RE: [Declude.Virus] New W32/Goner-A virus

2001-12-04 Thread Andy Schmidt
http://www.mcafee.com/anti-virus/viruses/goner/default.asp?cid=2636 scroll down and follow the link to download the EXTRA.DAT. That's how McAfee handled last-minute updates. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul Ingram Sent: Tuesday,

[Declude.Virus] FW: EXTRA.DAT link

2001-12-04 Thread Andy Schmidt
I removed the EXTRA.DAT for copyright reasons - and it's available online for download. But you may find the document helpful. -Original Message- From: Virus Research [mailto:[EMAIL PROTECTED]] Network Associates McAfee AVERT, UK A Division of Network Associates UK, Aylesbury Customer

RE: [Declude.Virus] MISSING_REVERSE_DNS:Goner and/or PWS-gen.Hooker?

2001-12-06 Thread Andy Schmidt
The virus engines have updated the naming conventions to reflect the actual payload in the BadTrans virus - there is two entirely different trojan horses, each with a distinct name and both are equally scary in their capabilties. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

RE: [Declude.Virus] Ban Notify

2001-12-07 Thread Andy Schmidt
For the BANnotify that is true. But for a Virus Notify (same feature), the FULLMSG could contain an HTML virus in the body of the message? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mike Watchman Sent: Friday, December 07, 2001 02:03 PM To: [EMAIL

[Declude.Virus] Header.PHP broken?

2001-12-07 Thread Andy Schmidt
[c0400202]. X-RBL-WARNING: Suspected SPAM; This E-mail has headers consistent with spam [c0400202]. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.hm

RE: [Declude.Virus] Declude v1.30 released (beta)

2001-12-18 Thread Andy Schmidt
-directories. Given the frequence of file access/create/deletions, it may save some resources and eliminates the need to define an alternate temp directory. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus

RE: [Declude.Virus] Declude JunkMail v1.34 released

2002-01-21 Thread Andy Schmidt
Those of us who are already running 1.34 - do we need to download a final released version - or is the binary code the same between the 1.34 beta and the 1.34 release? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned

RE: [Declude.Virus] Declude v1.41 released

2002-02-27 Thread Andy Schmidt
Scott: how is XSPOOLNAME and XSENDER in the VIRUS.CFG different from XINHEADER %QUEUENAME% XINHEADER %MAILFROM% in the GLOBAL.CFG I never paid attention to the prior discussions, because I assumed these options were redundant. Now that I see

RE: [Declude.Virus] Declude v1.41 released

2002-02-27 Thread Andy Schmidt
AFTER the virus scanner - and thus would NOT be added if the Virus Scanner detected an Virus and isolated the file. I'm sure this was discussed at length - I'm just trying to figure out the implications - if any. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue Suite

[Declude.Virus] Why NOT let us reject possible disguised viruses?

2002-03-08 Thread Andy Schmidt
Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe

RE: [Declude.Virus] Identifying the right postmaster to sendvirus notifications to

2002-03-08 Thread Andy Schmidt
off emails to the abuse/postmaster addresses of the involved IP addresses. AND, it will automatically detect new open relays and submit these IP addresses into the open relay databases. It's extra work for me - but at least I feel like I'm doing SOMETHING about the problem. Best Regards Andy

Re: [Declude.Virus] Declude v1.45 released

2002-03-19 Thread Andy Schmidt
The link hasn't been updated - but used the following URL: http://www.declude.com/Release/145/Declude.exe Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf

[Declude.Virus] New Virus?

2002-05-24 Thread Andy Schmidt
I've been seeing a LOT of these today - McAfee is reporting: 05/24/2002 14:49:24 Q8b30116101a2dc6f Scanner 1: Virus= virus or variant Suspicious IFrame-b !!! Attachment=[HTML segment] [0] I 05/24/2002 14:49:24 Q8b30116101a2dc6f Found a bogus .bat file 05/24/2002 14:49:24 Q8b30116101a2dc6f

RE: [Declude.Virus] New Virus?

