Disney and the Pentagon
were infected by Sobig).
I see the IPs in the e-mail headers so if someone was
The Pentagon? REALLY??? That's friggin scary as hell
Yup. They got infected about 1PM yesterday, we found out and notified them
about 8PM, and they responded quickly saying that they were aware of
it. As of a couple hours ago, though, they were still sending them out.
I did that with eicar and the On-Demand Scanner picked it up. However, when
I did it with Sobig.F, there was no attachment. Then I noticed that it was a
bounced message from another server (not using SKIPIFVIRUSNAMEHAS). I'm now
wondering if that is why McAfee On-Demand/Declude is not picking it
Here's the command line from my config file:
SCANFILE C:\Progra~1\Fsi\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE
/NOBOOT /DUMB /REPORT=report.txt
Actually, it looks like the default configuration for F-Prot includes:
VIRUSCODE 3
VIRUSCODE 6
So adding the
So I disabled the On-Access scanner and I still get the error when an email
is found with a virus
08/21/2003 16:03:46 Q2584064 ERROR: Virus scanner didn't finish after 30
seconds; terminating.
...
08/21/2003 16:04:03 Q2584064 Scanned: Virus Free [MIME: 2 1128]
Notice the last line of this
08/22/2003 09:01:15 Q221e106 Could not find parse string Found in
report.txt
This will happen if the virus scanner detects a virus, but the report.txt
file that it creates does not include the virus name where Declude Virus
expects it (more specifically, in this case, the word Found was not in
Is there a way to make Declude email postmaster at the originating IP
address reverse DNS domain and not the domain in the FROM field which is
usually spoofed?
No. The SKIPIFVIRUSNAMEHAS option is used for cases like this.
We have considered using reverse DNS, IPWHOIS, [EMAIL PROTECTED], etc.,
In my virus_cfg.txt file, I have:
FORGINGVIRUSKlez
To add the sobig virus, do I add another line? like this?
FORGINGVIRUSKlez
FORGINGVIRUSSobig
That is correct. You may want to take a look at the default files at
http://www.declude.com/virus/manual.htm to see what other viruses
No only that - but what's this web address that will be updated.
If it's an IP - then it should be easy to contact the upstream provider.
If it's a FQDN - then it should be easy for the registrar to lock this
particular domain against updates
I don't see why this is supposedly so difficult to
Any one seeing hearing of any happenings on this?
F-Secure has reported that 1 of the 20 servers appears to be up, but it is
so overwhelmed that viruses aren't getting anything from it. But that does
mean that some could be getting through.
All we've seen is what seems to be a precautionary
But since the subject that you are receiving is undeliverable : RE:
Details isn't that his server is just returning the message Unless the
virus has more subjects then the list of subjects that I am aware of.
Comparing it to the headers generated by the copies of Sobig.F we've looked
at, it
However, these notifications became a significant impact during the
recent outbreak and now, I'm wondering about the possibility of
incorporating a daily manifest, as an option.
Do you think that a manifest option is a possibility for the future?
That's an interesting idea, that would be very
C:\cd C:\Program Files\Sophos Sweep for NT
This is what I got.
Seems to be right. Also i can start sav32cli.exe just fine.
I'm guessing that Sophos installed more than one directory. If you try this:
cd C:\Program Files
dir Sophos* /x
it should display the short file name,
So if a forged user from my domain sends a message to another IMAIL machine
to a user that doesn't exist and then their Imail Machine rejects the
message. I'm assuming that postmaster gets the entire message (virus
included) based upon the forged domain.
Actually, you should be safe on either
People a typically unaware that their machine is infected - because it
continues to function perfectly.
That is very true.
We infected a computer in our virus lab with Sobig.F, and you couldn't tell
anything unusual was happening. The file didn't seem to do anything when
it was run (so the
Is there any way to turn off email notifications to the sender and recipient?
You can delete the \IMail\Declude\sender.eml and
\IMail\Declude\otherpostmaster.eml files.
