RE: [Declude.Virus] ClamAV with a strong aroma
John, I dropped ClamWin 0.90 a month or so ago due to similar performance issues. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, June 26, 2007 8:11 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] ClamAV with a strong aroma Is anyone using ClamWin 0.90.2.1 with Declude AV? I was, using the following line from the virus.cfg: SCANFILE4 C:\Progra~1\ClamWin\bin\clamscan.exe --verbose --database=C:\Docume~1\AllUse~1\.clamwin\db --tempdir=C:\PROGRA~1\IPSWITCH\IMAIL\Declude\Scanners\ClamAV --no-summary -l report.txt All of a sudden last week, it started filling my C:\PROGRA~1\IPSWITCH\IMAIL\Declude\Scanners\ClamAV folder with *.clamtmp folders that wouldn't clear [and chewed up 100GB of free space in a couple of days], and I also started getting did not finish in time messages in the vir.logs, and it threw my CPU usage to 100% constantly. I commented clam back out and the performance went right back to normal. Has anyone else seen anything unusual with clamav performance recently? John S. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ClamAV Exit codes
Strange. It sounds like a resource depletion problem such as a memory leak that may not even be directly related to clamd. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, September 29, 2006 10:58 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV Exit codes Thank you The strange thing is that the error doesn't appeared constantly at a certain point. At 06:50PM there was the first dozen result codes 2. Then the next one appeared at 11:00PM but still not contantly. There was always 0 and 1 codes. But then it become more and more, and then at a certain point the only result code was 2. Does this mean that clamd can also decease slowly? Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of george kulman Sent: Friday, September 29, 2006 4:22 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV Exit codes Markus, Here are the Return Codes from the ClamAV Documentation. George From http://www.clamav.net/doc/0.88.4/man/clamdscan.1 .SH RETURN CODES .LP 0 : No virus found. .TP 1 : Virus(es) found. .TP 2 : An error occured. From http://www.clamav.net/doc/0.88.4/man/clamscan.1 .SH RETURN CODES .LP Note: some return codes may only appear in a one file mode (clamscan is started with file argument). Those are marked with \fB(ofm)\fR. 0 : No virus found. .TP 1 : Virus(es) found. .TP 40: Unknown option passed. .TP 50: Database initialization error. .TP 52: Not supported file type. .TP 53: Can't open directory. .TP 54: Can't open file. (ofm) .TP 55: Error reading file. (ofm) .TP 56: Can't stat input file / directory. .TP 57: Can't get absolute path name of current working directory. .TP 58: I/O error, please check your file system. .TP 59: Can't get information about current user from /etc/passwd. .TP 60: Can't get information about user 'clamav' (default name) from /etc/passwd. .TP 61: Can't fork. .TP 62: Can't initialize logger. .TP 63: Can't create temporary files/directories (check permissions). .TP 64: Can't write to temporary directory (please specify another one). .TP 70: Can't allocate and clear memory (calloc). .TP 71: Can't allocate memory (malloc). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, September 29, 2006 5:59 AM To: declude.virus@declude.com Subject: [Declude.Virus] ClamAV Exit codes Does anyone know what exit codes ClamAV has and what they mean? From 2006-09-27 06:50PM on I can see a huge number of Virus scanner 2 reports exit code of 2 ...in the virus-logfile. Markus --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] CLAMSCAN Scanner Command Line