2002-05-24 Thread Andy Schmidt
Okay, then it's McAfee testing a new variant. It's caught by their daily update files which are refreshed every few hours. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax

RE: [Declude.Virus] Something wrong?

2002-06-26 Thread Andy Schmidt
of REVDNSEXISTS I'm not saying one is better than the other - I just think for usability reasons you shoulnd't look for consensus - but just implement ONE method and stick to it. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message

RE: [Declude.Virus] Virus software

2002-07-15 Thread Andy Schmidt
Declude only uses the command line "on demand" scanner. Version 4.x with the latest DAT files will continue to work. I suspect, that are upgrading your desktop scanners to 6.0? Hopefully, you can do that without effecting the command line scanner that is running on your mail server? Best

RE: [Declude.Virus] E-card email

2002-11-11 Thread Andy Schmidt
: [EMAIL PROTECTED] To: [EMAIL PROTECTED] I tried your body test and it did NOT catch that email! May be it will catch the redistribution mails that are sent after a machine has caught the worm. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206

RE: [Declude.Virus] installed.bin

2002-11-22 Thread Andy Schmidt
Actually - I simply included the Version tag in my Mail Headers - this way I can see WHICH version handled an email - and, if I want to verify the version from my desk, I just send myself an email. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206

RE: [Declude.Virus] list of Forging Viruses

2002-12-02 Thread Andy Schmidt
Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED

Re: [Declude.Virus] New Virus: Holar

2002-12-05 Thread Andy Schmidt
John, by the time these announcements are SENT, the new virus signatures are already out. I'm actually LESS concerned about .EXE files that are recognizable as .EXE files - people seem to be VERY aware of the need NOT to run .EXE files. I'm ONLY concerned about disguised .EXE files (that use

RE: [Declude.Virus] FIVETENDUL:Important Announcement, eServices For you!

2003-03-27 Thread Andy Schmidt
Title: Message Hi John, I'm not quite clear how this effects me (and others) as Declude customers? Did you mean to send this to your own client list? Best RegardsAndy SchmidtArgos Networks600 East Crescent Avenue, Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-9411 x20

RE: [Declude.Virus] [OT]: BugBear

2003-06-06 Thread Andy Schmidt
Oh yes - there is a NASTY new variant out: http://vil.nai.com/vil/content/v_100358.htm Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM

RE: [Declude.Virus] Could not find report file

2003-05-27 Thread Andy Schmidt
Hm, Did you remember to register that domain: http://whois.iana.org/index.cgi [whois.iana.org] - Domain vardas.int not found. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax

RE: [Declude.Virus] Scanner performance difference

2003-06-13 Thread Andy Schmidt
of the hourly virus signatures from McAfee. These DailyUpdates very occasionally introduce a bug in the scanner while they are trying to deal with a newly detected virus. You could try to install a different DAT file to see if the problem is related to that. Best Regards Andy Schmidt HM Systems Software

RE: [Declude.Virus] SoBig.E

2003-06-25 Thread Andy Schmidt
Title: Message Yes, since 3 PM we have been catching one every few minutes. Before that, we were catching them as Sobig.C Variant starting around 1:30 PM Eastern Time. Quiet before then. Best RegardsAndy SchmidtHM Systems Software, Inc.600 East Crescent Avenue, Suite 203Upper Saddle

RE: [Declude.Virus] Message.zip possible virus

2003-08-01 Thread Andy Schmidt
Hi, Just as the last few times, this one was being caught by McAfee right from the start. (It had been proactively detected for the last 10 weeks or so.) I don't understand how other its gotten past Declude for other customers? Every occurrence I've seen came from admin@ the user's domain and

RE: [Declude.Virus] M e s s a g e . z i p possible virus

2003-08-01 Thread Andy Schmidt
Is there a way to have Declude Virus remove this instead of JM Yes. Simply by keeping your virus scanner current. Protection has been available since March 2003: http://vil.nai.com/vil/content/v_99383.htm Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus

