I think I understand the question.
I only get banned extension notices when there is no known virus.
I route these banned notices to a folder in my mail program for special
attention (the virus name is in the subject).
The banned e-mails get checked by hand.
If it looks legit, I send a form
Double check the D file. There might be more than one attachment.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Jay Calvert
Sent: Friday, March 26, 2004 8:57 AM
To: [EMAIL PROTECTED]
Hi all we just had a case where an email was banned because Declude said it
had an exe in the email, when it only had a TXT.
What happened here?
What happened is that either it contained an .exe file, or it had multiple
extensions (in which case Declude Virus assumes the worst, that it is an
Scott,
I just sent it to you, please look for it, it came from our systems account.
Jay
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 26, 2004 9:17 AM
Subject: Re: [Declude.Virus] BANEXT EXE
Hi all we just had a case where
I have several examples of that from last night as well, all the txt
attachments were anti-virus generated attachments
03/25/2004 19:11:00 Q751409530072c4c8 MIME file: DELETED0.TXT
[quoted-printable; Length=113 Checksum=12852]
03/25/2004 19:11:00 Q751409530072c4c8 Banning file deleted0.txt.
I have several examples of that from last night as well, all the txt
attachments were anti-virus generated attachments
03/25/2004 19:11:00 Q751409530072c4c8 MIME file: DELETED0.TXT
[quoted-printable; Length=113 Checksum=12852]
03/25/2004 19:11:00 Q751409530072c4c8 Banning file deleted0.txt.
Scott,
Did you receive the second email?
Jay
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 26, 2004 9:39 AM
Subject: Re: [Declude.Virus] BANEXT EXE
I have several examples of that from last night as well, all the txt
Hi all we just had a case where an email was banned because Declude said it
had an exe in the email, when it only had a TXT.
What happened here?
The problem here is that the mail client (a program whose name is as poor
as its MIME handling: Mail A.01.77) is giving out 2 different names for
the
: Re: [Declude.Virus] BANEXT EXE
Hi all we just had a case where an email was banned because Declude said
it
had an exe in the email, when it only had a TXT.
What happened here?
The problem here is that the mail client (a program whose name is as poor
as its MIME handling: Mail A.01.77
The problem here is that the mail client (a program whose name is as poor
as its MIME handling: Mail A.01.77) is giving out 2 different names for
the file. In one location, it calls the file EPM11002.FILES.CANJET, in
the other location it calls it EPM11002.TXT. While Declude Virus knows
- Original Message -
From: Jay Calvert [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 26, 2004 10:58 AM
Subject: Re: [Declude.Virus] BANEXT EXE
But if this is the case, how will a file be caught if somebody renames a
.zip to a .zio?
Will declude know the difference. Would
PROTECTED]
Sent: Monday, March 08, 2004 2:22 AM
Subject: RE: [Declude.Virus] BANEXT question
As Don said, there is no such thing as BANEXT EZIP.
Try reading the archives again.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED
No such thing as BANEXT EZIP??
I believe he meant There is no such thing as BANEZIP ON (because there
isn't one of those). But Don re-posted the summary that I had sent out
last week, which has all the details in it.
-Scott
---
Declude
Perry
Sent: Monday, March 08, 2004 6:44 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] BANEXT question
No such thing as BANEXT EZIP??
I believe he meant There is no such thing as BANEZIP ON (because there
isn't one of those). But Don re-posted the summary that I had sent out
Scott, posted this last week:
With the latest interim release, you can use:
BANEXT EZIP - This line will ban all .ZIP files with an
encrypted file in them
BANZIPEXTS ON - This line (Pro version only) will ban all file extensions
listed in BANEXT lines, if they appear in
Scott,
Can I configure the bannotify.eml to not send messages to the sender of
the file, but to send them only to the recipient and to me.
Not currently.
