: Virus Free [MIME: 2 9695]
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail scanned for viruses by Farm Progress Companies using Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus
]
Would become:
02/19/2004 00:57:03 Q5e3001890238d967 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]
[outgoing from 64.200.128.98]
I don't have a real reason for this other than more information makes our jobs easier.
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail scanned
http://www.declude.com/Release/178/BANnotify.eml
I get an error when I try to download the bannotify.eml.
It tries to redirect to mhtml:http://www.declude.com/Release/178/BANnotify.eml
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail scanned for viruses by Farm Progress
the encrypted files for viruses this remains a risk.
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 03/03/04 08:08AM
FYI, there is a new virus that came out yesterday, Bagle.J. It spreads in
an encrypted .ZIP File. While an AV program can detect a normal virus in
an encrypted
Run 1.78i8 or higher.
Use BANEXT EZIP to ban encrypted zips
or
Use (pro only) BANEZIPEXTS ON to ban the extensions listed with BANEXT lines in
encrypted zip files.
You may also want to BANZIPEXTS ON to ban executables in normal zip files.
My F-Prot or AVG did not catch the Bagle.J that comes
I see WinZip now has it's own MIME vulnerability.
http://www.winzip.com/fmwz90.htm
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail scanned for viruses by Farm Progress Companies using Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http
I'm testing Mcafee also.
I've also seen it pickup the W32/Bagle.gen!pwdrar in rar files.
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 03/16/04 03:48PM
I'm running F-Prot, McAfee, and AVG. Only McAfee is picking this up. Has anyone else
noticed this as well?
Declude
to
stop because of an alpha/beta, I'd then be forced to go back to a previous release.
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 03/19/04 04:21PM
Hi Scott, and thanks for the reply. This leads to another issue: we haven't
used your interim releases because
done.
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 03/22/04 10:03AM
178i28. I did catch one Object Data on 3/18.
Would it be possible to E-mail the D*.SMD file to the declude.com
virustrap@ address?
-Scott
of banning by size, a maximum file size could be a useful
tool also. When I was a McAfee WebShield user, there was this option.
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from
in response to these
files. I tried SKIPIFVIRUSNAMEHAS DELETED0.TXT, but that didn't work. The problem of
course is that these files aren't in fact infected, and don't get trapped by the virus
scanner.
Is there any way to turn this off for a BANNAME?
Scott Fisher
Director of IT
Farm Progress
I've noticed that Virusscan does a better job of catching viruses in the .ezip than
F-Prot.
In my smaller world here, there will be 2-5 times a day .ezip viruses a day that
VirusScan catches that F-Prot does not.
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 04/23/04
, 11 May 2004 10:04:19 -0500
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 05/11/04 03:23PM
Hello
Our Mail server recevied a mass mailing earlier today.
The email is address to [EMAIL PROTECTED] and is coming from
[EMAIL PROTECTED]
Copy of headers:
Received: from
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WALLON.A
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 05/11/04 03:23PM
Hello
Our Mail server recevied a mass mailing earlier today.
The email is address to [EMAIL PROTECTED] and is coming from
[EMAIL
I've found Declude Junkmail to be almost an addiction.
Is there a 12 step program available?
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 05/11/04 04:42PM
Take note that there was a virus payload at the link as Greg pointed
out, but it appears that Terra-Lycos has
for each individual filters and then combo testfailed on those.
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 05/06/04 09:10AM
Help me out please.
Why are we looking for the beginning of an IP address? Also my
understanding of these filters is to eliminate sending emails
If you are paranoid, choose a client side filter that you are not using to scan your
e-mail. This would give you an added layer of protection. I believe Symantec has
Symantec Anti-Virus Corporate Edition that does not include a SMTP scanning gateway,
thus significantly lowering the cost.
Scott
Could be something new going on:
I've just blocked my first CPL file at 12:15 today.
.CPL is a Windows Control Pane lapplet extension.
This was undected by F-Prot, McAfee and AVG.
It has the ever-suspicious name of details.cpl
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E
It looks like some new virus may be trying to use the RAR files again.
I blocked 4 .RAR files from China last night.