RE: [Declude.Virus] Infected Server

2003-08-07 Thread Andy Schmidt
I'm running McAfee NetShield on the servers, where I can exclude certain folders, e.g., the Imail Spool folder tree. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201

RE: [Declude.Virus] SoBig.F

2003-08-19 Thread Andy Schmidt
Hi Scott: I used McAfee and it started blocking it since 8:31 EDT (I pull in their daily updates hourly). 08/19/2003 08:31:18 Q1893028b01baf614 Scanner 1: Virus= the W32/[EMAIL PROTECTED] virus !!! Attachment=details.pif [11] I 08/19/2003 08:31:18 Q1893028b01baf614 Found a bogus .pif file

RE: [Declude.Virus] SoBig F

2003-08-19 Thread Andy Schmidt
rejected. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

RE: [Declude.Virus] How to Get McAfee Daily Updates

2003-08-19 Thread Andy Schmidt
SDATDAILYrun.EXE /silent copy SDATDAILYrun.EXE SDATDAILY.EXE erase SDATDAILYrun.EXE Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com

RE: [Declude.Virus] Sobig.F

2003-08-19 Thread Andy Schmidt
Mc Afee was blocking Sobig.f as of 8:31 AM Eastern Time on my server according to my Declude Log files before I read the first reports on this list. Are your virus signatures up to date/hour. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle

[Declude.Virus] Sobig - Easy to Detect?

2003-08-19 Thread Andy Schmidt
Hi, Is it just me, or is Sobig.F always adding the fake header: X-MailScanner: Found to be clean Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E

RE: [Declude.Virus] Sobig.f

2003-08-19 Thread Andy Schmidt
I just checked - we caught 4,700 occurrences of this virus so far since this morning at 8:31 AM EDT. This is by a huge margin the most aggressive virus that I've ever observed. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail

RE: [Declude.Virus] X-MailScanner line

2003-08-20 Thread Andy Schmidt
Uh - thanks. I was afraid that there was some legitimate use for that line. Darn. Of course, you COULD change the header to use a different header name and/or a slightly different message to distinguish your legitimate mails from the virus generated ones. Best Regards Andy Schmidt HM Systems

RE: [Declude.Virus] Skipping Sobig.F virus notifications

2003-08-20 Thread Andy Schmidt
FWIW - I have have turned off the notifications for Sobig.F and it has been working fine since this afternoon. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf

RE: [Declude.Virus] How to Get McAfee Daily Updates

2003-08-21 Thread Andy Schmidt
, but I sent it with regular mail as an attachment). Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From

RE: [Declude.Virus] Sobig, the next wave?

2003-08-27 Thread Andy Schmidt
Okay, I'll donate some funds. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED

RE: [Declude.Virus] Sobig vs. Imail List Server - Huge Log Files

2003-08-27 Thread Andy Schmidt
log analyzer to see if certain Ips are suddenly sending thousands of emails per day - and then check the log if it's just an Imail List Server loop. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto

RE: [Declude.Virus] Blocking IPs

2003-08-30 Thread Andy Schmidt
In the Imail SMTP config screen. However, IF you do that and you have a SECONDARY SMTP server, you need to block there as well. Otherwise, they simply go to the backup SMTP and the mail still ends up in your system. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201

RE: [Declude.Virus] W32.Neroma@mm virus in .jpg?

2003-09-06 Thread Andy Schmidt
scanner would be detecting that style virus preventively since at least March 2003. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus

[Declude.Virus] WHITELIST ANYWHERE not working?

2003-09-19 Thread Andy Schmidt
Hi Scott: I had defined WHITELIST ANYWHERE [EMAIL PROTECTED] Yet, that only seems to whitelist messages coming FROM [EMAIL PROTECTED] - all messages sent TO [EMAIL PROTECTED] are not whitelisted: 09/19/2003 12:54:59 Q34e0014201a66fbf HELOBOGUS:3 HEUR10:4 WEIGHTFILTER:3 . Total weight =

RE: [Declude.Virus] WHITELIST ANYWHERE not working?