Isn't it possible to modify the Bannotify.eml file and only include the recipient and
postmaster? Would it still send a notice to the
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of bill.maillists
Sent: Tuesday, March 02, 2004 12:27 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Banext and bannotify.eml questions
Scott,
Can I configure the bannotify.eml to not send messages to the sender
Can I configure the bannotify.eml to not send messages to the sender of
the file, but to send them only to the recipient and to me.
Not currently.
Actually, I believe this can be done, by using a line To:
%ALLRECIPS%,[EMAIL PROTECTED] in the \IMail\Declude\BANnotify.eml file.
OK, I have it the other way around, does that matter?
No. Any E-mail addresses that appear after To: and that are separated
by commas will work.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
PROTECTED] Behalf Of R. Scott Perry
Sent: Tuesday, March 02, 2004 12:47 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Banext and bannotify.eml questions
Isn't it possible to modify the Bannotify.eml file and only include the
recipient and postmaster? Would it still send a notice
BANEXTdata
Does not look to be executable.
http://filext.com/detaillist.php?extdetail=dataSubmit3=Go%21
BANEXTlink
No such extension found.
http://filext.com/detaillist.php?extdetail=linkgoButton=Go
BANEXTunk
No such extension found.
Good list, John. Thanks for sharing.
Darin.
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 28, 2004 3:55 PM
Subject: RE: [Declude.Virus] BANEXT
What are the recommended extensions to BAN?
http
] On Behalf Of Darin Cox
Sent: Sunday, February 01, 2004 9:23 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] BANEXT
Good list, John. Thanks for sharing.
Darin.
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 28, 2004 3:55
What are the recommended extensions to BAN?
http://www.eservicesforyou.com/documents/emailattachments.pdf
How do you handle it if someone needs to send a file through...sometimes
there will be legitimate files that need to be send through.
I tell them to zip it.
John Tolmachoff
Would you be willing to send the list as a text file?
Thanks, Andy
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 28, 2004 3:55 PM
Subject: RE: [Declude.Virus] BANEXT
What are the recommended extensions to BAN
Klinge
Sent: Monday, January 26, 2004 10:11 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] BANEXT
Geeze.. So you want the virus to only effect certain users?
~Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert
Grosshandler
Sent
PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Robert Grosshandler
Sent: Tuesday, January 27, 2004 6:10 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] BANEXT
Well, yes! If I open a zip and catch a virus, woe on me. I'm supposed to
be experienced enough not to do
Geeze.. So you want the virus to only effect certain users?
~Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert
Grosshandler
Sent: Monday, January 26, 2004 9:19 PM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] BANEXT
Thanks to all
Just like everyone else, we are getting hammered by Sobig.F. Declude seems
to be catching and holding the virus e-mails with the attachments because of
the BANEXT option. The potential exists to overload our hard drive. There
were over 3,000 held messages today (that is about 2x what we would
: [Declude.Virus] BANEXT to delete all .pif?
Just like everyone else, we are getting hammered by Sobig.F. Declude seems
to be catching and holding the virus e-mails with the attachments because
of
the BANEXT option. The potential exists to overload our hard drive. There
were over 3,000 held messages
] Behalf Of R. Scott Perry
Sent: Wednesday, August 20, 2003 04:03 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] BANEXT to delete all .pif?
Just like everyone else, we are getting hammered by Sobig.F. Declude seems
to be catching and holding the virus e-mails with the attachments because
I thought BANEXT worked before the scanner?
Both are done on all E-mail, and if a virus is found, it takes priority
over the banned file extension.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude
I'm thinking of leaving the banext in place but want to allert the sender
and/or recipient when a mail is being held. I've downloaded the
BANnotify.eml file but don't see how Declude decides when to use it. Do I
need to put any extra control lines at the beginning?
Declude knows by the name of
Is there a way to just refuse attachments of certain types? instead of
quarantined OR strip the attachment off? I don't want to bounce messages,
I'd be happy with just removing the attachment. maybe add a line to the
mail Attachment removed ? Is this possible? Or something we can add?