Most likely, though, you're just having a problem with Sobig.F -- if that's
the case, you can download the latest versions of
As postmaster I am getting skads of emails from Declude about the
mailto:W32/[EMAIL PROTECTED]W32/[EMAIL PROTECTED] virus. Is this one of the
forging ones that I could add
a line to my eml files to avoid getting all these emails?
We recently started seeing those, and it does appear to be a
Is there a way (or could it be added to the program [hint, hint]) to check
the IP (or IP class) instead of sender domain. Example: ONLYSENDIFIP
172.22.12.240 or ONLYSENDIFIP 172.22.*.*
An ONLYSENDIFIP option will be added to the next release (where it would
look for a partial match, such as
Every day, when you roll-over to a new virus log, this batch process
could be kicked off that would read the just-completed virus.log for the
MEDIUM log information, collate it by user and then send a daily
anti-virus summary to each user:
That is a good idea -- I'll add that to the suggestion
Is there a way to delete .pif emails before they get scanned? I'm trying to
cut back on system resources. I think declude runs before rules.ima as I
added
B~(name=.*\.pif):NUL
but I still see virues showing up in the hold folder.
Declude Virus runs before the rules do, so this may not be
is there a utility that will go thru the log and count the numbers of
viruses per remote (or local) ip adress? so i can block the most guilty
adresses on my gateway ?
You might want to go to the spool directory at a command prompt, and type:
find Received: D*.SMD file1.txt
sort
You might want to go to the spool directory at a command prompt, and type:
find Received: D*.SMD file1.txt
sort file1.txt file2.txt
That would be the spool\virus directory, correct?
Good catch, you are correct. It should be the spool\virus directory.
I have the SKIPIF lines in my eml files, but I was curious, what happens
to the corrupt versions of Sobig, etc that the attachments get through due
to no virus? Since these return addresses are no doubt bogus, is there a
guard against this? Do we have a SKIPIFATTACHMENTIS .scr option?
No,
I have a message sent by one of our users using the Imail 8.02 web messaging
interface that was blocked by Declude Virus with an 'Outlook CR
vulnerability'. Here is the information from the Declude virus log:
Ouch -- I thought Ipswitch would have fixed this bug in 8.02. Imail v8's
web messaging
As I was adding more and more IPs to the control access list something
occurred to me. It seems that most of the offending IPs are from
cablevision companies. If I could get the range of their dynamic IPS I
could block them all, permanently. I doubt anyone would be using
dynamic IPs to host a
I see the error about parsing the string in the report.txt file and know I
don t have one or it s not in the correct location. Where is it supposed to be?
It needs to be in the directory that Declude is scanning in.
SCANFILE1 C:\Progra~1\FSI\F-Prot\fpcmd.exe /ALL /SILENT /NOMEM
/NOBOOT
Log Snippet with error.
09/05/2003 00:04:37 Q194d01c Could not find parse string Found in report.txt
If you change the following line from you \IMail\Declude\virus.cfg file from:
REPORT Found
to:
REPORT Infection:
then this error should go away. Specifically, F-Prot uses Infection: to
There are two users, we'll call them [EMAIL PROTECTED] and
[EMAIL PROTECTED]
Both users are hosted on the same iMail server, but at different domains
which are separate virtual servers.
Declude virus scans all mail for all users both in and out of
GoodDomain.com.
BadDomain.com has no virus
If someone has an account on BadDomain.com forwarded to an account at
GoodDomain.com, would that email get scanned for viruses?
The way that IMail works (it doesn't let Declude know about any
forwarding), that E-mail probably wouldn't get scanned.
I was under the impression that if I put:
SKIPIFVIRUSNAMEHAS Sobig
In the recip.eml then the recipient of the virus will not be alerted if
Sobig is the virus.
Correct.
This works fine for Sobig but I noticed that I am not receiving a virus
notification for other viruses as well. So I
Would it be possible to spec what double extensions you wouldn't
allow?