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from
I've noticed the newsgroup at mail-archive.com hasn't been updated since last Friday.
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe
That's good, something for Scott's plate when he comes back.
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 05/21/04 03:34PM
For sure!
I tried now with different files and found why certain files ar not blocked
with BANNAME.
At the moment it's not possible to block
I would add Mailpure's ANTI-AV filter to elinate these bounces.
I've also seen that F-Prot does a slightly better job of catching the corrupted
variants than Mcafee.
[EMAIL PROTECTED] 6/12 4:22p
Beginning using the banned extension option with Declude (see virus.cfg).
Then any attachment
Just an idea.
That error code 1073741819 is associated with other applications crashing and the
sasser worm.
Does the error message go away if you restart your computer?
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 06/21/04 09:45AM
I had to move my Imail server
Yesterday McAfee really outshined F-Prot and AVG.
574 viruses found by Mcafee (11 exploit object trojan)
453 by AVG and
380 by F-Prot
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 07/19/04 11:32PM
Just to expand upon a thread on the JunkMail list, I was burnt today
that you ban. If you don't need exe
and such coming in, this is a good switch to help stop viruses from coming in in .zip
files in that windows between a virus release and the update to the definitions that
can catch it.
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 07
. This would effectively block the hole.
That's not nonsense, it's common sense.
Using your logic,
AV programs have properly handled .EXE files for years. Why should there be a Declude
option to block them?
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 07/27/04 03:18PM
and weights. Run it and it should create a filter file. Schedule it
to run periodically to stay current.
Add a line for the filter file into your global.cfg:
BODY-SCSURBLfilter D:\IMail\Declude\SURBL\surbl.txt
x 0 0
Scott Fisher
Director of IT
Farm
-Worm/Bagle.AP Attachment=fotos.zip [25] O
(NAI) Scanner 3: Virus= the Exploit-CodeBase.gen trojan !!! Attachment=fotos.zip [25] O
In this case, I'm sending out bogus notifications, and I'm wondering if I should
through Newstuff.06 in as a FORGINGVIRUS line in my virus.cfg.
Scott Fisher
Director
]
[outgoing from 203.200.31.7]
09/05/2004 11:08:02 Q39d809bf029cc654 Subject: submissions end september 28th - Sun,
05 Sep 2004 14:05:50 -0200
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 09/07/04 04:26PM
Hi,
I am seeing my McAfee scanner catch these JS/Zerolin
An explanation of why some needed the switch and
others may not have:
From: http://vil.nai.com/vil/content/v_128461.htm
The 4395 DAT files no longer require that McAfee anti-virus products are
configured to scan with program heuristics enabled to detect this
threat.
My personal scores from best to worst:
Clamav (been only a week, but it hasn't missed one) and free (Also catches
some phish with prescan off)
Mcafee Virusscan (beats F-prot on encyrpted zips) pretty resonably priced if
you can secure DOS command line only license. (Also catches some phish with
I installed it I couldn't figure out if it was in and
Declude kept throwing me an error. What is your Declude config line ?
Thanks -
Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Thursday, October 07, 2004 2:41 PM
To: [EMAIL
]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Thursday, October 07, 2004 2:41 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Recommended Scanner
My personal scores from best to worst:
Clamav (been only a week, but it hasn't missed one) and free (Also
catches
some phish
I installed it I couldn't figure out if it was in and
Declude kept throwing me an error. What is your Declude config line ?
Thanks -
Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Thursday, October 07, 2004 2:41 PM
Also make sure your F-prot is current and your command line switches have
been updated to work with the more current version. About 2 or so months ago
a command line switch was changed regarding scanning zip files.
you could add a BANNAME RAPIDSYS.COM.ZIP line in the virus.cfg. Odds are you
won't
It's Friday afternoon and I've cleared out my 1000
messages from the Imail Forum, so I can't resist...
Isn't Declude for Exchange part of the
soon-to-be-announced Declude Collaboration Suite (DCS)? ;) or is it :(
?
- Original Message -
From:
Jim Matuska
To: [EMAIL
Looking at today and yesterday's logs, F-Prot has been catching these here.
It was just two viruses shy of Clam/AV in yesterday's results.
Virus updates current?
