Title: .vir directories in spool\proc
There
has been information on this issue on the Declude Junkmail list, which is
where most of the beta stuff is talked about.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
There is an issue with both Hijack and Confirm with Beta 3.0.4.4. The issue
has to do with the handling of domain aliases. Declude is aware of the issue
and is working on it.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of
Grant, contact me off list and we can test this.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Grant Griffith
> Sent: Thursday, September 22, 2005 10:58 AM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] De
Everyone is banning vbe attachments, correct?
http://www.sophos.com/virusinfo/analyses/w32pegasa.html
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archi
Sophos has issued like 4 or 5 notices today of different variants of Bagle.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Greg Little
> Sent: Monday, September 19, 2005 3:04 PM
> To: Declude.Virus@declude.com
> Subject: R
>
> Darin.
>
>
> ----- Original Message -
> From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
> To:
> Sent: Wednesday, September 14, 2005 1:32 PM
> Subject: [Declude.Virus] blocking eml and msg attachemtns
>
>
> What are others thoughts
What are others thoughts on blocking eml and msg attachments?
If there is an eml or msg attachment which that has a executable or virus
attachment, will Declude properly decode it and will it be scanned for
viruses and banned attachments?
John T
eServices For You
---
This E-mail came from the D
l applet?
>
> - Original Message -
> From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
> To:
> Sent: Monday, September 12, 2005 11:55 AM
> Subject: RE: [Declude.Virus] Seemingly bad virus this morning
>
>
> > What is the payload insi
What is the payload inside the zip?
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Matt
> Sent: Monday, September 12, 2005 7:52 AM
> To: Declude.Virus@declude.com
> Subject: [Declude.Virus] Seemingly bad virus this morning
gt; -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
> > (Lists)
> > Sent: Friday, September 09, 2005 12:39 PM
> > To: Declude.Virus@declude.com
> > Subject: RE: [Declude.Virus] Sudden Internet Slowdo
s over here that get
> > up to go to work then perhaps we could just send them
> > over to you to solve this whole problem. If not, perhaps we
> > could just insert an hour between 1am PT/4am ET and 1:00:01am
> > PT/4:00:01am ET. That would fix it.
> >
> > D
is
> whole problem. If not, perhaps we could just insert an hour between 1am
> PT/4am ET and 1:00:01am PT/4:00:01am ET. That would fix it.
>
> Darin.
>
>
> - Original Message -
> From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
> To:
&g
Nope, we here on the West coast protested loudly. We clearly stated it could
not be done before 1 AM. However, 1 AM here is 5 AM in the Atlantic time
zone, and those people stated it must be done before 5 AM. Therefore the
normal reboot of the Internet has been on hold for a long time until this
di
About a year ago, Scott quietly introduced a web page were we could go to
enter the IP of say our server to check to see if any viruses had been
reported coming from that IP.
Does any one know is that site still available and is so what is the URL for
it?
John T
eServices For You
---
This E-ma
In older versions, it is off all or on all.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of David Dodell
> Sent: Thursday, August 11, 2005 10:11 PM
> To: Matt
> Subject: Re[2]: [Declude.Virus] Outlook 'CR' Vulnerability fro
While the site you are looking for is
called www.virustotal.com, here are steps you will probably have to take:
Basically what you will end up doing is
first finding what the registry key for it is, what is the actual executable
name, restart the computer in safe mode, and delete or re
Title: Message
So the virus writer got a slap on the
wrist. Boy, that will sure send a message to would be virus writers.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Colbeck, Andrew
Sent: Friday, July
08
50 MB e-mail attachments?
Youch!
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Griffith
Sent: Thursday, July
07, 2005 8:36 PM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Limit
Size of m
Declude Virus has no definitions to update.
Are you using AFTERJM ON?
Logs, what do the logs say?
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Daniel Ivey
> Sent: Wednesday, June 08, 2005 12:54 PM
> To: 'Declude.Virus@d
Welcome Bill.