Say
BANEXT TXT.EXE
BANEXT JPG.EXE
BANEXT GIF.EXE
Where you assume there always is a . infront of the first
extension ?
That's something that we can probably add.
-Scott
hopefully someone can give us some insight to a problem related to BSOD we
have been encountering on our Imail server
I'm guessing that it is one of the 3 virus scanners. AV programs often
access memory and hard drives at a low level, and are a bit more prone to
issues like this than most
Sorry if this is real obvious but I haven't upgrade my declude in a long
time and I can't remember where to get the latest version.
Can someone point me in the right direction?
If it has been over a year, the first step is to order a Service Agreement
at http://www.declude.com/order.htm .
Uhh sorry another dumb question, but other than digging through old files
can I find out if mine is expired??
Unfortunately, that's the only way, aside from contacting us.
I'll check our records and let you know off-list.
-Scott
---
Declude
I have a problem which I want to solve by having Declude *not* send a
message when the recipient is [EMAIL PROTECTED] Is there a way to do
this? If not, is there another way to get rid of these messages?
You can add a line SKIPIFRECIP [EMAIL PROTECTED] (with just one space
or tab on the line,
Which keyword do I need to add to the *.eml file to see which attachment
(filename) was stopped? I have not been able to find an appropriate keyword
but I might have missed it.
You can use %VIRUSFILE% for that. Note that %VIRUSFILE% only works when a
virus is detected (not for banned file
Exactly what happens with addresses set to be forwarded?
Incoming mail to [EMAIL PROTECTED] (which has no virus scanning) is
forwarded to [EMAIL PROTECTED] (which does have virus scanning).
Does the message get scanned?
Declude Virus scans all E-mail by default, so it all depends on what your
Does Sophos' CLI work well with Declude/Imail?
The Sophos sav32cli.exe file will work fine with Declude Virus. If it is
not detecting the eicar.com file (when sent from our Test Virus Sender at
http://www.declude.com/tools ), the next step would be the debug mode. To
do this, change the
FYI if anyone else experienced this problem, we pinned this down to F-Prot.
Disabling F-prot has resolved the problem.
Are you using F-Prot.exe or fpcmd.exe? Are you using the /NOFLOPPY
switch in the SCANFILE line in the \IMail\Declude\virus.cfg file (which
must be there for F-Prot.exe, and
Does anyone have a solution for stopping the zip of death?
It shouldn't affect Declude Virus.
This script sends the 42.zip recursive archive to the
mail server. If there is an antivirus filter, it may start eating huge
amounts of CPU or memory.
42.zip: ZIP archive, 42K, composed of nested zips
I would like to run Symantec Anti-Virus Corporate edition on our mail
server with its on access scanner to protect other file areas other than
the email going through it. I know problems would be encountered if the
on access scanner intercepts viruses before declude and f-prot can catch
Hopefully not to dumb of a question. In the virus config there is the line
FORGINGVIRUSvirus name which can be added and also SKIPIFVIRUSNAMEHAS on
the *.eml files. Do they do the same thing?
No. SKIPIFVIRUSNAMEHAS tells Declude Virus not to send out a specific .eml
file for certain
Is it my imagination or is the new Declude beeping? I think I
am getting a server that beeps every so often with the new version?
I put back 1.75 and now there are no beeps?
You are correct -- this has been fixed; there is a 1.76b at
http://www.declude.com/release/176/declude.exe that fixes
I had defined
WHITELIST ANYWHERE [EMAIL PROTECTED]
Yet, that only seems to whitelist messages coming FROM
[EMAIL PROTECTED] - all messages sent TO [EMAIL PROTECTED]
are not whitelisted:
Does [EMAIL PROTECTED] appear in the headers or body of the
E-mail? Are there any spaces/tabs after
Is this what causes a banned attachment (bannotify.eml) message to be
sent with no attachment name? We are getting a lot of these to
postmaster at a number of domains that we support.
The bannotify.eml file doesn't have the ability to display the attachment
name, just the extension.
