Checking for Spyware would be the responsibility of a desktop application,
not at the e-mail server level. Most Spyware is installed as the result of
user internet browser use.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
How do you know if spyware is on a PC? Does Declude or Imail identify
and remove sneakly applications such as these?
That is up to the AV program. Most AV programs do not attempt to detect
spyware. However, if the AV program you use with Declude Virus is capable
of detecting spyware, then it
Thanks scott.
I use F-Prot and I don't know if they block this. I will check it out.
Samantha
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]
Sent: Monday, January 26, 2004 10:20 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Imail and Spyware Protection
I use F-Prot and I don't know if they block this. I will check it out.
They do not. Very, very few AV programs detect spyware. If you want to
detect spyware sent in E-mail, it may be best to use a program like
PestPatrol with Declude Virus in addition to F-Prot.
Pest Patrol is a spyware application that is support by Declude Virus, at
least it is shown in the manual at http://www.declude.com/virus/manual.htm.
Bill
- Original Message -
From: Bridges, Samantha [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, January 26, 2004 7:49 AM
Subject:
Doesn't all spyware that comes via email run as an
executable? I assume you can tell Imail to ditch all *.exe files and
this would slow spyware down from the mail side.
Since most spyware comes through Internet browsing on the desktop, I
would recommend Lavasoft's Ad Aware. It's good and free.
Remember though, most Spyware gets onto a users computer via Internet
browsing usage and security configuration on the computer and in the
browser, not through e-mail.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
FYI, there is a new fast-spreading virus out there, that is too new to be
caught by AV programs yet.
So far we have seen filenames of body, data, document, file,
glszfj, message, readme, test, text, vgsu042a, and vncexdl,
with extensions of .pif, .scr, .zip.
It may be a wise idea to
Yep - just gone one. The readme.zip contains a readme.scr screen saver.
No doubt a virus.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Monday, January 26, 2004 04:34 PM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] New,
Hm - just got this mail with an attached README.ZIP (which I didn't open):
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Monday, January 26, 2004 04:32 PM
Subject:
The message contains Unicode characters and has been sent as a binary
attachment.
-Original Message-
This is going to be a bad one. The file I got was fssgf.zip with a fssgf.scr
inside of it.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Andy Schmidt
Sent: Monday, January
FYI, I just received a suspicious email with a zipped SCR in it. Sent to
virus trap for verification.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent:
I've trapped three of these in the last half hour (we always ban SCR and
PIF files). I've seen three different subjects (it must be a Bagel
variant):
Hi
Hello
MAIL DELIVERY SYSTEM
The bodies all have that one line in them that you quoted. The only
other notable sign that I can see is a
F-prot just had an update too, waiting to see if we catch any.
Jim Matuska Jr.
Computer Tech II
CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
- Original Message -
From: Andy Schmidt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, January 26, 2004 2:06 PM
Subject: RE:
Well, that's a good sign then that JunkMail will at least add a few
points to it. If I'm correct, that error also causes BADHEADERS to trip
as well, and if you have LOSSENSPAMHEADERS ON, it will skip this test.
These messages will also fail CMDSPACE.
Matt
R. Scott Perry wrote:
The bodies
So much for the latest update from F-Prot, it does not pick up the new
virus, I just received one a few seconds ago, failed spam headers but made
it right through virus.
Jim Matuska Jr.
Computer Tech II
CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
---
[This E-mail was scanned for
Does the BANNAME entry in virus.cfg support a comment on the end of the
line? We are banning a number of specific filenames due to specific
virus threats and I would like to put the virus name next to the BANNAME
entry.
Thanks,
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
F-Prot just released new Definitions that pick up W32/[EMAIL PROTECTED] as well.
Jim Matuska Jr.
Computer Tech II
CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
- Original Message -
From: Andy Schmidt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, January 26, 2004 2:06
This brings up one additional thought for blocking this sort of virus in the
future, would there be anyway to have declude be able to detect that a zip
file includes a .scr file inside and block it when you use the :banext
scr option in the virus.cfg file? Is this possible, perhaps in a future
We have been stopping them since about 2:30 CST. F-Prot updates 4 times
daily.