The first is for the Windows port of Clam-AV. The second is for ClamWin. Different setups. George -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Monday, March 06, 2006 10:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] CLAMSCAN Scanner Command Line Hi, I have just added the CLAM scanner to my config and was wondering about the command lines described in the Declude manual. I am using the first option SCANFILE [Drive:]\[Path]\bin\clamscan.exe --quiet --log-verbose --no- summary --max-ratio 0 -l report.txt VIRUSCODE 1 or SCANFILE [Drive:]\[Path]\clamwin\bin\clamscan.exe --verbose -- database=[Drive:]\[Path]\db --tempdir=c:\Temp -- no-summary -l report.txt VIRUSCODE 1 What is the database the second version is pointing to? I have no DB directory in C:\clamav-devel nor are there any files called DB in that directory. From what I understand the virus and phishing signatures are in C:\clamav- devel\share\clamav and clamscan.exe figures it out automatically. Am I missing something here? Goran Jovanovic Omega Network Solutions --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] clamwin second scanner error
Craig, You seem to be using the command lines for Clamav and not ClamWn in your virus.cfg. The following id for a default installation of ClamWin. Also, be sure that you have a C:\Temp directory set up. SCANFILE C:\Progra~1\clamwin\bin\clamscan.exe --verbose --database=C:\Docume~1\Alluse~1\.clamwin\db --tempdir=c:\Temp --no-summary -l report.txt VIRUSCODE 1 REPORT FOUND George From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Edmonds Sent: Saturday, March 04, 2006 5:05 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] clamwin second scanner error Importance: High Hi, I get a similar error and my virus.cfg file contains this entry SCANFILE C:\progra~1\clamwin\bin\clamscan.exe --quiet --log-verbose --no-summary --max-ratio 0 -l report.txt VIRUSCODE 1 (I only use clam so VIRUSCODE will be 1) I geta similar error. this is an example ofone log entry . 03/04/2006 10:55:18.528 q640402a300d0f29e.smd Vulnerability flags = 0 03/04/2006 10:55:18.538 q640402a300d0f29e.smd MIME file: [text/html][quoted-printable; Length=867 Checksum=69427] 03/04/2006 10:55:18.769 q640402a300d0f29e.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:20.932 q640402a300d0f29e.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:23.586 q640402a300d0f29e.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:25.799 q640402a300d0f29e.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:28.433 q640402a300d0f29e.smd Virus scanner 1 reports exit code of 50 but here is another...(note is says contains a virus) 03/04/2006 10:55:39.268 q64142ab20086f2a4.smd Vulnerability flags = 0 03/04/2006 10:55:39.278 q64142ab20086f2a4.smd Outlook 'CR' vulnerability [Subject: Y] in line 6 03/04/2006 10:55:39.368 q64142ab20086f2a4.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:41.451 q64142ab20086f2a4.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:44.015 q64142ab20086f2a4.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:46.108 q64142ab20086f2a4.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:48.181 q64142ab20086f2a4.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:50.184 q64142ab20086f2a4.smd File(s) are INFECTED [[Outlook 'CR' Vulnerability]: 50] 03/04/2006 10:56:11.334 q64142ab20086f2a4.smd Scanned: CONTAINS A VIRUS 03/04/2006 10:56:11.334 q64142ab20086f2a4.smd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 213.199.252.61] 03/04/2006 10:56:11.334 q64142ab20086f2a4.smd Subject: Your sex popularity is in your hands and in the hands of Ultra Allure Pheromones. Based on these two different files and log entrie, is CLAM working correctly or not? (Windows 2003, Declude 3.05, CLam AV - up to date latest version.) Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com E : [EMAIL PROTECTED] Marbella Guide Web Portal W: www.marbellaguide.com E: [EMAIL PROTECTED] DISCLAIMER - This message may contain confidential, proprietary or legally privileged information and is intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby informed that you must not use, disseminate, copy it in any form or take any action in reliance on it. If you have received this message in error please delete it and any copies of it and notify it to the sender. AVISO LEGAL - Este mensaje puede contener informacion confidencial, en propiedad o legalmente protegida y esta dirigida unicamente para el uso de la persona destinataria. Si usted no es la persona destinataria de este mensaje, por la presente se le comunica que no debe usar, difundir, copiar de ninguna forma, ni emprender ninguna accion en relacion con ella. = From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Saturday, March 04, 2006 5:07 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] clamwin second scanner error thank you George I made the change but now get a different error: 03/03/2006 23:04:41.708 q11c601a3eb87.smd Error 50 in virus scanner 2. 03/03/2006 23:04:41.708 q11c601a3eb87.smd Scanned: Error in virus scanner. Do you know what that is about? Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of george kulman Sent: Friday, March 03, 2006 6:15 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] clamwin second scanner error Harry, For the second scanner you need to have a 2 after SCANFILE and VIRUSCODE SCANFILE2 C:\progra~1\clamwin\bin\clamscan.exe --quiet --log-verbose --no-summary --max-ratio 0 -l report.txt VIRUSCODE2 1 George From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Friday, March 03, 2006 5:16 PM
RE: [Declude.Virus] clamwin second scanner error
Glad to hear it. G -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Saturday, March 04, 2006 10:17 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] clamwin second scanner error thank you George. I appreciate the help It is running well now Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of george kulman Sent: Saturday, March 04, 2006 7:04 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] clamwin second scanner error Craig, You seem to be using the command lines for Clamav and not ClamWn in your virus.cfg. The following id for a default installation of ClamWin. Also, be sure that you have a C:\Temp directory set up. SCANFILE C:\Progra~1\clamwin\bin\clamscan.exe --verbose -- database=C:\Docume~1\Alluse~1\.clamwin\db --tempdir=c:\Temp --no- summary -l report.txt VIRUSCODE 1 REPORT FOUND George From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Craig Edmonds Sent: Saturday, March 04, 2006 5:05 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] clamwin second scanner error Importance: High Hi, I get a similar error and my virus.cfg file contains this entry SCANFILE C:\progra~1\clamwin\bin\clamscan.exe --quiet --log-verbose --no-summary --max-ratio 0 -l report.txt VIRUSCODE 1 (I only use clam so VIRUSCODE will be 1) I get a similar error. this is an example of one log entry . 03/04/2006 10:55:18.528 q640402a300d0f29e.smd Vulnerability flags = 0 03/04/2006 10:55:18.538 q640402a300d0f29e.smd MIME file: [text/html][quoted-printable; Length=867 Checksum=69427] 03/04/2006 10:55:18.769 q640402a300d0f29e.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:20.932 q640402a300d0f29e.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:23.586 q640402a300d0f29e.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:25.799 q640402a300d0f29e.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:28.433 q640402a300d0f29e.smd Virus scanner 1 reports exit code of 50 but here is another...(note is says contains a virus) 03/04/2006 10:55:39.268 q64142ab20086f2a4.smd Vulnerability flags = 0 03/04/2006 10:55:39.278 q64142ab20086f2a4.smd Outlook 'CR' vulnerability [Subject: Y] in line 6 03/04/2006 10:55:39.368 q64142ab20086f2a4.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:41.451 q64142ab20086f2a4.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:44.015 q64142ab20086f2a4.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:46.108 q64142ab20086f2a4.