It actually displays:
You have sent an attachment with the .[Unknown Var] extension.
What causes this?
That means that you are using a variable that your version of Declude Virus
doesn't understand. For example, if you use %MADEUP% in the .eml file,
it will replace it with [Unknown Var]. It
Love the automatic detection of forging viruses. When the feature is
enabled, I assume it will automatically suppress sending of the sender.eml
notification?
Yes. It will automatically suppress the sender.eml and otherpostmaster.eml
files, plus any .eml files that have a SKIPIFFORGING line in
Anyone else has seen a swen-message succesfull delivered to the final
recipient behind imail and declude virus?
I've noticed that the delivered message has had an 10 kB exe-attachment.
All hold viruses on our server have around 150 kB so the original
attachment should be greater then 10 kB.
Did
Is there anyway to invert the order, make Declude Virus to run before
Hijack? I would like that to happen because of the banned extensions
too.
If you are running the latest version (1.75 or later; you can type
\Imail\Declude -diag from a command prompt to see which version you are
running),
Is there a way with declude virus to delete only specific received viruses?
No, there is not.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in
We've made a change to the code for interim release v1.76i3 (at
http://www.declude.com/release/176i/declude.exe ) that should take care of
this issue.
That interim version is seriously broken, none of the Declude JunkMail
tests are executed, all messages have 0 as weight, no logs are
generated...
What I have noticed is that all of the 1.76i* releases have a problem with
creating
Eicar files in the directory that you run declude -diag in, except the IMail
directory. For example, if I run three times at the root C prompt:
C:\m:\imail\declude -diag
I will find the following in the root
I can't catch emails with the virus SWEN, I have the last definitions in my
antivirus (virus scan command line), any solution???
Are you running the latest version (.exe file) of your virus scanner? Some
virus scanners required an upgrade to the .exe file to catch Swen.
Does the SCANFILE line
Is Swen a forged virus?
No (as far as Declude is concerned). The From: header is forged, but the
return address (the one that Declude uses) is not forged. It will normally
come from an address that the recipient does not recognize, however (since
it mostly seems to get addresses from web
Since upgrading to IMail 8.03, I began getting this error several times
each day -
Error 183 creating temp directory D:\IMAIL\spool\Dfce20c8602461764.vir\.
(The error is something like already exists).
Have been running 1.69i7 since May and never saw that error.
This is something that we
Well, I have upgraded to 3.14, but still see TONS of these viruses getting
through. Please help if you can...
Have you checked to see that:
[1] They actually have an .exe (or similar) attachment?
[2] The attachment is not 0 bytes?
[3] The attachment is complete, and not truncated?
Any E-mails
I am sure this has been discussed many times in the past, but I have been
out of the loop, so forgive me for asking again. How do you notify your
customers who send viruses without notifying the ones with spoofed return
addresses? When we had the SoBig virus going around, we had to literally
Why is this mail cached by the blank folder
I can't see anywhere that there are an error which should cause this
The Outlook Blank Folding Vulnerability occurs when there is a line in
the headers with just a single space or a single tab character. In this case:
From: Eivind Pettersen [EMAIL
so just a wild guess if u sent to a group of your contacts in Outlook and
is has a bad adresss this can happen ?
Only if the mail client is broken.
The problem is that folding is used to take a long line and split it up
into several smaller lines (if you have looked at Received: headers, most
However, starting with v1.76, Declude Virus will automatically check with
our server to see if a virus is a forging virus, and automatically
suppress
the appropriate notifications if it is.
So this is implemented in the 1.76 beta which is on the page now? Thanks.
That is correct.
thats right but if I send an email to someone this is taken automaticly to
outlook
and in outlook it just appeas as benny not the email address then
Outlook will try to send to this contact even if there is not an
email address in that contact, then this one will appear as blank and can
cause
I have this happen about every 10 days or so. Ipswitch tech support claim
it is a bug in declude. They could not however prove it to me. So for what
it's worth?
