http://www.mcafee.com/anti-virus/viruses/goner/default.asp?cid=2636
scroll down and follow the link to download the EXTRA.DAT.
That's how McAfee handled last-minute updates.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Paul Ingram
Sent: Tuesday,
I removed the EXTRA.DAT for copyright reasons - and it's available online
for download. But you may find the document helpful.
-Original Message-
From: Virus Research [mailto:[EMAIL PROTECTED]]
Network Associates
McAfee AVERT, UK
A Division of Network Associates
UK, Aylesbury
Customer
The virus engines have updated the naming conventions to reflect the actual
payload in the BadTrans virus - there is two entirely different trojan
horses, each with a distinct name and both are equally scary in their
capabilties.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
For the BANnotify that is true. But for a Virus Notify (same feature), the
FULLMSG could contain an HTML virus in the body of the message?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mike Watchman
Sent: Friday, December 07, 2001 02:03 PM
To: [EMAIL
[c0400202].
X-RBL-WARNING: Suspected SPAM; This E-mail has headers consistent with spam
[c0400202].
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue
Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.hm
-directories. Given the
frequence of file access/create/deletions, it may save some resources and
eliminates the need to define an alternate temp directory.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus
Those of us who are already running 1.34 - do we need to download a final
released version - or is the binary code the same between the 1.34 beta and
the 1.34 release?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned
Scott:
how is
XSPOOLNAME and XSENDER
in the VIRUS.CFG
different from
XINHEADER %QUEUENAME%
XINHEADER %MAILFROM%
in the GLOBAL.CFG
I never paid attention to the prior discussions, because I assumed these
options were redundant. Now that I see
AFTER the virus scanner - and thus would NOT be added if the
Virus Scanner detected an Virus and isolated the file.
I'm sure this was discussed at length - I'm just trying to figure out the
implications - if any.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue
Suite
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
off emails to the
abuse/postmaster addresses of the involved IP addresses. AND, it will
automatically detect new open relays and submit these IP addresses into the
open relay databases.
It's extra work for me - but at least I feel like I'm doing SOMETHING about
the problem.
Best Regards
Andy
The link hasn't been updated - but used the following URL:
http://www.declude.com/Release/145/Declude.exe
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf
I've been seeing a LOT of these today - McAfee is reporting:
05/24/2002 14:49:24 Q8b30116101a2dc6f Scanner 1: Virus= virus or variant
Suspicious IFrame-b !!! Attachment=[HTML segment] [0] I
05/24/2002 14:49:24 Q8b30116101a2dc6f Found a bogus .bat file
05/24/2002 14:49:24 Q8b30116101a2dc6f
of REVDNSEXISTS
I'm not saying one is better than the other - I just think for usability
reasons you shoulnd't look for consensus - but just implement ONE method and
stick to it.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message
Declude only uses the command line "on demand" scanner. Version 4.x with
the latest DAT files will continue to work.
I suspect, that are upgrading your desktop scanners to 6.0? Hopefully,
you can do that without effecting the command line scanner that is running on
your mail server?
Best
: [EMAIL PROTECTED] To:
[EMAIL PROTECTED]
I tried your body test and it did NOT catch that email! May be it will
catch the redistribution mails that are sent after a machine has caught the
worm.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
Actually - I simply included the Version tag in my Mail Headers - this way I
can see WHICH version handled an email - and, if I want to verify the
version from my desk, I just send myself an email.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED
John,
by the time these announcements are SENT, the new virus signatures are
already out.
I'm actually LESS concerned about .EXE files that are recognizable as .EXE
files - people seem to be VERY aware of the need NOT to run .EXE files. I'm
ONLY concerned about disguised .EXE files (that use
Title: Message
Hi
John,
I'm
not quite clear how this effects me (and others) as Declude
customers?
Did
you mean to send this to your own client list?
Best
RegardsAndy SchmidtArgos Networks600 East Crescent Avenue, Suite
203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-9411 x20
Oh yes - there is a NASTY new variant out:
http://vil.nai.com/vil/content/v_100358.htm
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM
Hm,
Did you remember to register that domain:
http://whois.iana.org/index.cgi
[whois.iana.org] - Domain vardas.int not found.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax
of the hourly virus
signatures from McAfee. These DailyUpdates very occasionally introduce a
bug in the scanner while they are trying to deal with a newly detected
virus. You could try to install a different DAT file to see if the problem
is related to that.
Best Regards
Andy Schmidt
HM Systems Software
Title: Message
Yes,
since 3 PM we have been catching one every few minutes.
Before
that, we were catching them as Sobig.C Variant starting around 1:30 PM Eastern
Time. Quiet before then.