No,
http://www.antichip.org/virusinfo/extensions.html
http://www.internetworking.ch/htme/security13.htm
http://www.f-secure.com/v-descs/stages.shtml
http://www.quickheal.com/stages.htm
http://www.geocities.com/floydian_99/inv2.html
http://archives.neohapsis.com/archives/vuln-dev/1999-q4/0122.html
Hope that helps.
Thanks John!
Sheldon
Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com
Ten Forward Communications 360-457-9023
Nationwide access, neighborhood support!
Whenever you find yourself on the side of the majority, it's time
to pause and reflect. Mark Twain
I just implimented the BANEXT in my virus.cfg and added the bannotify.eml to
my Declude directory. The notify only goes out to the sender and I would
like to know when a banned extension tries to come in as well. I know I
could just add an additional entry to the to: field of bannotify.eml but
Thanks, will do Scott!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Wednesday, September 04, 2002 2:07 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] BANEXT settings
I just implimented the BANEXT in my virus.cfg
The catch here is that BinHex (Mac encoding) files have the filename within
the encoded segment. So you can have a situation where the MIME filename
is safefile.txt, but the BinHex segment says the filename is
evilvirus.exe (which you won't see, because it is encoded).
Those headers won't affect whether or not Declude bans the files -- the
*real* filename is one you won't see, becaues it is encoded.
You can send a copy of the E-mail file to [EMAIL PROTECTED] , and I can
test it here to see what the real extensions are.
ok, so next question... if declude caught the attachment why did it not list with the
%BANEXT% variable? That variable was blank. How would I determine what file
extension was caught. I'm just trying to understand...
On Friday, August 9, 2002 9:17 AM, R. Scott Perry [EMAIL PROTECTED] wrote:
]] On Behalf Of R. Scott Perry
Sent: Friday, August 09, 2002 8:18 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] banext issue
Those headers won't affect whether or not Declude bans the files -- the
*real* filename is one you won't see, becaues it is encoded.
You can send a copy of the E-mail
Perry
Sent: Friday, August 09, 2002 8:18 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] banext issue
Those headers won't affect whether or not Declude bans the files -- the
*real* filename is one you won't see, becaues it is encoded.
You can send a copy of the E-mail file to [EMAIL PROTECTED
I did not catch that you wanted the message How do I go about taking
something from the virus folder, change the recipient to [EMAIL PROTECTED]?
just copy and change the sender in both files?
Probably the easiest thing to do would be to send the .SMD file (from the
virus folder) as an
ok scott, I'll get the latest thanks for looking into it.
Insidently, I see that all the time with mac files... spaces at the end pain in the
_ss
On Friday, August 9, 2002 11:18 AM, R. Scott Perry [EMAIL PROTECTED] wrote:
so, I looked at the message in the virus folder and there were
I have the BANEXT and the notify working fine. My question is there a way to
send the notify email to the postmaster (me) also to let me know that
someone tried to send a banned extension?
You can have:
To: %MAILFROM%,[EMAIL PROTECTED]
in the \IMail\Declude\BANnotify.eml file, which
Can I downoload the BANnotify.eml template from somewhere?
Yes, you can download it from
http://www.declude.com/release/154/bannotify.eml . Further details on
banning file extensions can be found at
http://www.declude.com/virus/manual.htm in the Banning files based on
extension section.
Thanks all
-Original Message-
From: Dustin Freeman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 12, 2002 10:25 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.Virus] BANEXT notify
Can I downoload the BANnotify.eml template from somewhere?
-Original Message-
From: Don
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] BANEXT maybe not working?
the virus scanning takes priority over the banning. That is,
the E-mail
will be scanned for viruses first, and only if the E-mail is
virus-free will
the file extension banning be done.
Thank you and PLEASE remember
49 matches
Mail list logo