John T
[EMAIL PROTECTED]
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Billman
Sent: Friday, June 03,
2005 1:25 PM
To: Declude.Jun[EMAIL PROTECTED]; Declude.Virus@declude.com
Subject: [Declude.Virus] System
resource
On Behalf Of John Tolmachoff (Lists)
> Sent: Wednesday, June 01, 2005 7:44 AM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] BitDefender updates
>
> So far, it appears that the updates are only take place when some one is
> actually logged in. In the last 4 days, th
ANYWAYS, what would be the comment from
Declude on this issue?
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Sunday, May 29, 2005
4:43 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of John Tolmachoff (Lists)
> Sent: Friday, May 27, 2005 4:20 PM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] BitDefender updates
>
> There updater is there, but like
Title: Message
And the answer is no you can not use
BCC, or even CC. Some one has asked before and Scott answered with the
technical explanation which I do not remember what it was.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PR
Title: Message
Not unless it has been introduced as a
feature in 2.x.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
Sent: Tuesday, May 31, 2005
6:27 PM
To: Declude.Virus@declude.com
Subject:
Title: Message
Putting in 2 new drives was the easy
part.
Recreating 43 websites in IIS because
the backup drive on the backup server departed for parts unknown the week
before and proceeded with the tape drive (Onstream) finally giving out a month
ago leaving my backup solution in sha
Since I am pressed for time and am presently unable to completely digest
what the vulnerability is and how to stop it, how can we configure our
Declude installs to protect/find/stop these messages?
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PRO
PROTECTED])
> Sent: Tuesday, May 31, 2005 8:22 AM
> To: Declude.Virus@declude.com
> Subject: Re: [Declude.Virus] New virus out?
>
> John,
>
> What do the filenames appear to be - any pattern either filename, subject,
> body content etc?
>
> Darrell
>
> John
One of the servers I manage is getting hit with lots of messages being
caught with banned exe within zip.
They are coming from different IPs
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "un
the microcode on the hard drives. It's
called the Firmware Maintenance CD.
Andrew 8)
-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
Sent: Monday, May 30, 2005
9:07 AM
To: Declude.Virus@declude.com
Su
Tolmachoff (Lists)
To: Declude.Virus@declude.com
Sent: Monday, May 30,
2005 3:30 AM
Subject: RE: [Declude.Virus] EXITSCANONVIRUS
Off the topic, but it interrupted my
work on my mail server.
Any one ever loose both mirrored OS
drives at the same time?
FUN FUN FUN
Off the topic, but it interrupted my
work on my mail server.
Any one ever loose both mirrored OS
drives at the same time?
FUN FUN FUN
NOT!
At least Ghost is able to read the
master.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [
; From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
> (Lists)
> Sent: Saturday, May 28, 2005 5:17 PM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] EXITSCANONVIRUS
>
>
> I agree with Darrell. If it contains a virus, I want it
NPARTIAL OFF
> BANCRVIRUSES OFF
>
> which leaves me with
>
> BANCLSID ON
>
> which has never been triggered.
>
> Andrew 8)
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
> (Lists)
&g
er.
>
> David Franco-Rocha
> Declude Technical Support
>
> - Original Message -
> From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
> To:
> Sent: Friday, May 27, 2005 2:50 AM
> Subject: [Declude.Virus] EXITSCANONVIRUS
>
>
> A question
luck running the update as a service or via command line?
>
> Jerry
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman
> Sent: Thursday, May 26, 2005 9:52 PM
> To: John Tolmachoff (Lists)
> Subject: Re: [D
ANONVIRUSDETECT ON
>
> David Franco-Rocha
> Declude Technical Support
>
> ----- Original Message -
> From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
> To:
> Sent: Friday, May 27, 2005 11:17 AM
> Subject: RE: [Declude.Virus] EXITSCANONVIRUS
>
&
anner listed and a virus were detected
> by that single scanner.
>
> David Franco-Rocha
> Declude Technical Support
>
> - Original Message -
> From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
> To:
> Sent: Friday, May 27, 2005 2:50 AM
> Subject
A question about this new feature.
Am I correct in thinking that as soon as a scanner reports a virus, the next
scanner(s) in line will not be called and the message will be processed
accordingly, and that it will not be affected by Declude first finding a
banned attachment before having it scann
Since it appears that the free version of BitDefender works with Declude,
how do you go about doing updates, as it appears there is no auto update for
the free version.
