[Declude.Virus] BANZIPEXTS
If you are using BANZIPEXTS ON will it only stop zip files that match names in BANEXT or will it stop all zip files. Kyle
RE: [Declude.Virus] BANZIPEXTS
Thats what I thought. But some reason when I enable BANZIPEXTS it blocks all zips and I am only blocking 4 EXT scr pif com exe. I will keep looking Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, May 26, 2005 4:23 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] BANZIPEXTS It will only ban those listed with BANEXT, unless you are also using BANEXT ZIP. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Thursday, May 26, 2005 1:02 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] BANZIPEXTS If you are using BANZIPEXTS ON will it only stop zip files that match names in BANEXT or will it stop all zip files. Kyle
Re: [Declude.Virus] F-Prot/Declude Problem
Scott, I know you where waiting for that I just thought I would post on the list to get more info. Typing to fast I guess. I did make the change but it didn't help. Kyle -- Original Message -- From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 15 Oct 2004 07:07:36 -0400 I also put the eicar.com in the in every drive and in any Imail directory to see if it would delete it and 12 hours later it is still there and no pop windows have shown up. That's the information we were waiting on. That means that there is almost certainly no on-access scanner running, which would indicate a configuration issue. For example, if F-Prot doesn't save the report.txt file (but you tell Declude that it is), then Declude Virus will see one less file than there should be, and assume that it was deleted. I may have found the problem -- I would recommend changing the following line in your \IMail\Declude\virus.cfg file from: SCANFILEC:\FSI\F-Prot\fpcmd.exe /SLIENT /DUMB /NOBEEP /NOMEM /NOBOOT /Archive=5 /REPORT=report.txt to: SCANFILEC:\FSI\F-Prot\fpcmd.exe /SILENT /DUMB /NOBEEP /NOMEM /NOBOOT /Archive=5 /REPORT=report.txt changing to /SILENT. It seems that F-Prot is not reporting an error with the command line, but is in fact skipping the virus scanning. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude/F-Prot Virus] Sent via the WebMail system at esc5.net --- [This E-mail scanned for viruses by Declude/F-Prot Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] FW: F-Prot/Declude Problem
Declude 1.81 (C) Copyright 2000-2004 Computerized Horizons. Diagnostics ON (Declude v1.81). Declude JunkMail: Config file found (C:\IMail\Declude\global.CFG). Declude Virus: Config file found (C:\IMail\Declude\Virus.CFG). Declude Hijack:Not installed (no C:\IMail\Declude\Hijack.CFG file). Declude Confirm: Config file found (C:\IMail\Declude\Confirm.CFG). 38 spam tests defined: AUTOWHITELIST AHBL BLITZEDALL CBL DSBL ORDB SBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP SORBS-SPAM SORBS-WEB SORBS-BLOCK SORBS-ZOMBIE SORBS-DUHL SPAMCOP DSN NOABUSE NOPOSTMASTER BONDEDSENDER BADHEADERS BASE64 CMDSPACE COMMENTS HELOBOGUS IPNOTINMX MAILFROM NOLEGITCONTENT PERCENT REVDNS ROUTING SPAMHEADERS SPFFAIL WEIGHT9 WEIGHT10 WEIGHT20 CATCHALLMAILS IMail reports Official Host Name as: xxx.net. IMail's SendName registry seems OK: C:\IMail\Declude.exe. DNS Server: 208.191.87.11 Declude JunkMail Status: PRO version registered. Declude Virus Status:Pro Version Registered. Declude Hijack Status: NOT REGISTERED: No activation code. End of diagnostics. -- Original Message -- From: John Tolmachoff \(Lists\) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 14 Oct 2004 21:20:30 -0700 Well, I will be up for a while, so here goes. Go to a command prompt, change to the Imail directory, and type in without the quotes the following: declude -diag decludeconfig.txt Then, post that file, changing the domain names listed if you want and any license codes. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Thursday, October 14, 2004 8:10 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] FW: F-Prot/Declude Problem Here is my virus.cfg Kyle Declude Virus configuration file # # This file was distributed with v1.81. # # The in the LOGFILE option automatically gets replaced with the month/date LOGFILE D:\Imail\spool\vir.log LOGLEVELHIGH # # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. # SCANFILEC:\FSI\F-Prot\fpcmd.exe /SLIENT /DUMB /NOBEEP /NOMEM /NOBOOT /Archive=5 /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORT Infection: # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'spool\virus' (\IMail\spool\virus). VIRDIR