2003-09-19 Thread Andy Schmidt
what it should have been from the start. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL

RE: [Declude.Virus] Nameserver 24.107.232.14

2003-10-23 Thread Andy Schmidt
Most likely Scott's machine to look up forging viruses. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message

RE: [Declude.Virus] New Virus - MiMail.C - just get current virus signatures!

2003-10-31 Thread Andy Schmidt
Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED

RE: [Declude.Virus] Something interesting..

2003-11-07 Thread Andy Schmidt
Yawn... I'm debating backing up all my info and running the exe just to see if anything happens. How about first searching the known viruses: http://vil.nai.com/vil/content/v_100807.htm Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle

RE: [Declude.Virus] McAfee and /clean

2003-12-03 Thread Andy Schmidt
Hi, I think that virtually all virus infected emails nowadays contain worth preserving, because the only thing attached is the virus itself. Cleaning would not accomplish anything - because after the cleaning there'd be nothing left. (Sorry to disappoint you, but that virus email that claims

RE: [Declude.Virus] Request

2003-12-27 Thread Andy Schmidt
by an infected computer). Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Saturday, December 27, 2003 02:27 AM To: [EMAIL PROTECTED] Subject

RE: [Declude.Virus] Request

2003-12-27 Thread Andy Schmidt
cases where I was able to pinpoint the infected workstation at one of our regular trading partners just by seeing the reverse DNS. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

RE: [Declude.Virus] New, fast-spreading virus

2004-01-26 Thread Andy Schmidt
Yep - just gone one. The readme.zip contains a readme.scr screen saver. No doubt a virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 04:34 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New,

RE: [Declude.Virus] New, fast-spreading virus

2004-01-26 Thread Andy Schmidt
Hm - just got this mail with an attached README.ZIP (which I didn't open): From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, January 26, 2004 04:32 PM Subject: The message contains Unicode characters and has been sent as a binary attachment. -Original Message-

RE: [Declude.Virus] MyDoom and Mcafee

2004-01-26 Thread Andy Schmidt
Title: Message Yes, since 5 PM. They do have an "extra.dat" - or just get the "dailydats" which are updated many times daily. Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL

RE: [Declude.Virus] Incredible.. W32/Mydoom.A@mm

2004-01-26 Thread Andy Schmidt
Title: Message Have you told your scanner to scan inside zip files? Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami RazvanSent: Monday, January 26,

[Declude.Virus] Weird Log Files With TESTSFAILED CONTAINS feature

2004-02-20 Thread Andy Schmidt
Title: Message Hi Scott: Here a log entry. Notice how Dynamic-IP and Open-Relay were both triggered. Dynamic-IP is a TestsFailed Contains filter for 4 different DUL/DYNA/DUHL test (each individual test has a weight=0). Those tests do not show up in the first log line (since their tests

RE: [Declude.Virus] Virus bypassing newer MX records

2004-06-15 Thread Andy Schmidt
Title: Message Other than the firewall/router - doesn't their SMTP server application(e.g., like IIS) have the ability to restrict inbound connections to certain IP ranges. We hada similar issue with one of my relay customers - and we just defined IIS SMTP to only accept mail from my

RE: [Declude.Virus] Virus bypassing newer MX records

2004-06-15 Thread Andy Schmidt
was received and before Declude gets a chance to lock the file then, by chance a Queue run can get inbetween and process the Q/D file. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business

RE: [Declude.Virus] Extra the in the log file

2004-07-23 Thread Andy Schmidt
Yes, McAfee sometimes inserts a the into their report Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message

RE: [Declude.Virus] Extra the in the log file

2004-07-23 Thread Andy Schmidt
Hm, I recommend AGAINST the Found the. McAfee is inconsistent in prepending the the, examples from today: Scanner 1: Virus= application Exploit-MIME.gen.c. Attachment=[HTML segment] [17] I Scanner 1: Virus= the W32/[EMAIL PROTECTED] Attachment=report01.zip [17] I Best Regards Andy Schmidt HM

RE: [Declude.Virus] strange zip file

2004-08-09 Thread Andy Schmidt
PROTECTED] [outgoing from 65.118.130.2] Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL

RE: [Declude.Virus] Microsoft GDI+ Security Update

2004-09-15 Thread Andy Schmidt
data. So, by design, these formats are intended to have variable amounts of information piggy-bagged to the actual picture. I guess someone figured out how to use a buffer overrun to overlay portions of the stack in the application. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East

RE: [Declude.Virus] Fprot GDI Scanner lines.

