Re: [Declude.Virus] New interim release to ban extensions in .ZIP files
Hi, I've got BANEZIPEXTS ON And the file got through (encrypeted zip with password in the body of the email) ver 1.78i7 There is so much info floating around...what version do I need to block this, and what exactley do I need in the config files?? Scott, can you please list the recommended config, the ver, and what each config line does? Thanks, Andy - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 6:17 PM Subject: Re: [Declude.Virus] New interim release to ban extensions in .ZIP files I am trying to understand this, but the reality doesn't work like I think you are saying it should. If I have the following in my virus.cfg file: BANEXT EZIP Note that BANEXT EZIP is the original quickly-implemented format that may have problems. with or without: BANZIPEXTS ON BANEZIPEXTS ON These lines will ban file extensions that appear in .ZIP files (both un-encrypted and encrypted files). Any BANEXT lines will be used to determine whether files within .ZIP files should be banned. I catch the encrypted/password protected virus files. However, if I use just: BANZIPEXTS ON BANEZIPEXTS ON the virus files pass right through declude, reporting that the file is virus free. Am I simply not understanding how this is supposed to work. I though we no longer needed to use BANEXT EZIP. Please enlighten me on the error of my ways... :-) The old format (which I won't repeat, just because the more it gets repeated the more likely people will try to use it) would block any .ZIP file if the first file in it was encrypted (even if it was a .TXT file). The new format will ban the same extensions that you are already banning, but will do so in .ZIP files. The BANZIPEXTS ON option will ban the files if they are un-encrypted, the BANEZIPEXTS ON will ban the files if they are encrypted. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New interim release to ban extensions in .ZIP files
Scott, Thank You! Bill -- Original Message -- From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 02 Mar 2004 14:58:40 -0500 FYI, we now have a new interim release 1.78i7 (at http://www.declude.com/interim ) that will allow you to ban file extensions within .ZIP files. To do this, you can add either the line BANZIPEXTS ON to the \IMail\Declude\virus.cfg file (to ban file extensions within .ZIP files, for files that are not encrypted) and/or BANEZIPEXTS ON (to ban file extensions within .ZIP files, for files that are encrypted). They will use the same file extensions as the BANEXT option. So if you already have BANEXT exe in the \IMail\Declude\virus.cfg file, and add lines BANZIPEXTS ON and BANEZIPEXTS ON to the virus.cfg file, Declude Virus will block both standard .exe files as well as .exe files within .ZIP files (whether or not they are encrypted). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New interim release to ban extensions in .ZIP files
I am trying to understand this, but the reality doesn't work like I think you are saying it should. If I have the following in my virus.cfg file: BANEXT EZIP with or without: BANZIPEXTS ON BANEZIPEXTS ON I catch the encrypted/password protected virus files. However, if I use just: BANZIPEXTS ON BANEZIPEXTS ON the virus files pass right through declude, reporting that the file is virus free. Am I simply not understanding how this is supposed to work. I though we no longer needed to use BANEXT EZIP. Please enlighten me on the error of my ways... :-) Thanks, Bill - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 2:07 PM Subject: RE: [Declude.Virus] New interim release to ban extensions in .ZIP files Do these new features, BANZIPEXTS and BANEZIPEXTS, stop both zip files and encrypted zip files if you do not have the BANEXT ZIP setting? Yes (using BANEXT ZIP would block all .ZIP files will be banned, regardless of what file extensions they may contain). Just wondering if using the above forces us to block Zip files or not. We do not want to block Zip files, but like the idea of blocking them if they contain an extension that we do want to block. The BANZIPEXTS/BANEZIPEXTS options will allow you to allow normal .ZIP files, while blocking .ZIP files that contain certain extensions. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New interim release to ban extensions in .ZIP files
I am trying to understand this, but the reality doesn't work like I think you are saying it should. If I have the following in my virus.cfg file: BANEXT EZIP Note that BANEXT EZIP is the original quickly-implemented format that may have problems. with or without: BANZIPEXTS ON BANEZIPEXTS ON These lines will ban file extensions that appear in .ZIP files (both un-encrypted and encrypted files). Any BANEXT lines will be used to determine whether files within .ZIP files should be banned. I catch the encrypted/password protected virus files. However, if I use just: BANZIPEXTS ON BANEZIPEXTS ON the virus files pass right through declude, reporting that the file is virus free. Am I simply not understanding how this is supposed to work. I though we no longer needed to use BANEXT EZIP. Please enlighten me on the error of my ways... :-) The old format (which I won't repeat, just because the more it gets repeated the more likely people will try to use it) would block any .ZIP file if the first file in it was encrypted (even if it was a .TXT file). The new format will ban the same extensions that you are already banning, but will do so in .ZIP files. The BANZIPEXTS ON option will ban the files if they are un-encrypted, the BANEZIPEXTS ON will ban the files if they are encrypted. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New interim release to ban extensions in .ZIP files
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] The new format will ban the same extensions that you are already banning, but will do so in .ZIP files. The BANZIPEXTS ON option will ban the files if they are un-encrypted, the BANEZIPEXTS ON will ban the files if they are encrypted. Okay, so if I want to continue to ban any zip file that is encrypted, whether I have defined the extension to be band or not, I should continue to use BANEXT EZIP, correct? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New interim release to ban extensions in .ZIP files
Okay, so if I want to continue to ban any zip file that is encrypted, whether I have defined the extension to be band or not, I should continue to use BANEXT EZIP, correct? That is correct. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New interim release to ban extensions in .ZIP files
Does BANEXT ZIP cover BANEXT EZIP? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New interim release to ban extensions in .ZIP files
Does BANEXT ZIP cover BANEXT EZIP? BANEXT ZIP will ban all .ZIP files, regardless of what files or encryption may be used. BANEXT EZIP is a temporary measure that blocks .ZIP files where the first file in encrypted. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.