D:\Imail\spool\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. MAXATONCE 0 # # The following options allow you to limit scanning to only incoming or outgoing # E-mail. # INCOMINGON OUTGOING ON # # The ONACCESS option should be set to OFF unless you have an on-access virus scanner # that will be deleting attachments with viruses. It is recommended NOT to have an # on-access scanner interfering, and to leave this at OFF. # ONACCESS OFF # # The SCANNERTIMEOUT option lets you choose the number of seconds that Declude will # wait for the virus scanner to finish. The minimum value is 10 seconds. Most # scanners will not need to take that long. This option is mainly to prevent # defective scanners (that never finish) from interfering with your outgoing E-mail. # Raising this will NOT help if your virus scanner always times out. # SCANNERTIMEOUT 60 # # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG SKIPEXT PNG # # The BANEXT option will let you ban file extensions. E-mails containing attachments # with these file extensions will be quarantined, and if you have a BANnotify.EML file, # it will be sent out. This works in the Standard and Pro versions. # BANEXT scr BANEXT pif BANEXT vbs BANEXT exe BANEXT hta BANEXT com # # The BANEXT EZIP line blocks all encrypted .ZIP and .RAR files, which is necessary # to be fully protected against viruses (since it is impossible to detect a well- # constructed virus within an encrypted .ZIP or .RAR file). # BANEXT EZIP # # Declude Virus Pro can pre-scan HTML files. If no dangerous code is detected, the # virus scanner will not get called
[Declude.Virus] FW: F-Prot/Declude Problem
Here is my virus.cfg Kyle Declude Virus configuration file # # This file was distributed with v1.81. # # The in the LOGFILE option automatically gets replaced with the month/date LOGFILE D:\Imail\spool\vir.log LOGLEVEL HIGH # # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. # SCANFILE C:\FSI\F-Prot\fpcmd.exe /SLIENT /DUMB /NOBEEP /NOMEM /NOBOOT /Archive=5 /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORT Infection: # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'spool\virus' (\IMail\spool\virus). VIRDIR D:\Imail\spool\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. MAXATONCE 0 # # The following options allow you to limit scanning to only incoming or outgoing # E-mail. # INCOMING ON OUTGOING ON # # The ONACCESS option should be set to OFF unless you have an on-access virus scanner # that will be deleting attachments with viruses. It is recommended NOT to have an # on-access scanner interfering, and to leave this at OFF. # ONACCESS OFF # # The SCANNERTIMEOUT option lets you choose the number of seconds that Declude will # wait for the virus scanner to finish. The minimum value is 10 seconds. Most # scanners will not need to take that long. This option is mainly to prevent # defective scanners (that never finish) from interfering with your outgoing E-mail. # Raising this will NOT help if your virus scanner always times out. # SCANNERTIMEOUT 60 # # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG SKIPEXT PNG # # The BANEXT option will let you ban file extensions. E-mails containing attachments # with these file extensions will be quarantined, and if you have a BANnotify.EML file, # it will be sent out. This works in the Standard and Pro versions. # BANEXT scr BANEXT pif BANEXT vbs BANEXT exe BANEXT hta BANEXT com # # The BANEXT EZIP line blocks all encrypted .ZIP and .RAR files, which is necessary # to be fully protected against viruses (since it is impossible to detect a well- # constructed virus within an encrypted .ZIP or .RAR file). # BANEXT EZIP # # Declude Virus Pro can pre-scan HTML files. If no dangerous code is detected, the # virus scanner will not get called. This can significantly cut down on CPU usage. # PRESCAN ON # # Declude Virus can block treat files using CLSID extensions as viruses. This type of # extension will force a certain type of program to be run, while making the file appear # to be a .TXT or other safe file. There is no known legitimate reason to send this # type of file through E-mail. BANPARTIAL ON bans the Partial Vulnerability. # BANCLSID ON BANPARTIAL ON # # The FOOTER lines will add a footer to the bottom of E-mails that are scanned. This may # not be visible if you send HTML or attachments with the E-mail. # FOOTER --- FOOTER [This E-mail scanned for viruses by Declude/F-Prot Virus] # # The DELETEVIRUSES