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:48.181 q64142ab20086f2a4.smd Virus scanner 1 reports exit code of 50 03/04/2006 10:55:50.184 q64142ab20086f2a4.smd File(s) are INFECTED [[Outlook 'CR' Vulnerability]: 50] 03/04/2006 10:56:11.334 q64142ab20086f2a4.smd Scanned: CONTAINS A VIRUS 03/04/2006 10:56:11.334 q64142ab20086f2a4.smd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 213.199.252.61] 03/04/2006 10:56:11.334 q64142ab20086f2a4.smd Subject: Your sex popularity is in your hands and in the hands of Ultra Allure Pheromones. Based on these two different files and log entrie, is CLAM working correctly or not? (Windows 2003, Declude 3.05, CLam AV - up to date latest version.) Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com http://www.123marbella.com/ E : [EMAIL PROTECTED] Marbella Guide Web Portal W: www.marbellaguide.com http://www.marbellaguide.com/ E: [EMAIL PROTECTED] DISCLAIMER - This message may contain confidential, proprietary or legally privileged information and is intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby informed that you must not use, disseminate, copy it in any form or take any action in reliance on it. If you have received this message in error please delete it and any copies of it and notify it to the sender. AVISO LEGAL - Este mensaje puede contener informacion confidencial, en propiedad o legalmente protegida y esta dirigida unicamente para el uso de la persona destinataria. Si usted no es la persona destinataria de este mensaje, por la presente se le comunica que no debe usar, difundir
RE: [Declude.Virus] clamwin second scanner error
Harry, For the second scanner you need to have a 2 after SCANFILE and VIRUSCODE SCANFILE2 C:\progra~1\clamwin\bin\clamscan.exe --quiet --log-verbose --no-summary --max-ratio 0 -l report.txt VIRUSCODE2 1 George From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Friday, March 03, 2006 5:16 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] clamwin second scanner error I added clamav as a second scanner to my virus.cfg file as follows: SCANFILE C:\F-Prot\fpcmd.exe -TYPE -SILENT -NOMEM -ARCHIVE=5 -DUMB -NOBOOT -REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection: SCANFILE C:\progra~1\clamwin\bin\clamscan.exe --quiet --log-verbose --no-summary --max-ratio 0 -l report.txt VIRUSCODE 1 Now I get the folowing error in the virus log: 03/03/2006 17:11:59.307 qbf26019990d6.smd Vulnerability flags = 862 03/03/2006 17:12:09.448 qbf26019990d6.smd Could not find parse string Infection: in report.txt 03/03/2006 17:12:09.448 qbf26019990d6.smd Error 50 in virus scanner 1. 03/03/2006 17:12:09.448 qbf26019990d6.smd Your virus scanner DOES NOT EXIST (at D:\IMail\spool\proc\work\DBF260~1.VIR\); NOT SCANNING ATTACHMENTS! [2] Error String: [The system cannot find the file specified.] 03/03/2006 17:12:09.448 qbf26019990d6.smd Scanned: Error starting scanner Any idea what I did wrong? thank you Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222
[Declude.Virus] Scanner Parameters
The recommended setups for NOD32 and Trend do not have a REPORT line. Does anyone know the values to use for these in order to get a virus name reported. Thanks, George
RE: [Declude.Virus] Scanner Parameters
Sandy, Thanks as always. Do you happen to have the correct content for the REPORT entry? George -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Thursday, February 02, 2006 2:28 PM To: george kulman Subject: Re: [Declude.Virus] Scanner Parameters Does anyone know the values to use for these in order to get a virus name reported. NOD32: /logrewrite /log+ /log=FILENAME --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.Virus] Scanner Parameters
Sandy, Thanks again. I've put it in place but it'll take a while to test. I don't see many viruses in e-mail since they're mainly caught by my IPS. When the Blackworm furor dies down I'll run a Eicar test with the IPS on bypass and let you know. George -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Thursday, February 02, 2006 8:38 PM To: george kulman Subject: Re[2]: [Declude.Virus] Scanner Parameters Thanks as always. Do you happen to have the correct content for the REPORT entry? Good question. I _think_ you want REPORT - With two spaces after the keyword REPORT. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] OT anyone know these guys ?
