domain.. and well, I am not to thrilled I can't make
a custom
modification becuase declude only has one setting for all domains.
William Stillwell
Palm Harbor, FL 34684
---
This email has been scanned for possible viruses by Declude Antivirus.
For more information on Declude Antivirus, Visit
How about adding per domain too.. for the pro..
ie, in virus_domains.txt do:
DOMAINON / OFF / INONLY / OUTONLY
ADD:
DOMAIN FILEX.CFG
and in x.cfg have the standard:
Skipext, Banext, Prescan, Ban Options, Footer, Delivererrors,Delete options,
which overwrite the standard
, there isn't any way to do it except globally. However, having
footers configurable per domain is already in the suggestion database.
-Scott
--
William Stillwell
Palm Harbor, FL.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL
There are some new "MyDoom" Viruses, Mcafee
released Emergency dat.
- Original Message -
From:
Michael Abbott
To: [EMAIL PROTECTED]
Sent: Monday, November 08, 2004 9:22
PM
Subject: [Declude.Virus] Increase in
unsolicited email with attachments
Is
MyDoom.AI
From Symantec Site:
The email contains a hyperlink that, when clicked on, takes the user to an
.html page that exploits the Microsoft Internet Explorer Malformed IFRAME Remote
Buffer Overflow Vulnerability (BID 11515). When this page is viewed the file
http://[remote
Per the Download Readme
---
Thank you for using our products. This file
contains important information about the
current virus definition (DAT) files. We
recommend that you read the entire document.
You must have a current PrimeSupport agreement
in order to be entitled to download
I failed 16 17
How do i get mcafee to scan the html?
- Original Message -
From: Jeff Lancton [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, December 17, 2004 8:20 AM
Subject: [Declude.Virus] testvirus.org #17
Hello list,
I'm running 1.81, and caught all but #17, the CR
fixed #16
PRESCAN OFF
#17 goes thru,
- Original Message -
From: William Stillwell [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, December 17, 2004 8:59 AM
Subject: Re: [Declude.Virus] testvirus.org #17
I failed 16 17
How do i get mcafee to scan the html?
- Original Message
is going on with #17. Personally I have never seen
something exploit this vulnerability and maybe there's a detection issue
created by the eicar code in this way?
Matt
William Stillwell wrote:
fixed #16
PRESCAN OFF
#17 goes thru,
- Original Message - From: William Stillwell
[EMAIL
BANEXT CHM
- Original Message -
From: Hermann Strassner [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 15, 2004 4:12 AM
Subject: [Declude.Virus] Blocked Extension getting through
Hello!
I have blocked a few extensions in Declude Virus, e.g. zip, exe, bat,
scr, pif,
What is processed first?
BANEXT
or On Demand Virus Scan ?
If BanExt is First, Is there a way to CC the email
?
#22 was cuaght here., #17 not caught
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 20, 2004 9:12 AM
Subject: Re[4]: [Declude.Virus] testvirus.org #22
Hello David,
Ok, back to my original problem ;-)
Is test 22 getting caught for
v1.81
mcafee,
However, mcafee detects the virus, but declude doesn't see it from the
report.txt
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 20, 2004 12:37 PM
Subject: Re[6]: [Declude.Virus] testvirus.org #22
Hello William,
Test #17: Eicar virus hidden using the CR Vulnerability (attachment can
be
opened by all versions of Microsoft Outlook and Outlook Express)
It is not a virus so I think the Vulnerability test of Declude should
catch
it.
Oh well it comes through our system as well.
Regards,
Kami
I plucked the
But the Mcafee DOES detect the Virus string in the SMD file., But
declude reports no virus.
(This is for test #17)
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, December 20, 2004 3:08 PM
Subject: RE: Re[6]: [Declude.Virus]
Ahhh..
So Declude doesn't actually Send the SMD file to the Scanner..
It takes the Message Body, wirtes it to a Tmp File, and then scans it?