They haven't yet found a bug in Declude, AFAIK. :)
What do your log files say? This could be caused by F-Prot not responding
Anyone having an idea why this mail is assumed to be an exe when its
actually a doc file ?
Because the mail client is giving it two separate names, with two separate
extensions. As a result, Declude Virus treats it as an .exe file, since
Declude Virus has no priority system to attempt to
I bought Trend Micro PC-cillin for a second scanner -- use F-Prot for
first scanner. Anyway, what is the command line file to use for
scanning. The example in the Manual shows pcscan.exe, but it is not in
the Trend folder. Is there another or did I mess up buying this
version? (I can at least
I have just added a virtual domain (my first, so please bear with me!).
I want to make sure both JM and Virus are scanning mail on the virtual
domain.
Is there any special configuration I need or will it do it automatically,
as it's using the same mail server?
It will be done automatically.
I hope you can help. I am having a problem where I have a large queue almost
every day for about 12 hours. I upgraded to Ver 8.03 from 6.05 because of
this problem. I was hoping the Queue manager would be able to handle it but
it seems as though Declude has a lot to do with it since the emails
Recently a problem has developed where the SPOOL folder is accumulating
huge (tens of thousands) of SMD files. These files build up very
quickly. What is more worrisome is that some mail isn't being delivered.
No bounce, undeliverable, or any other message from postmaster either. I
have tested
10/20/2003 16:20:16 Q437f01e800a28cd0 1 [1 of 2 not deleted] files were
deleted; assuming external virus scanner found a virus
10/20/2003 16:20:16 Q437f01e800a28cd0 File(s) are INFECTED [13]
10/20/2003 16:20:16 Q437f01e800a28cd0 Scanned: CONTAINS A VIRUS [MIME: 2591]
That's because you are still
10/20/2003 16:20:16 Q437f01e800a28cd0 1 [1 of 2 not deleted] files were
deleted; assuming external virus scanner found a virus 10/20/2003
That's because you are still using the ONACCESS ON setting. If you use
the
ONACCESS ON setting and have a virus scanner that doesn't save all the
files
We had some issues with our Virus software today and it was placing every
email into the /spool/virus directory. How do we resend those emails?
You can just copy them (both the D*.SMD and matching Q*.SMD files) back to
the \IMail\spool directory.
To send them out quickly, you can then go to
How do I add the recipient to the banned extensions notification?
You can add %ALLRECIPS% to the bannotify.eml file. For example:
An E-mail was sent from %MAILFROM% to %ALLRECIPS%...
-Scott
---
Declude JunkMail: The advanced anti-spam
to upgrade to 8.03 tonight
from 7.12. Is it a concern or should I just go for it?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Thursday, October 02, 2003 6:40 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] New Errors under Imail
It seems to only affect servers with a high volume of mail (several
thousand E-mails per hour).
Does 1-2k per hour qualify as several thousand?
What really matters is the quantity of E-mail in a very short time period.
You could probably have 10,000 per hour if they are spaced evenly. But if
i think it is not a problem of imail 8.*. we use imail 7.* an we get those
errors too. the volume of mail seems to be connected to the problem, we
only see
them when more then 500 mails comming in nearly the same time. right now we
think the problem is connected to the hd-accesstime.
The Error
Ok and that will be released ?
It's now available as an interim release (1.76i15) at
http://www.declude.com/release/176i/declude.exe .
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches
We have re-installed F-Prot and we continue to have the same issue. We
execute declude.exe and restart SMTP service - once we do that we get a ton
of unknown virus alerts and in the system process there is about 20
declude.exe running. What could be causing this?
What does the Declude Virus log
Is this true for the DOS version of f-prot too?
F-Prot.exe (the 16-bit program which comes with both the DOS and Windows
version of F-Prot) requires the /NOFLOPPY and /NOBOOT switches.
fpcmd.exe (the 32-bit program which just comes with the Windows version of
F-Prot) should not use /NOFLOPPY
Attached is the file for your review - we ran declude for about 2 min. It
almost crashed the iMail server.