Best
RegardsAndy SchmidtHM Systems Software, Inc.600 East Crescent
Avenue, Suite 203Upper Saddle
Hi,
Just as the last few times, this one was being caught by McAfee right from
the start. (It had been proactively detected for the last 10 weeks or so.)
I don't understand how other its gotten past Declude for other customers?
Every occurrence I've seen came from admin@ the user's domain and
Is there a way to have Declude Virus remove this instead of JM
Yes. Simply by keeping your virus scanner current.
Protection has been available since March 2003:
http://vil.nai.com/vil/content/v_99383.htm
Best Regards
Andy
---
[This E-mail was scanned for viruses by Declude Virus
I'm running McAfee NetShield on the servers, where I can exclude certain
folders, e.g., the Imail Spool folder tree.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201
Hi Scott:
I used McAfee and it started blocking it since 8:31 EDT (I pull in their
daily updates hourly).
08/19/2003 08:31:18 Q1893028b01baf614 Scanner 1: Virus= the W32/[EMAIL PROTECTED]
virus !!! Attachment=details.pif [11] I
08/19/2003 08:31:18 Q1893028b01baf614 Found a bogus .pif file
rejected.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
SDATDAILYrun.EXE /silent
copy SDATDAILYrun.EXE SDATDAILY.EXE
erase SDATDAILYrun.EXE
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com
Mc Afee was blocking Sobig.f as of 8:31 AM Eastern Time on my server
according to my Declude Log files before I read the first reports on this
list. Are your virus signatures up to date/hour.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle
Hi,
Is it just me, or is Sobig.F always adding the fake header:
X-MailScanner: Found to be clean
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E
I just checked - we caught 4,700 occurrences of this virus so far since
this morning at 8:31 AM EDT. This is by a huge margin the most aggressive
virus that I've ever observed.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail
Uh - thanks. I was afraid that there was some legitimate use for that line.
Darn.
Of course, you COULD change the header to use a different header name and/or
a slightly different message to distinguish your legitimate mails from the
virus generated ones.
Best Regards
Andy Schmidt
HM Systems
FWIW - I have have turned off the notifications for Sobig.F and it has been
working fine since this afternoon.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
, but I sent it with
regular mail as an attachment).
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message-
From
Okay, I'll donate some funds.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message-
From: [EMAIL PROTECTED
log analyzer to see if certain Ips are
suddenly sending thousands of emails per day - and then check the log if
it's just an Imail List Server loop.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto
In the Imail SMTP config screen.
However, IF you do that and you have a SECONDARY SMTP server, you need to
block there as well. Otherwise, they simply go to the backup SMTP and the
mail still ends up in your system.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201
scanner would be detecting that style virus preventively since
at least March 2003.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus
Hi Scott:
I had defined
WHITELIST ANYWHERE [EMAIL PROTECTED]
Yet, that only seems to whitelist messages coming FROM
[EMAIL PROTECTED] - all messages sent TO [EMAIL PROTECTED]
are not whitelisted:
09/19/2003 12:54:59 Q34e0014201a66fbf HELOBOGUS:3 HEUR10:4 WEIGHTFILTER:3 .
Total weight =
what it should have been from the
start.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message-
From: [EMAIL
Most likely Scott's machine to look up forging viruses.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED
Yawn...
I'm debating backing up all my info and running the exe just to see if
anything happens.
How about first searching the known viruses:
http://vil.nai.com/vil/content/v_100807.htm
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle
Hi,
I think that virtually all virus infected emails nowadays contain worth
preserving, because the only thing attached is the virus itself. Cleaning
would not accomplish anything - because after the cleaning there'd be
nothing left. (Sorry to disappoint you, but that virus email that claims
by an infected
computer).
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Saturday, December 27, 2003 02:27 AM
To: [EMAIL PROTECTED]
Subject
cases where I was able to pinpoint the infected workstation at one of
our regular trading partners just by seeing the reverse DNS.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Yep - just gone one. The readme.zip contains a readme.scr screen saver.
No doubt a virus.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Monday, January 26, 2004 04:34 PM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] New,
Hm - just got this mail with an attached README.ZIP (which I didn't open):
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Monday, January 26, 2004 04:32 PM
Subject:
The message contains Unicode characters and has been sent as a binary
attachment.
-Original Message-
Title: Message
Yes,
since 5 PM. They do have an "extra.dat" - or just get the "dailydats" which are
updated many times daily.
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL
Title: Message
Have
you told your scanner to scan inside zip files?
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Kami RazvanSent: Monday, January 26,
Title: Message
Hi
Scott:
Here a log
entry.
Notice how
Dynamic-IP and Open-Relay were both triggered. Dynamic-IP is a TestsFailed
Contains filter for 4 different DUL/DYNA/DUHL test (each individual test has a
weight=0). Those tests do not show up in the first log line (since their
tests
Title: Message
Other
than the firewall/router - doesn't their SMTP server application(e.g.,
like IIS) have the ability to restrict inbound connections to certain IP
ranges.