- Original Message -
From: Chuck Schick [EMAIL PROTECTED]
To: Declude. Virus [EMAIL PROTECTED]
Sent: Tuesday, November 02,
I use ClamAV.
Overall it is very effective. More effective than FProt and AVG. About the
same as Mcafee.
If you are willing to turn Prescan OFF, it is good at catching Phish too.
It did have some bad defs last month that caused about 15 emails to be
mis-flagged.
- Original Message -
And the link to that helper/wrapper is here:
http://www.smartbusiness.com/imail/declude/
- Original Message -
From: Brad Morgan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 03, 2004 11:14 AM
Subject: RE: [Declude.Virus] BitDefender
I'm using both at the moment.
I've been getting some infrequent Declude bans of
EXE files with little or no size that the sender's system must have stripped out
the virus portion.
Looking through my reports, I note I have never
seen an Invalid EXE vulnerability. I see Invalid BAT, COM, CPL, PIF and
SCR.
Is there such a
That's good news.
Thanks!
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, November 08, 2004 11:50 AM
Subject: Re: [Declude.Virus] Invalid EXE vulnerability question
I've been getting some infrequent Declude bans of EXE files with
I use this version of clamav: http://www.sosdg.org/clamav-win32/index.php
with this wrapper to get virus names:
http://www.smartbusiness.com/imail/declude/
My global.cfg lines:
SCANFILE2 d:\imail\declude\runclamscan.exe log=0
C:\clamav-devel\bin\clamdscan.exe --quiet --mbox -l report.txt
Since these are HTML segments, my guess this is
another case of where Declude Virus Pro's Prescan would need to be turned off
for these to be scanned.
I am catching these segments with Prescan off with
Clam and Mcafee.
- Original Message -
From:
Greg Little
To: [EMAIL
I have noticed this problem with large files, usually TIFFs.
No solutions though...
-- Original Message --
From: John Carter [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 15 Nov 2004 16:44:35 -0600
Has anyone using ClamAV had problems with it
A plus to Symantec for me is that since I can't use Symantec for my Declude
e-mail protection, and I do use it on workstations and servers, any e-mail
virus needs to make it through an additional and different A/V program on
the desktop. The higher the hurdle, the less that can make the leap.
These seem to be the changes I have
made:
Looking at my config:
Change the BANEXT to ban what extensions you want
to ban.
Decide what to do with Zip files:
BANEXT EZIP to ban encrypted zip files if you can
get away with it
BANZIPEXTSON to apply Banned Extensions to
contents of Zip files
If you wish the banned file extensions to apply to files with .ZIP files,
you can add a line BANZIPEXTS ON to your \{MAILSERVER}\Declude\virus.cfg
file. For example, if you have a line BANEXT EXE and BANZIPEXTS ON, then
.EXE files within .ZIP files will be blocked. You can also use BANEZIPEXTS
ON
the BANZIPEXTS ON is for non encypted zips
the BANEZIPEXTS ON is for encrypted zips
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, January 31, 2005 2:30 PM
Subject: Re[5]: [Declude.Virus] RAR Support - why not?
Hello Scott,
I'd like to submit this for a Declude Virus feature
change:
I like having Prescan OFF to provide the maximum
amount of protection that I can.
I also run 3 virus scanners.
I'm wondering if it would possible to migrate the
Prescan parameter into the virus engines definitions to turn it on
Try adding this to your command line:
--max-ratio 0
The support compression ratio feature (--max-ratio). Overly compressed files
may get falsely detected. I believe the 0 turns it off.
it worked for me.
- Original Message -
From: Hirthe, Alexander [EMAIL PROTECTED]
To:
F-Prot was catching some price...zips
Mcafee caught one at 6:30
But then this appears:
03/01/2005 09:09:30 Q8599093a02820e36 MIME file: price.zip [base64;
Length=15789 Checksum=2053241]
03/01/2005 09:09:30 Q8599093a02820e36 Banning .ZIP file with exe extension.
03/01/2005 09:09:33
Cox wrote:
Yep. I just added
SKIPIFEXTCOM to my bannotify.eml
yesterday.
Darin.