The Domain was just registered 2 weeks ago. Looks like another rip-off scam to me. George Registrant: inc., olarisoft (SEPNVMEGVD) 832 Coyote Road SAN JOSE, CA 95111 US Domain Name: AUTHORIZATIONS.NET Administrative Contact: inc., olarisoft (36085641P) [EMAIL PROTECTED] 832 Coyote Road SAN JOSE, CA 95111 US (323) 281-0573 Technical Contact: Affinity Hosting, LLC (TS1126-ORG) [EMAIL PROTECTED] 16611 S. Vermont Ave Gardena, CA 90247 US 310-354-2626 fax: 310-354-1592 Record expires on 01-Oct-2004. Record created on 01-Oct-2003. Database last updated on 15-Oct-2003 15:56:36 EDT. Domain servers in listed order: NS2.HOSTSAVE.COM 207.150.197.103 NS3.HOSTSAVE.COM 207.150.198.114 NS1.HOSTSAVE.COM 207.150.196.199 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ISPhuset Nordic AS Sent: Wednesday, October 15, 2003 3:31 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] OT anyone know these guys ? http://authorizations.net/ sending this mail as html, the webpage looks ok but I can't take such email serious Benny Attention! In our global system of monitoring there was a technical failure. In avoidance of frauds with your credit card enter the full data for authorization, otherwise your credit card will be frozen during 10 day. -- -- First name: Last name: Date of Birth SSN: MMN: Alternative password: max 8 char. Full Name on Credit Card: Card Type: VisaMasterCardAmexDinersClub Card Number: Expiry date: CVV2 code: ATM PIN (Bank Verification) #: Credit Card Billing Address: City: State/Province: Province if not US/Canada: Zip/Postal Code: Phone Number: Fax Number: Country: AfghanistanAlbaniaAlgeriaAmerican SamoaAngolaAnguillaAntarcticaAntiguaArgentinaArmeniaArubaAscension IslandAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbad osBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBosnia-HerzegovinaBotsw anaBrazilBritish Virgin IslandsBruneiBulgariaBarkinoa FasoBurundiCameroonCambodiaCanadaCape Verde IslandsCayman IslandsCentral African Rep.Chad RepublicChileChinaColombiaComorosCongoCook IslandsCosta RicaCroatiaCyprusCzech RepublicDenmarkDiego GarciaDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEqitorial GuineaEritreaEstoniaEthiopiaFaeroe IslandsFalkland IslandsFiji IslandsFinlandFrench GuyanaFrench PolynesiaFranceFrench AntillesGabonGambiaGeorgiaGermanyGhanaGibralterGreeceGreenland GrenadaGuadeloupeGuamGuantanemo BayGuatemalaGuineaGuinea BissauGuyanaHaitiHondurasHong KongHungaryIcelandIndiaIndonesiaIranIraqIrelandIsraelItalyIvory CoastJamaicaJapanJordanKazakhstanKenyaKiribatiKorea (South)Korea (North)KuwaitKyrgyzstanLaosLatviaLebanonLesothoLiberiaLibyaLit huaniaLuxembourgMacaoMacedoniaMadagascarMalawiMalaysiaMaldivesMali RepublicMaltaMarshall IslandsMauritaniaMauritiusMexicoMicronesiaMoldovaMongoliaMonts erratMoroccoMozambiqueNamibiaNauruNepalNetherland AntillesNetherlandsNevisNew CalidoniaNew ZealandNicaraguaNigerNigeriaNiue IslandNorfork IslandNorwayOmanPakistanPalauPanamaPapua New GuiniaParaguayPeruPhilipinesPolandPortugalQatarReunion IslandRomaniaRussian FederationRwandaSaipanSao TomeSaudi ArabiaSenegal RepublicSeychelles IslandSierrra LeoneSingaporeSlovakiaSloveniaSoloman IslandSomaliaSouth AfricaSpainSri LankaSt HelenSt KittsSt LuciaSt PierreSt VincentSudanSurinameSwazilandSwedenSwitzerlandSyriaTaiwanTanza niaThailandTogoTongaTrinidad TobagoTunisiaTurkeyTurks/CaicosTuvaluUgandaUkraineUnited Arab EmiratesUnited KingdomUnited StatesCanadaUruguayVanuatuVenezuelaViet NamWallis / FutunaWest SamoaYemen RepublicYugoslaviaZaireZambiaZimbabwe Authorizations.Net, an InfoSpace service, is the preferred global payment-processing service for e-commerce, enabling merchants to process secure transactions in real time, 24 hours a day. Authorizations.Net Payment Solutions process credit cards and electronic checks, and work with any business model, including Internet, broadband, wireless, call centers, and retail. More businesses are using Authorizations.Net to process their transactions over the Internet than any other payment solutions provider. Since 1996, Authorizations.Net has rapidly become a leading provider of Internet-based transaction services, with thousands of online and traditional business customers around the world. Authorizations.Net has also formed strategic alliances with leading financial institutions and technology partners to deliver the most
RE: [Declude.Virus] Fw: Your mail server sent us a virus