option, when set to ON, will delete viruses, rather than quarantine # them. E-mails that are blocked but not virus is detected (such as banned file extensions # and vulnerabilities) will not be deleted, regardless of this setting, as they have the # potential of being legitimate E-mails. # # It is recommended to leave this at OFF, just to be safe, but many people set this to ON. # DELETEVIRUSES ON # # The DELIVERERRORS option, when set to ON, will treat errors from the virus scanner as if no # virus was found. When set to ON, this could cause viruses to get through in rare situations, # but will also prevent legitimate mail from being quarantined due to an error in the scanner. # It is recommend to leave this at ON. # DELIVERERRORS ON # # The BANCRVIRUSES option will automatically treat E-mail with malformed headers that could # contain a virus as if they did contain a virus. It is strongly recommended that you keep # this set to ON; otherwise, viruses could slip through. # BANCRVIRUSES ON # # The FORGINGVIRUS option is used to list viruses that forge the return address, so Declude # can replace the name of the sender with [Forged]. # FORGINGVIRUS Vulnerablility FORGINGVIRUS Yaha FORGINGVIRUS Braid FORGINGVIRUS Bridex FORGINGVIRUS Bugbear FORGINGVIRUS Dumar FORGINGVIRUS Fizzer FORGINGVIRUS Ganda FORGINGVIRUS Holar FORGINGVIRUS Hybris FORGINGVIRUS Lentin FORGINGVIRUS Magistr FORGINGVIRUS Mimail FORGINGVIRUS Mydoom FORGINGVIRUS Netsky
[Declude.Virus] F-Prot/Declude Problem
I have just moved everything to a new server and installed F-Prot 3.15b and Declude Virus Pro 1.81 for the first time. I keep getting an error in the log files saying you should not have an on access scanner running and it will not put anything in the report.txt file I only installed the On Demand Scanner and the Updater for F-Prot. I did go into F-Prot and Disabled/Deleted all of the windows default scan or on demand options. This is the only virus scanner I have on the server. When I look at the processes the only F-Prot process running is fpavupdm.exe. I have uninstalled and reinstalled 3 times. I did have Symantec from Imail installed on the old server, but I am pretty sure I deleted all the entries in the registry for that when I imported the old registry into the new server. I also put the eicar.com in the in every drive and in any Imail directory to see if it would delete it and 12 hours later it is still there and no pop windows have shown up. I am about to give up. I have emailed F-Prot, Declude, Imail and I still havent found anything to fix this. Every time I reinstalled I deleted any leftover registry keys and the last time I even installed it into a different directory. If you have any ideas please let me know. Thanks Kyle 2003 Std. Server Imail 8.13 Declude Junkmail Pro 1.81 Declude Virus Pro 1.81 F-Prot 3.15b 0/14/2004 21:48:49 Q3a91021100becab0 Scanned: Virus Free [MIME: 1 2067] 10/14/2004 21:48:51 Q3a92021200becab5 1 [1 of 2 not deleted] files were deleted. You should not use an on-access virus scanner that scans the IMail directory or sub-directories. 10/14/2004 21:48:51 Q3a92021200becab5 Scanned: Virus Free [MIME: 1 4041] 10/14/2004 21:48:52 Q3a85011700d2ca8e Outlook 'CR' vulnerability [Subject: F] in line 3 10/14/2004 21:48:52 Q3a85011700d2ca8e Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 1 527] 10/14/2004 21:48:52 Q3a85011700d2ca8e From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 84.129.53.154] 10/14/2004 21:48:52 Q3a85011700d2ca8e Subject: Fwd: high quality pills 10/14/2004 21:48:52 Q3a92073500f4cab4 1 [1 of 2 not deleted] files were deleted. You should not use an on-access virus scanner that scans the IMail directory or sub-directories. 10/14/2004 21:48:52 Q3a92073500f4cab4 Scanned: Virus Free [MIME: 1 330] 10/14/2004 21:48:53 Q3a9001cd0034caac MIME file: [text/html][quoted-printable; Length=12309 Checksum=929937] 10/14/2004 21:48:53 Q3a9001cd0034caac Scanned: Virus Free [Prescan OK][MIME: 1 12339] 10/14/2004 21:48:53 Q3a820440013cca8d Scanned: Virus Free [MIME: 1 10634] 10/14/2004 21:48:55 Q3a94015f00cacaba MIME file: [text/html][7Bit; Length=1008 Checksum=89919] 10/14/2004 21:48:55 Q3a94015f00cacaba Scanned: Virus Free [Prescan OK][MIME: 2 2490] 10/14/2004 21:48:58 Q3a97011800d2cabf MIME file: [text/html][8bit; Length=8450 Checksum=633815] 10/14/2004 21:48:58 Q3a97011800d2cabf Scanned: Virus Free [Prescan OK][MIME: 2 10568] 10/14/2004 21:49:00 Q3a8d029f00cccaa3 Scanned: Virus Free [Prescan OK][MIME: 1 161]