- Original Message -
From: Scott
Fisher
To: Declude.Virus@declude.com
Sent: Tuesday,
March 15, 2005 3:31 PM
Subject:
[Declude.Virus] Spam
Title: Message
1.82 is what I am running.
I get an IP address with vulnerabilities and with
viruses but not withBanned file extensions.
- Original Message -
From:
Andy Schmidt
To: Declude.Virus@declude.com
Sent: Wednesday, March 16, 2005 11:38
AM
Subject: RE:
I had some today that fit this description.
Mcafee found them as: the W32/[EMAIL PROTECTED]
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Thursday, April 14, 2005 4:19 PM
Subject: [Declude.Virus] Possible new virus?
I have
I also had to add the SKIPIFVIRUSNAMEHAS Mytob to my eml files.
- Original Message -
From: John Carter [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, April 15, 2005 2:53 PM
Subject: RE: [Declude.Virus] Skipifforging not working on Mytob
Shayne:
I haven't heard anything
I haven't seen anything obvious in a quick glance through today's logs.
Do you have an example?
Usually, I just force another download of the dats.
- Original Message -
From: Matt [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, April 25, 2005 3:42 PM
Subject: [Declude.Virus]
Mcafee command line.
If you can find a license it should run about $25 a year.
- Original Message -
From: Chuck Schick [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, May 02, 2005 4:02 PM
Subject: [Declude.Virus] F-Prot Alternative
We have been running F-prot as the virus
I've seen it here rarely also.
Not positive here but here is a theory:
The zip file may gave been created on a Mac and contain some Mac specific
size 0 files?
- Original Message -
From: Paul Navarre [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, May 27, 2005 12:54 AM
I'll second the EXITSCANONVULNERABILITY option.
There is an occasional need to requeue a message
that false positived on a vulnerability, so I would myself prefer that all those
messages would be checked for viruses.
I'd run:
EXITSCANONVIRUS ON
EXITSCANONVULNERABILITY OFF
I think it would
Matt posted speed comparison's I'd say about a year ago.
I use F-Prot
ClamAV
and McAfee
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Thursday, June 02, 2005 4:50 PM
Subject: [Declude.Virus] Second Scanner
I know this comes up every
If you've got pro, you could add a filter:
MAILFROM10 CONTAINS [EMAIL PROTECTED]
that will check the envelope mailfrom.
To check for those addresses in the headers:
HEADERS 10 CONTAINS [EMAIL PROTECTED]
Another option is to update your virus software more often to minimize the
opportunity
for outgoing messages, and add it to your $default$.junkmail as
well.
Lastly, make sure you have a carriage return at the end of the
fromblacklist.txt to avoid the last line being ignored..
Darin.
- Original Message -
From: Scott Fisher [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent
MAILFROM10 CONTAINS [EMAIL PROTECTED] in
virus.cfg or global.cfg? Do I need to use another file?
If I use the HEADERS option HEADERS 10 CONTAINS [EMAIL PROTECTED]
- where would I put that?
Sorry for the newbie questions.
Kevin
Scott Fisher wrote:
If you've got pro, you could add a filter
P.S. You can schedule freshclam often because it makes a DNS call to
determine if there is a new version of the database, it will only download
if that DNS result tells it to.
Very efficient. I schedule freshclam every 15 minutes.
- Original Message -
From: David Sullivan [EMAIL
One other ClamAV tip.
If you can afford the performance hit and can use PRESCAN OFF, clamav will
be a very effective Phish blocker.
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, June 03, 2005 3:20 PM
Subject: Re[2]:
was sent from 206-72-95-86.wi.skypipeline.com ([206.72.95.86]) or
in the X-Declude-Sender field?
Maybe I should just use the HEADERS 0 CONTAINS instead.
Thanks again.
Scott Fisher wrote:
One caveat. The MAILFROM uses the envelope mailfrom, which is different
than the ones displayed
I'm running 2.0.6.16 and would consider it as stable as 1.82
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: John Carter Declude.Virus@declude.com
Sent: Friday, June 03, 2005 2:02 PM
Subject: Re[4]: [Declude.Virus] Second Scanner
Looks like I have clam up and
One last ClamAV comment...