Also, is any one using the standard version and if so is the command line
the same?
John T
eServices For You
---
This E-mail
It will only ban those listed with
BANEXT, unless you are also using BANEXT ZIP.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher
Sent: Thursday, May
26, 2005 1:02 PM
To: Declude.Virus@declude.com
One of the addresses it is using as the forged from address is the
postmaster address of one of my major clients.
I have received over 50 "failure to deliver" notices to that address from
all kinds of domains including AOL since noon today.
That means there are still way to many e-mail servers ou
Yahoo is accepting e-mail to user infected with the Sober.o virus and then
sending a bounce to the forged address saying the message can not be
delivered for user over quota.
Now, how funny is that?
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscri
Is there a SKIPIFFILE similar to SKIPIFEXT for use in the BANNotify.eml
file?
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http:
gt; >> >"/ai"
> >
> >> >"/noheur" and "/server" make no difference in the detection or not
> >> >of
> >
> >> >this false-positive).
> >> >
> >> >All of the messages detected either had Off
se are being detected by NAI (W32/[EMAIL PROTECTED]) and ClamAV
> (Worm.Sober.P), but not yet being detected by TrendMicro or F-Prot
> (although
> I have F-Prot updates disabled for now, until they get there problem
> with
> HTML/[EMAIL PROTECTED] fixed).
>
> Bill
> - O
Q66F5EF3A00E815E6 From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [outgoing from
208.7.179.200]
05/02/2005 13:44:22 Q66F5EF3A00E815E6 Subject: RE: NCC Docket 2005 - 2
It looks like turning F-Prot off might be a good idea,
or at least configuring it to not delete viruses.
Matt
John Tolmachoff (Lists
I saw a big bunch about 2 hours ago that were stopped by banned zip
extensions.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Chuck Schick
> Sent: Monday, May 02, 2005 10:58 AM
> To: Declude. Virus
> Subject: [Declude.Vi
It appears that something has updated on F-Prot in the last hour. Now, a lot
of outbound HTML e-mails are being flagged by F-Prot as having the HTML
object exploit. Running the file on www.virustotal.com shows clean.
Any one else seeing problems?
For now, as I am at a client, I have turned off F
Is it possible in the first place for malicious or executable code to occur
in a PDF?
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Markus Gufler
> Sent: Tuesday, April 26, 2005 10:40 AM
> To: Declude.Virus@declude.com
> S
: [Declude.Virus] How
to check VIRUSCODEs
John,
If you don't mind sharing, what was the issue that you had last week with
F-Prot throwing a code 8 on legitimate E-mail? Or did I get that wrong?
Thanks,
Matt
John Tolmachoff (Lists) wrote:
From my understanding is that code 8
means the fi
From my understanding is that code 8
means the file is suspect but does not exactly match a known pattern in the
definition file. It is not automatically flagged for encrypted zips.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PR
is not any solution that offers a 100% effectiveness rate for
detecting viruses
> and malware.> Go to: Home Contact En español
>
> www.virustotal.com :: @ Hispasec Sistemas 2004 :: e-mail
[EMAIL PROTECTED]
>
> Andrew 8)
>
> -Original Message-
I am getting lots of banned attachment notices and lots of bounces in the
last 90 minutes.
THANKFULLY, I am blocking zip files which contain executables otherwise
these would have all be delivered to users.
Any one have an idea of what this one is, it is kind of acting like Bagle.
John T
eServic
I hope that helps,
Andrew 8)
-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
Sent: Thursday, April 14, 2005 11:33 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus]
F-Prot tagging zips as code 8
I gues
I have seen in the last hour 4 e-mails blocked for [RAR-EXE] and each one
had a blank subject line.
Each one also had the recipients user part of the e-mail address as the
sender's user part of the e-mail address.
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing lis
:13 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus]
F-Prot tagging zips as code 8
My fault for the misread, but I also addressed the
issue regardless. Remove VIRUS CODE 8 from your config if you don't want
for this to happen.