2004-09-27 Thread Andy Schmidt
.) Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED

RE: [Declude.Virus] Mysterious

2004-09-27 Thread Andy Schmidt
you for updating the documentation (if I understand the other customers correctly.) Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com

RE: [Declude.Virus] Declude Release 1.81 - Error on Web Site

2004-10-01 Thread Andy Schmidt
Title: Message Hi, there is a slight error on the "download" page for your registered customers: Both "down" arrow buttons link to the "automatic install" executable. Only the "manual install" TEXT link actually downloads the zip file. Use of Version 1.81 requires a Valid Service

RE: [Declude.Virus] Declude Release 1.81 - Error on Web Site

2004-10-01 Thread Andy Schmidt
Title: Message DC, may be my HTMLhas gotten a little rusty- but I think viewing the source will settle the argument: TR TD width=74A href="">http://www.declude.com/version/180/Declude_Setup.exe"STRONGIMG height=50

[Declude.Virus] Declude Release 1.81 - Error on Web Site

2004-10-01 Thread Andy Schmidt
Title: Message Ouch - even worse, note that the GRAPHICAL buttons link to version 1.80 - only the text buttons link to Version 1.81! Seems like someone was in a rush? Everyone better check what they downloaded - if you clicked on the graphics, you are running a BAD release. TR TD

RE: re[2]: [Declude.Virus] Fw: Ipswitch Service Agreement Status

2004-10-26 Thread Andy Schmidt
Yes, at $6,000 per year (or something like that) plus they force the Symantec Anti-Virus on you (to justify the increase.) Forget about it. Best Regards Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John David M. Miller Sent: Tuesday, October

RE: [Declude.Virus] Scott, what is our future?

2004-10-27 Thread Andy Schmidt
, because SMTP, POP and IMAP support will always be the core services. No - this is clearly motivated by money. They decided getting 4 to 10 times the money from half the people is still more profitable. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206

[Declude.Virus] Declude Virus Log Analyzer

2004-12-01 Thread Andy Schmidt
Title: Message I got his announcement and have been running some reports. Looks encouraging! -Original Message-Subject:DLAnalyzer 4.0 Customer Pre-Release Is Now Available. We are making available to our customers a pre-release version of DLAnalyzer 4.0. With version 4.0 we have

RE: [Declude.Virus] Upgrade issues

2004-12-22 Thread Andy Schmidt
in the dark. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Hedgepath Sent: Wednesday, December 22, 2004 09:06 AM To: Declude.Virus@declude.com Subject: Re

RE: [Declude.Virus] Declude Licensing codes

2004-12-23 Thread Andy Schmidt
and that CPHZ needs to do a better job of customer communications and relations. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Thursday, December

RE: [Declude.Virus] Declude Licensing codes

2004-12-23 Thread Andy Schmidt
hope that Barry recognizes the need that ALL customers need to know enough about the procedures to regain (!) MY level of comfort and confidence in the company and the product. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message

[Declude.Virus] FW: MS Windows/Critical Error

2005-01-26 Thread Andy Schmidt
Just got that one - attached was a WindowsUpdate.rar, 43 KB. -Original Message- From: Microsoft INC [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 26, 2005 09:15 PM To: [EMAIL PROTECTED] Subject: MS Windows/Critical Error Dear Sir/Madam, We kindly ask you to install this update to