I've added the command line switch --max-ratio 0
I've had some false positives on some .zip files that forced me to add the
switch.
- Original Message -
From: Terry Fritts [EMAIL PROTECTED]
To: David Sullivan Declude.Virus@declude.com
Sent: Thursday, June
I also use Terry's runclamscan with no issues.
I have had rare email melt downs when I was running runclamd. I could never
pin it firmly on anything. So I stopped the runclamd to see how it handles.
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To:
Yes I have seen them too:
email starts with:
Dear Valued Member, According to our site policy
you will have to confirm your account by the following link or else your account
will be suspended within 24 hours for security reasons.
- Original Message -
From:
Jim Matuska
I use skipext to bypass some of my larger file
types:
SKIPEXTEPSSKIPEXTGIFSKIPEXTinddSKIPEXTJPGSKIPEXTJPEGSKIPEXTMPGSKIPEXTMPEGSKIPEXTMOVSKIPEXTP65SKIPEXTPMDSKIPEXTPDFSKIPEXT
PSDSKIPEXT QXDSKIPEXT TIFSKIPEXT
TIFF
Of course by skipping these extensions (especially
the jpeg and PDF) I do run
...and hope that Declude or the AV-Engine will catch this vulnerability as
soon as possible.
I completely agree. As a publishing company we receive lots of large jpeg
files and the thought of having to virus scan all those, makes my mail
server want to run and hide.
I'd like to see a
http://www.mail-archive.com/declude.virus@declude.com/msg12070.html
This vulnerability is triggered if the file format diverges from the
official ZIP format specification.
- Original Message -
From: Grant Griffith [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Tuesday, August
not put things in the correct format.
Thanks,
Grant Griffith
EI8HTLEGS, A Division of ETC
(812)932-1000
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Tuesday, August 09, 2005 2:09 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus
You can't do an internet reboot on a Friday. You need to wait until the
weekend.
- Original Message -
From: Matt [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Friday, September 09, 2005 10:48 AM
Subject: Re: [Declude.Virus] Sudden Internet Slowdown
Maybe someone should
Great catch Matt.
Mine's gone too since August 2
Thank you Declude for multiple virus scanner
option.
Try:
http://download.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip
From:
Here's the Mcafee page:
http://vil.mcafeesecurity.com/vil/virus-4d.asp
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 2:26
PM
Subject: Re: [Declude.Virus] Seemingly
bad virus this morning
This is a new Bagel
-Matt,
Does the wget -N command work for you with
Mcafee.
I also use the -N and get the full download every
time.
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 4:13
PM
Subject: Re: [Declude.Virus] Seemingly
bad
Arrrggg.
Mr. Obvious says if you rename the
win_netware_betadat.zip, wget will never find a file to compare it to and will
always download the update.
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 5:34
PM
Subject:
I've caught 76 conflicting encoding messages with
EVA this month all 3 days. All spam messages.
What's odd is I've I had 53 conflicting encoding
messages the whole last month.
Is this a change in Declude 3.05 or a shift in my
spammers?
I block all encrypted zips based on the fact that I can't virus scan them.
But then again I'm slightly paranoid and should not be trusted with sharp
objects.
- Original Message -
From: Kevin Rogers [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Tuesday, October 11, 2005 3:08
So I though with Declude 3 running ok, I'm going to
try the clam av service again.
I'm running into a problem with
runclamd
when I issue a runclamd -start, these log messages
are produced
10-20-2005 11:42:39
SERVICE_START_PENDING10-20-2005 11:42:39 Status:
410-20-2005 11:42:41
I would consider 3.0.5.10/11 interim releases... Scott would never have
documented them.
I too would like to see the release notes updated with each and every
version...
but it's a long long standing issue.
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To:
I use F-Prot 1, McAfee 2, Clam 3
I use the Cygwin version of clam with runclamd and runclamscan. You'll find
those at http://www.smartbusiness.net/imail/declude/
runclamd runs clam as a service. much faster.
runclamscan returns a virus name to Declude
Don't forget this is allowable:
#
#
I use a customized version of Mailpure's antiav filter. I then combo this
with a mailfrom-postmaster filter to add points when the bounce comes from a
postmaster.