Matt
John Tolmachoff (Lists) wrote:
John, I
> John,
>
> I know that you don't follow this logic, but banning regular zips is
> extreme and unnecessary IMO. Declude will scan any attachment
Matt, my original post said encrypted zips. This was an encrypted zip and
contained a executable.
I do not ban regular zips unless they contain an exe
I sent an encrypted zip file out, changing the .zip to ._ip. F-prot scanned
it and returned code 8, so Declude dutifly tagged it as infected.
Virus Code 8 means suspect, correct?
If this is what F-Prot is going to do, we need to rethink having
users/clients rename files.
04/14/2005 09:04:54.958
Most of us use a batch file scheduled.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Uwe Degenhardt
> Sent: Thursday, April 07, 2005 11:18 PM
> To: Declude.Virus@declude.com
> Subject: [Declude.Virus] bad .smd-files
>
>
I would never turn off PANPARTIAL. There is no reason for some one to be
breaking up a message.
If you are referring to having to manually clear the Virus\Hold, then you
should use a batch file that deletes after x amount of days.
John T
eServices For You
> -Original Message-
> From: [EM
Yes.
Symantec is for protecting the server itself.
Declude uses F-Prot and AVG for scanning.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Uwe Degenhardt
> Sent: Saturday, April 02, 2005 1:04 AM
> To:
All of my servers have Symantec Anti-Virus Corporate edition on them. On the
Imail server, I exclude all Imail and Declude directories including the
spool, mail boxes, and so forth.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Beh
I bet Scott is smirking reading that and if Len saw it look out.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Dan Horne
> Sent: Wednesday, March 30, 2005 2:06 PM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Vir
Yep, I block them for good reason.
A virus scanner can not (and should not) scan what is inside an encrypted
Zip file.
My policy stays the same: If you have to send a potentially malicious file,
you will have to rename the extension.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
Scott, may your new endeavors be as rewarding or more than the ones now
behind you.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of [EMAIL PROTECTED]
> Sent: Monday, February 21, 2005 10:1
I have been wondering what is going on in the last half hour. Been getting a
larger than normal amount of banned extension blocks.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Don Hick
Markus, I received the post with the attachment and time stamped 12:17 AM
PST.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Markus Gufler
> Sent: Wednesday, February 09, 2005 1:55 AM
> T
First, you should be actively monitoring
the HOLD2 directory. There are some scripts on the Declude Tools sight that can
be used for this.
Second, you do not need to cycle the
SMTP service. However, you will have to rename the HOLD2 files if you want to release
them and then manually m
My log files go to a separate directory (partition if available) and are
zipped either weekly or monthly depending on size and when there are enough
they get burned to CD then deleted.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECT
So, if I am banning ZIPEXT, this should be caught since rar is treated same
as zip in Declude, correct?
What is the file in the rar?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Andy Sc
Title: Infected NDRs ?
Add
the IP to the Imail SMTP control access list.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Agid, Corby
Sent: Wednesday,
January 05, 2005 4:57
I just had a client request blocking of hlp attachments. I have been
extremely busy with 2 major projects and have not seen anything about this.
Any one have information on a virus that uses that?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for virus
Here is some information for all who have concerns about the new licensing
and tie in to IPs and/or MACs:
I have spoken to Barry today, and while I will not reveal the little bit of
information I was given, I will state on my honor that I have no problem
with the new license code process what ever
I also would like to continue to have the option of a manual install.
The beauty of Declude is its adaptation and customization. An auto install
takes that away and can mess with customized files.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From:
Yes, this is a known problem. Resolution
is to switch to the 32 bit windows version.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Brandes
Sent: Tuesday,
Decembe
0, 2004 3:46 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.Virus] Parallel processing
>
> Thanks, John. Asking here was quicker than breaking out that free file
> monitor (FileMon) from SysInternals.com ...
>
> Andrew 8)
>
> -Original Message-
> Fr
Declude creates a separate directory for each message for scanning, so while
the report name is the same, the directory is unique.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Colbeck,
Oh, and ah, bye the way, PONG.