Why not just scan the SMD file , Headers and All ?
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent:
If anything, Let use be able to download the new EXE, and a UPDATE.txt
file with what has been updated/replace/added to the configuration files.
Also, Maybe an extra file listing what new, and or obsoleted tests.
I understand why they have done this, as I am sure some people are still
running some
NO...
Rar is Supperior
Zip is Inferior
Zip Compression is Open (ie, can download)
Rar Compression is not.
However,
BANEXT ZIP will not cover RAR
Furthermore, WindowsXP doesn't nativly support
Rar Compression, therefore the risk is low, and most
experienced users who use Rar, Will know this is a
It isn't gonna happen, unless rarsoft sells to winzip.
Tar,GZ I believe are open source, so technically, WinZIP
can have them.
note to self: block .tar, .gz
- Original Message -
From: Andy Schmidt [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Thursday, January 27, 2005 9:36 AM
Declude never has to my knowledge ban based on the
contents of a compressed file. only if there were a virus
inside of said compressed file. furthermore, declude
doesn't decompress files, mcafee does the uncompressing
and scanning of the files, so, if you want rar scanning, contact
your virus
Manually perform the scan, and look @ the report.txt file.
- Original Message -
From: Hirthe, Alexander [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Thursday, February 17, 2005 12:34 PM
Subject: [Declude.Virus] ClamAV?
Hello,
I'm getting errors with Zip Files larger than about
soo I should remove my ZIP that I already ban..
- Original Message -
From: Colbeck, Andrew [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Tuesday, February 22, 2005 3:02 PM
Subject: [Declude.Virus] Yet another MyDoom in the wild
For the writeup from TrendMicro, see
http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=133409
Mcafee Dat 4473 should detect it.
- Original Message -
From: Donn Bly [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, May 02, 2005 2:28 PM
Subject: RE: [Declude.Virus] Viruses appearing to be getting
Hahaha.. Yeah, I agree.
- Original Message -
From: Chuck Schick [EMAIL PROTECTED]
To: Declude. Virus Declude.Virus@declude.com
Sent: Monday, May 02, 2005 2:49 PM
Subject: [Declude.Virus] Is this sort of stuff necessary on a list?
I posted to list about a virus problem then I get this
Title: Message
I think your confused, He wants the "Template"
files to be CC'd to another recip.
ie, now:
FROM: [EMAIL PROTECTED]
TO: %ALLRECIP%
SUBJECT: blah blah blah
He wants to add CC: , I have tried TO:
%ALLRECIP%;[EMAIL PROTECTED] and that doesn't work either, at least in
1.82.
At one time i saw a post about a site that you can upload and it will scan
it with
the "popular" scanners and check it..
I have this evil little program that i can't remove from a users computer,
and i have done
everything.. It keeps "Renaming" itself on termination..
It spawns under
Actually, it was a look2me variant, only 3 scanners
detected it..
I had to download some custom removal tool to
remove it. it was a 400K Dll that
attached itself to just about every process, and it
even ran in safemode., there was
actually around ~70 dlls that were on the
machine.
I also
hehe.. killbox = no good, nothing would drop the running dll, i couldn't
copy it, delete it, rename it, or kill the registry entry.
here is a nice add in for people:
http://mvps.org/winhelp2002/hosts.htm
I am thinking of parsing the file and putting it into our dns servers to
prevent
all the
The Proper method to
update the dat would be to pull the "ini" file
http://download.nai.com/products/datfiles/4.x/nai/update.ini
Then Parse this
[zip] section
Was this ever fixed, becuase I just used it, and well... Its doesn't appear
to work?
ALLOWVULNERABILITIESFROM @priderockholdings.com
See:
Declude Virus v4.3.7 caught the [Outlook 'MIME segment in MIME Preamble'
Vulnerability] virus in [No attachment] from [EMAIL PROTECTED] to:
[EMAIL
30 matches
Mail list logo