John, Here's what I send back to the IMail / Declude Postmasters. - I function as the Postmaster for domain.com domain. An examination of our mail server logs indicates that the e-mail in question was NOT sent from our mail server. The [EMAIL PROTECTED] virus is a Forging Virus which selects the sender name from the address book of the infected machine. Due to this, most anti-virus systems are set to NOT send virus notification messages to the Forged Sender and Domain Postmaster. If you are truly concerned, examine the headers of the incoming e-mail to determine the IP address of the sending server and then use a web site such as www.samspade.org or www.dnsstuff.com to determine the actual source. In this case it was sent from an otherdomain.com user's infected system. It is also a well documented fact that erroneous notifications such as yours are putting large amount of unnecessary traffic on the internet and compounding the problems caused by this virus. Out recommendation is that you set your anti-virus software to not generate sender and sending postmaster e-mail for Forging Viruses. The most common forging viruses are: Bugbear, Fizzer, Klez, Magistr, Sobig (all versions), Palyh, Yaha, Lentin, Bridex, and MiMail. Additionally, since you are using IMail with Declude, you might want to check out the methods for doing this such as replacing the beginning content of your otherpostmaster.eml and sender.eml file with the following or even disabling them for the time being by renaming them: ONLYSENDIFREMOTESENDER SKIPIFVIRUSNAMEHAS Bugbear SKIPIFVIRUSNAMEHAS Fizzer SKIPIFVIRUSNAMEHAS Klez SKIPIFVIRUSNAMEHAS Magistr SKIPIFVIRUSNAMEHAS Vulnerability SKIPIFVIRUSNAMEHAS Sobig SKIPIFVIRUSNAMEHAS Outlook 'CR' vulnerability SKIPIFVIRUSNAMEHAS Palyh SKIPIFVIRUSNAMEHAS Yaha SKIPIFVIRUSNAMEHAS Lentin SKIPIFVIRUSNAMEHAS Bridex SKIPIFVIRUSNAMEHAS MiMail From: [EMAIL PROTECTED] You might also subscribe to the Declude Virus forum where this has been a major subject of discussion or check out the Forum Archives. To subscribe, send an E-mail to [EMAIL PROTECTED] with a body of subscribe Declude.Virus Firstname Lastname. You will receive an E-mail that you will need to respond to in order to confirm your request. The archives can be found at http://www.mail-archive.com and the forum is declude.junkmail This notice is sent as a courtesy so that you have the option of correcting your virus notification configuration. If your mail server had a better virus protection configuration, it would have caused less work for our server and lessened the amount of unnecessary internet traffic. I don't know if it accomplishes anything (probably not), but I get some satisfaction out of it. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, August 21, 2003 2:51 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Fw: Your mail server sent us a virus Why is it there are mail admins out there running Imail and Declude that are continuing to send out virus notices to forged addresses? I have seen 5 in the last 24 hours. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, August 21, 2003 11:15 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Fw: Your mail server sent us a virus There are only 2 .eml files that I'm using, recip.eml and postermaster.eml. There are no other .eml files in the declude directory. Ah, I think I know what the problem is. That notification is coming from *another* mailserver running Declude Virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses
RE: [Declude.Virus] [OT:] SoBig.E
I use Declude so that I can send an explanatory e-mail to the sender who can then zip legitimate attachments and resend them George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharyn Schmidt Sent: Tuesday, August 19, 2003 10:51 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] [OT:] SoBig.E I don't do it at the firewall level, but I do HOLD them using Declude Virus. I guess my thoughts on this are, if you don't *have* to let them into your network to begin with, then why do so? Sharyn We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged Best in the World at the annual San Francisco Wine and Spirits Championships. For more information, please click (go to) htmla href=http://www.cruzanrums.com;www.cruzanrums.com/a/html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Declude Virus v1.61 (beta) released
Scott, Which version of Junkmail does this exe include? George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Monday, September 23, 2002 8:47 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Declude Virus v1.61 (beta) released We have just released Declude Virus v1.61 (beta). See http://www.declude.com/virus/manual.htm . Changes include: o Adds detection of numerous new vulnerabilities. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.