What do you mean by it almost crashed the IMail server? How many E-mails
do you send/receive per day on this server?
10/28/2003 23:30:36 Q5532251336c 1 [1 of 2 not deleted] files were
It seems the templates at the Declude site are not updatet yet. So euther
Scott did not get around to it yet or he has other information. We got a few
Sobers as well and they claim to have come from an alias we only use for
receiving mail.
Ah, it looks like we missed that. The forging virus
What happens over time that there is so many declude.exe processes running
that it causes iMail to stop receiving email. Is there anything on the
server that we should check for settings? This is really a painful issue,
and I appreciate everyone's help.
You need to answer the proper questions.
How many E-mails do you send/receive per day on this server?
We average 800 a day
That's your problem. Your debug log file shows 52 E-mails/minute, and the
previous standard log file showed 266 E-mails per minute.
You're dealing with a load about 300 times your normal volume.
Check the
I was hoping you R. Scott Perry would take the last word on this with a
yes that sounds like a feature we should add in a future release or
sorry, but I don't think we will ever do this. Which of those do you
choose? or list your own if you don't like the two choices I've presented
We have a number of large customers who has serius problems with 'Blank
Folding'
We would like to be able to skip scanning for this single problem until
the problems are solved on a per domain setting.
Unfortunately, the only way to do this is to turn off all vulnerability
detection, which is
I'm running Declude v1.76i14, and it is my understanding that this version
will lookup the virus name via DNS to see if it's forging or not.
Correct.
It appears that the below virus is forging, but I believe my logs show it
trying to send a notification to the sender.
We've updated our server
after putting in this BANCRVIRUSES OFF
I still get this
[Outlook 'Boundary Space Gap' Vulnerability] / [No attachment]
There is an interim release 1.76i16 at
http://www.declude.com/release/176i/declude.exe that will take care of this.
-Scott
We started seeing these are 8am this morning
The attachment comes as photos.zip and so far neither Mcafee or F-prot is
catching them.
We recommend adding a line BANNAME photos.zip to the
\IMail\Declude\virus.cfg file (with v1.76 or higher), which will catch this.
From: james@current domain
I have never experienced this problem. What version of Imail does it
relate to?
I believe the reports have been for IMail v8. So you may want to wait on
upgrading to v8 (or test it on another server, first).
-Scott
---
Declude JunkMail: The
I'm trying to narrow down a problem where zip attachments that are
received via IMail 8.03 w/hf are corrupt. Same zip via FTP or HTTP check
out OK. Using the latest Declude virus beta and F-Prot 3.14b. The
declude log looks great, no errors.
Are they being sent as attachment-only E-mails
They are regular emails, I just sent you an example.
They definitely are corrupt (2 of the 3 in the E-mail you sent). However,
I can't explain what would be corrupting them (or whether they were corrupt
before they were sent).
-Scott
---
How is everyone blocking this virus?
Declude Virus will automatically block Mimail, unless your AV software does
not detect it.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known
Anyone knows of any known problems with Imail and declude causing it to just
shutting down and restart. ( The server that is. )
No, we're not aware of any such problems. You might want to send the
information on the memory dump to Ipswitch, so they can see what happened.
Declude version IM
Here also same situation 2+ alerts daily, stopped alerting. Otherwise it
was big load to server compared to regular mail delivery.
Anybody please suggest me a way to get rid of this.
When there is a virus that is causing huge problems due to its volume (as
was the case for many people with
Is it possible to not scan an email from a specific sender for
vulnerabilities?
No.
They are tripping the 'blank folding' vuln. and we
quarantine it. Thanks,
Why do you want them to be allowed to send E-mail with vulnerabilities?
-Scott
---
Is is possible (using per user settings) to simply suspend the
vulnerability scanning, yet still keep the main virus scanning on?
No. The vulnerability detection can only be turned on/off globally. For
an individual account (or domain), it can only be turned on/off along with
virus
601 - 700 of 1188 matches
Mail list logo