;-)>
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Colbeck, Andrew
> Sent: Thursday, December 09, 2004 7:25 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE:
http://www.sophos.com/virusinfo/analyses/w32favsina.html
Any one have any more information on this new one?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Vir
one Company of Kecksburg
> http://www.wpa.net
>
> () ascii ribbon campaign - against html mail
> /\- against microsoft attachments
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
> (Li
]
> On Behalf Of John Tolmachoff (Lists)
> Sent: Thursday, November 11, 2004 12:27 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.Virus] Bagz
>
> Marcus, do not take the personally because I am tired and grouchy.
>
> That information does me no good. I already know th
Marcus, do not take the personally because I am tired and grouchy.
That information does me no good. I already know that everyone else is
catching these as some form of Bagz. However, no one lists any alias or
variant name that AVG or F-Prot might be using, and neither F-Prot or AVG
list Bagz as a
Neither F-Prot (3.15b) nor AVG (7.0.289) appear to be catching this.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just s
Any one know what the link in the body is so we can add filters for it?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, jus
Declude JunkMail questions should be directed to the Declude.JunkMail list.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Imail_Forum
> Sent: Thursday, November 04, 2004 8:34 AM
> To: [EM
just
fine
> in testing - although it is the slowest of the virus scanners we have
> tested: McAfee, F-Prot, TrendMicro, and ClamAV.
>
> Bill
> ----- Original Message -
> From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED
ay, November 03, 2004 9:41 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.Virus] BitDefender
>
> BitDefender work fine with Declude Virus, don't know about mxGuard.
>
> Bill
> - Original Message -
> From: "John Tolmachoff (Lists)" <[EMAIL P
]
> Subject: Re: [Declude.Virus] BitDefender
>
> BitDefender work fine with Declude Virus, don't know about mxGuard.
>
> Bill
> - Original Message -
> From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sen
TECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of John Tolmachoff (Lists)
> Sent: Wednesday, November 03, 2004 8:56 AM
> To: [EMAIL PROTECTED]
> Subject: [Declude.Virus] BitDefender
>
> Has any tried using BitDefender with Declude Virus, or ClamAV for that
> matter?
>
> D
Has any tried using BitDefender with Declude Virus, or ClamAV for that
matter?
Does it work?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.
Block executable files. That should be standard defense mode now-a-days.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Chuck Schick
> Sent: Tuesday, November 02, 2004 8:07 AM
> To: Declud
The Declude Junkmail log lines.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Declude
> Sent: Thursday, October 28, 2004 9:06 AM
> To: John Tolmachoff (Lists)
1. Is the sender authenticating during the SMTP send to the server?
2. Log lines for the messages sent please.
3. Is the sender using Outlook 2003?
4. Headers of the message that came through after changing from DELETE at 20
to WARN.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -
> Not sure if I missed a posting on this so,
>
> I recently attended an IPswitch seminar on ICS
> and ISPs can continue to purchase IMail as a
> standalone product.
>
> Sincerely,
> John David M. Miller
As of yesterday, incorrect. More to come later on my report to the Imail
list.
John Tolm
Do you have an on-access scanner running?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Keith Johnson
> Sent: Monday, October 25, 2004 7:38 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Dec
> >Is Deccon.exe in the \imail folder?
> >
> >
> yes it is in the base imail folder.
> Do I need the global.cfg file?
> I would not think so since this is not running the virus scan.
Now that is a interesting question.
It might need to be.
Imail hands the message to declude.exe.
Declude.exe ch
]
> Subject: Re: [Declude.Virus] hijack install problems
>
> John Tolmachoff (Lists) wrote:
>
> >1. Did configure logging in the hijack.cfg file?
> >
> >
> CODEC3Fx
>
> LOGFILE spool\_hiJack.log
> LOGLEVELLOW
>
> >2. W
1. Did configure logging in the hijack.cfg file?
2. Where is it logging to?
3. Of course the SMTP service is running, otherwise no e-mail would come in
or out.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTEC
still reviewing that decision. Do you think this MyDoom is a
> result
> of removing that block?
>
> Since adding the /ARCHIVE=5 this afternoon, I have seen it catch 2 of
> the
> rapidsys.com.zip attachments destined for the same customer that earlier
> reported the trouble.
>
1 - 100 of 368 matches
Mail list logo