Jim Nitterauer
President
Creative Data Concepts Limited, Inc.
3 W. Garden Street
Suite 326
Pensacola, FL 32502
http://www.creativedata.net
850-434-7645
800-607-6168
-Original Message-
From: [EMAIL PROTECTED]
Well, that's a good sign then that JunkMail will at least add a few points
to it. If I'm correct, that error also causes BADHEADERS to trip as well...
No (this is important).
If an E-mail has headers that are [1] common in spam, and [2] rare in
legitimate E-mail, it will fail either the
Thanks. That will work just fine.
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
702.319.4349
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Monday, January 26, 2004 2:46 PM
To: [EMAIL
Does the BANNAME entry in virus.cfg support a comment on the end of the
line?
No.
We are banning a number of specific filenames due to specific
virus threats and I would like to put the virus name next to the BANNAME
entry.
In this case, I would recommend adding a comment line before it, such
I forgot that this was due to a combination of issues that can occurr
when IMail inserts a header if it receives a message with an IP for the
HELO and replied as if that was always the case. You've been through
this before with me, and I do understand.
Thanks,
Matt
R. Scott Perry wrote:
F-Prot Windows, was never able to resolve this so we disabled until today
since we're not catching mydoom with mcafee
PV
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, January 26, 2004 7:12 PM
Subject: RE: [Declude.Virus] MyDoom
There I was today adding some new BANNAME's to the virus.cfg file when I
notice .vir directories starting to stack up...
Running declude 1.76i14
Is there any help out there?
Yes -- run the latest release, latest beta, or latest interim release. Any
of the above should fix your problem. :)
Just MyDoom.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of
Keith Johnson
Sent: Monday, January 26, 2004 4:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] New, fast-spreading
You know, for how fast spreading this appears to be, I am wondering if it is
not being propagated by all those zombies out there.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came
My F-Prot caught one already. Make sure you have the 1/26 application defs
and not just the macro defs. When I updated earlier I only got 1/26 macro
virus defs. Then I got the application defs when I tried a little later
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information
Charles,
I am a big fan of F-Prot for scanning email on my server. I have been very
happy with it and it is very cheap. (I would not simply have gone with it
for cheapness but it is a plus once you've decided you like it.)
-Josh
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc.
About 40K, but Scott's suggestion about updating the exe seems to have
worked...I just don't know what happened. Iguess I should not 'play' so
much.
Thanks anyways John, I hope its fixed.
Robert
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
ROFLOL!!
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
702.319.4349
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Matt
Sent: Monday, January 26, 2004 5:19 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus]
Title: Message
Yes,
since 5 PM. They do have an "extra.dat" - or just get the "dailydats" which are
updated many times daily.
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL
Title: Message
Have
you told your scanner to scan inside zip files?
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Kami RazvanSent: Monday, January 26,
Thanks to all for the quick notification of the new virus. We seemed to
have escaped any harm.
We immediately put BANEXT zip into our virus.cfg file, and that seemed to be
a good thing.
Now I'm thinking about lowering our protection back to where it was.
Is it possible, with Virus Standard,
Geeze.. So you want the virus to only effect certain users?
~Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert
Grosshandler
Sent: Monday, January 26, 2004 9:19 PM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] BANEXT
Thanks to all
Recently, I read an article about spyware. Does Declude or Imail
address this issue with their product(s)? A quote from an article
states: Network Associates will become the latest security software
maker to address the growing problem of stealth surveillance software
known as spyware.
How do
Title: Message
Hello.
Has anyone heard about the
fraudulent email claiming to be from the FDIC?
Below is a snippet from the
FBI on this new threat. Has anyone seen this before or recently?
What actions did you take as messaging administrators to rectify
this?
Upon
investigation I have
38 matches
Mail list logo