We
hada similar issue with one of my relay customers - and we just defined
IIS SMTP to only accept mail from my
was received and before Declude gets a chance to lock the file
then, by chance a Queue run can get inbetween and process the Q/D file.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business
Yes, McAfee sometimes inserts a the into their report
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message
Hm,
I recommend AGAINST the Found the.
McAfee is inconsistent in prepending the the, examples from today:
Scanner 1: Virus= application Exploit-MIME.gen.c. Attachment=[HTML segment]
[17] I
Scanner 1: Virus= the W32/[EMAIL PROTECTED] Attachment=report01.zip [17] I
Best Regards
Andy Schmidt
HM
PROTECTED]
[outgoing from 65.118.130.2]
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message-
From: [EMAIL
data. So, by design, these formats are intended to have variable
amounts of information piggy-bagged to the actual picture.
I guess someone figured out how to use a buffer overrun to overlay portions
of the stack in the application.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East
.)
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED
you
for updating the documentation (if I understand the other customers
correctly.)
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com
Title: Message
Hi,
there is a slight error on the
"download" page for your registered customers:
Both "down" arrow buttons link to the
"automatic install" executable.
Only the "manual install" TEXT link
actually downloads the zip file.
Use of Version 1.81 requires a Valid Service
Title: Message
Ouch - even worse, note that the GRAPHICAL buttons link to version 1.80 -
only the text buttons link to Version 1.81! Seems like someone was in a
rush?
Everyone better check what they
downloaded - if you clicked on the graphics, you are running a BAD
release.
TR TD
Yes, at $6,000 per year (or something like that) plus they force the
Symantec Anti-Virus on you (to justify the increase.)
Forget about it.
Best Regards
Andy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John David M. Miller
Sent: Tuesday, October
, because SMTP, POP and IMAP support will always be the
core services.
No - this is clearly motivated by money. They decided getting 4 to 10 times
the money from half the people is still more profitable.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
Title: Message
I got
his announcement and have been running some reports. Looks
encouraging!
-Original
Message-Subject:DLAnalyzer 4.0 Customer Pre-Release Is Now
Available.
We are making available to our
customers a pre-release version of DLAnalyzer 4.0. With version 4.0 we have
in the dark.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Greg Hedgepath
Sent: Wednesday, December 22, 2004 09:06 AM
To: Declude.Virus@declude.com
Subject: Re
and that CPHZ needs to do a better job of
customer communications and relations.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of
Keith Johnson
Sent: Thursday, December
hope that Barry recognizes the need that ALL customers need
to know enough about the procedures to regain (!) MY level of comfort and
confidence in the company and the product.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message
Just got that one - attached was a WindowsUpdate.rar, 43 KB.
-Original Message-
From: Microsoft INC [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 26, 2005 09:15 PM
To: [EMAIL PROTECTED]
Subject: MS Windows/Critical Error
Dear Sir/Madam,
We kindly ask you to install this update to
* Kind of like that popular email joke Mac|*nix|OS/2 self-inflicted virus
(please install this virus manually).
I know this as the Amish Virus - where you are prompted to please copy the
virus to diskette and walk it over to a neighbor's mailbox.
Best Regards
Andy
---
[This E-mail was
Hi,
McAfee calls this one:
- Generic!rar
- PWS-Goldun.dr
An Extra.dat is available.
Best Regards
Andy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL
Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
Hm,
It isn't gonna happen, unless rarsoft sells to winzip.
I'm not sure if this it legit:
http://www.rarlab.com/rar_add.htm
But it appears that unrar source code, DLLs etc are readily available to
software developers?
(Even if it was not, Winzip already has command line links for some of the
Hm,
http://www.rarreg.com/licence.php
No person or company may distribute separate parts of the package
== with the exception of the UnRAR components ==,
without written permission of the copyright owner.
So - it looks as if it's an open license for the UnRAR components - and only
the
1.82 will treat encrypted .RAR files the same as encrypted .ZIP files,
and will block banned file extensions in .RAR files the same way as it
blocks banned file extensions in .ZIP files.
Beautiful!
Now we just need McAfee to scan inside RAR files G
(Globally banning zipped .EXE files is not
Another variation - came with a foto.rar attachment.
Received: from host46.ipowerweb.com [66.235.216.140] by hm-software.com
(SMTPD32-8.14) id A70B620D0124; Fri, 28 Jan 2005 14:48:27 -0500
Received: from riqotscr (168.113.230.53)
by host46.ipowerweb.com; Fri, 28 Jan 2005 11:48:22 -0800
PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Andy Schmidt
Sent: Thursday, January 27, 2005 6:27 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] RAR Support - why not?