- Original Message -
From: Marc Catuogno [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday, November 23,
When I used AVG it was consistantly in the back of
the pack for virus detections.
It lagged so badly at the beginning of the
encrypted zip days, that I had to swap it out with Clam.
It had pretty good scanning times.
I use FProt, Clam AV as a service and Mcafee
VirusScan.
From a cost
Excellent idea!
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday, January 25, 2006 4:37 PM
Subject: [Declude.Virus] Feature request: DELETEVIRUSNAME
Maybe someone has already requested it:
Why not allow commands like
COPYFILE does not add any Declude
headers.
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Friday, January 27, 2006 1:28
PM
Subject: Re: [Declude.Virus] Feature
request: DELETEVIRUSNAME
Dan,You might try COPYFILE which is essentially HOLD,
Thanks, Matt that'll be helpful.
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Friday, January 27, 2006 2:32
PM
Subject: Re: [Declude.Virus] Feature
request: DELETEVIRUSNAME
Sorry. If you add the following directive to your
Global.cfg it
I upgraded to clamav 0.88-1 yesterday (and 0.88-2
today) and since the upgrades,
I'm seeing sporadic .vir folders left behind. These
all have a file name 0 in them
02/03/2006 10:04:08.258 q7eb10620bac6.smd
WARNING: Couldn't remove .vir directory
-Barry,
I did not receive the email sent to every customer
(and I have Declude whitelisted). That irks me even more.
Not having received the email, this all comes
straight out of left field for me. If I had received the email, perhaps it
wouldn't be such an unpleasant shock.
It certainly
If your Imail, I'd go to 3.0.5.23... That had a licensing fix.
This release fixes a bug in the IMail version of Declude whereby the wrong
service level (Pro, Standard, Lite) was being reported. This issue affected
IMail users only.
- Original Message -
From: John Pearson [EMAIL
As a followupon last week's discussions on
the SaneSecurity phish definitions for ClamAv.
ClamAv (without SaneSecurity) caught 273 phish for
me in February (all 28 days).
SaneSecurity definitions caught 178 phish for me in
the last 8 days of February.
McAfee caught 118 and none after I
I running clamav as one of my scanners. The
SaneSecurity is an additional defintion database named phish.ndb.
I put the phish.ndb into my
c:\clamav-devel\share\clamav folder and it does all of the rest.
- Original Message -
From:
Colbeck,
Andrew
To:
Personally I haven't seen any false positives. I
spot checked a few messages, and they were phish. All of the subject lines are
definitely phishy.
I whitelisted the Declude support lists, so I don't
have any concerns about blocking the support lists.
What I also liked was that it only took
Here's a couple of parameters I personally
use for Clam-AV:
--max-ratio 0 --max-space 1M
max ratio sets a maximum ratio for compressed
files. I've had zip files that contained txt files get false positives. Setting
it to 0 disables this test.
max space sets the maximum amount of
My guess is they refer to different builds of
clamav.
- Original Message -
From:
Goran Jovanovic
To: Declude.Virus@declude.com
Sent: Monday, March 06, 2006 9:44
AM
Subject: [Declude.Virus] CLAMSCAN Scanner
Command Line
Hi,
I have just added the
I use runclamd and run it as a service.
clamscan is pretty CPU intensive.
Using clamdscan with the clamd service really cuts down on the CPU time.
- Original Message -
From: Goran Jovanovic [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, March 06, 2006 3:38 PM
Subject:
Here's my clam command line:
SCANFILE2 d:\imail\declude\runclamscan.exe log=1
C:\clamav-devel\bin\clamdscan.exe --quiet --mbox --max-ratio 0 --max-space 1M -l
report.txt
I call clamdscan.exe not clamscan.exe
I use the runclamscam wrapperL
This program is just a wrapper calling clamscan or
-Craig,
you can use runclamscan which is a wrapper program
that returns the virus name to Declude.
http://www.smartbusiness.net/imail/declude/
- Original Message -
From:
Craig
Edmonds
To: Declude.Virus@declude.com
Sent: Wednesday, March 08, 2006 3:27
AM
1 - 100 of 132 matches
Mail list logo