1.82 will treat encrypted .RAR files the same as encrypted .ZIP
files,
and will block banned file
I may have to start doing that. I used to be able to keep 30 days of logs -
but volume, dictionary attacks and SPAM volume are making it increasingly
difficult.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1
McAfee calls it: MultiDropper-IY
an Extra.dat is available.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt
Sent: Friday, January 28, 2005 04:39 PM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Foto.rar
Another variation - came
and with
viruses but not withBanned file extensions.
- Original Message -
From:
Andy Schmidt
To: Declude.Virus@declude.com
Sent: Wednesday, March 16, 2005 11:38
AM
Subject: RE: [Declude.Virus] Spam .com
files being blocked.
Hm
and propagate the
information.
As you say - it's absolutely necessary (and proper) to run your own DNS to
avoid trouble with upstream providers.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto
Deleting E-mail with virus!
04/15/2005 16:43:42 Q275DA0790152A6BF Scanned: CONTAINS A VIRUS [MIME: 2
19430]
04/15/2005 16:43:42 Q275DA0790152A6BF From: [Forged] To: [EMAIL PROTECTED]
[incoming from 207.30.155.52]
04/15/2005 16:43:42 Q275DA0790152A6BF Subject:
Best Regards
Andy Schmidt
Phone: +1
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, May 02, 2005 04:36 PM
Subject: AVERT Medium Threat Advisory for Home Users Only: W32/[EMAIL PROTECTED]
Advisory
This is a Medium Threat Advisory for W32/[EMAIL PROTECTED] for Home Users Only.
Justification
W32/[EMAIL PROTECTED] has
Title: Message
Yep, that same happened with their hardware raid-1 on an ML
530 (a pretty up-scale server). Had one bad drive (apparently) and the
controller managed to wipe out the complete string. The other controller
channel was unaffected.
I'm pretty certain, I've see this happen twice
certain vulerabilities, just
because they only occur very rarely.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: Nick FitzGerald [mailto:[EMAIL PROTECTED]
Sent: Sunday, May 29, 2005 9:31 AM
To: Bugtraq@securityfocus.com
Title: Message
Hi
Goran:
The
"cc:" information is part of the (spoofable) SMTP header - the "bcc:" is not
ANYWHERE.
The
only entitythat knows about the "bcc"s is the sending mail sever, it will
simply distribute the message to anyone in the bcc and cc header. To each BCC or
CC
Title: Message
Uh - thanks - got it. Now that I read how you phrased
the question I see how the original poster meant it.
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan
HorneSent:
How do you prevent DoS attacks by someone sending a 405 MB
attachment 100 times to a list of 10 cc's over a weekend, when it's likely not
to be read?
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Can you wait 7 minutes?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Friday, September 09, 2005 02:09 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Sudden Internet Slowdown
Since when is Maine no longer in
class
of machines is only working with a bandage.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Thursday, September 22, 2005 12:28 PM
give it try to
see if I get lucky.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bill Billman
Sent: Thursday, September 22, 2005 08:44 PM
To: Declude.Virus
process doesn't handle that error condition
right - who knows.)
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer
Sent: Friday, September 23, 2005 08
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Subject: AVERT Medium Threat Advisory: W32/[EMAIL PROTECTED]
Advisory
This is a Medium Threat Advisory for W32/[EMAIL PROTECTED]
Justification
W32/[EMAIL PROTECTED] has been deemed Medium due to prevalence.
Read
Hi David:
Thanks for acknowledging the hardware
problem.
However, I don't think anyone here really would be too
upset about hardware problems on your end - if it didn't uncover what appears to
be a HUGE software problem? It's the DecludeSOFTWARE that
deactivates/downgrades itself, if we
Has anyone figured out yet WHAT exactly Declude 4.0
IS?
I'm looking around on the web site (figured, it's been days
since I receive the notice that it's available), but I still haven't seen
anything on the web site that tells me what my extra money would be buying - or,
what it is I'd be
Hi Kevin,
I understand what you're saying- you believe Declude
4.0 is really just a"Declude 3.x Suite" vs. the Declude 3.x "legacy
products".New customers can only purchase the Suite, while old customers
will continue to upgrade their individual products. The code base is the
same.
In
Clear enough for me.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry Simpson
Sent: Sunday, February 12, 2006 03:26 PM
To: Declude.Virus@declude.com
Subject
Example attached (sorry, German/English in this case).
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
Sent: Thursday, February 23, 2006 02:12 PM
Hi,
I kill most of the incoming mail (with help of Sniffer).
I've never seen a complaint by an innocent users, but occasionally educate a
corporate end user or manager about the incompetence of his/her I/S
department.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1
1 - 100 of 177 matches
Mail list logo