RE: [Declude.Virus] FW: MS Windows/Critical Error

2005-01-26 Thread Andy Schmidt
* Kind of like that popular email joke Mac|*nix|OS/2 self-inflicted virus (please install this virus manually). I know this as the Amish Virus - where you are prompted to please copy the virus to diskette and walk it over to a neighbor's mailbox. Best Regards Andy --- [This E-mail was

RE: [Declude.Virus] FW: MS Windows/Critical Error

2005-01-26 Thread Andy Schmidt
Hi, McAfee calls this one: - Generic!rar - PWS-Goldun.dr An Extra.dat is available. Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL

RE: [Declude.Virus] FW: MS Windows/Critical Error

2005-01-27 Thread Andy Schmidt
Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type

RE: [Declude.Virus] RAR Support - why not?

2005-01-27 Thread Andy Schmidt
Hm, It isn't gonna happen, unless rarsoft sells to winzip. I'm not sure if this it legit: http://www.rarlab.com/rar_add.htm But it appears that unrar source code, DLLs etc are readily available to software developers? (Even if it was not, Winzip already has command line links for some of the

RE: [Declude.Virus] RAR Support - why not?

2005-01-27 Thread Andy Schmidt
Hm, http://www.rarreg.com/licence.php No person or company may distribute separate parts of the package == with the exception of the UnRAR components ==, without written permission of the copyright owner. So - it looks as if it's an open license for the UnRAR components - and only the

RE: [Declude.Virus] RAR Support - why not?

2005-01-27 Thread Andy Schmidt
1.82 will treat encrypted .RAR files the same as encrypted .ZIP files, and will block banned file extensions in .RAR files the same way as it blocks banned file extensions in .ZIP files. Beautiful! Now we just need McAfee to scan inside RAR files G (Globally banning zipped .EXE files is not

[Declude.Virus] Foto.rar

2005-01-28 Thread Andy Schmidt
Another variation - came with a foto.rar attachment. Received: from host46.ipowerweb.com [66.235.216.140] by hm-software.com (SMTPD32-8.14) id A70B620D0124; Fri, 28 Jan 2005 14:48:27 -0500 Received: from riqotscr (168.113.230.53) by host46.ipowerweb.com; Fri, 28 Jan 2005 11:48:22 -0800

RE: [Declude.Virus] RAR Support - why not?

2005-01-28 Thread Andy Schmidt
PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, January 27, 2005 6:27 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] RAR Support - why not? 1.82 will treat encrypted .RAR files the same as encrypted .ZIP files, and will block banned file

RE: [Declude.Virus] RAR Support - why not?

2005-01-28 Thread Andy Schmidt
I may have to start doing that. I used to be able to keep 30 days of logs - but volume, dictionary attacks and SPAM volume are making it increasingly difficult. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1

RE: [Declude.Virus] Foto.rar

2005-01-28 Thread Andy Schmidt
McAfee calls it: MultiDropper-IY an Extra.dat is available. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, January 28, 2005 04:39 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Foto.rar Another variation - came

RE: [Declude.Virus] Spam .com files being blocked.

2005-03-16 Thread Andy Schmidt
and with viruses but not withBanned file extensions. - Original Message - From: Andy Schmidt To: Declude.Virus@declude.com Sent: Wednesday, March 16, 2005 11:38 AM Subject: RE: [Declude.Virus] Spam .com files being blocked. Hm

RE: [Declude.Virus] Covad has a problem with our RBL

2005-03-31 Thread Andy Schmidt
and propagate the information. As you say - it's absolutely necessary (and proper) to run your own DNS to avoid trouble with upstream providers. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto

[Declude.Virus] Attachment=[Unknown: Err] ?

2005-04-15 Thread Andy Schmidt
Deleting E-mail with virus! 04/15/2005 16:43:42 Q275DA0790152A6BF Scanned: CONTAINS A VIRUS [MIME: 2 19430] 04/15/2005 16:43:42 Q275DA0790152A6BF From: [Forged] To: [EMAIL PROTECTED] [incoming from 207.30.155.52] 04/15/2005 16:43:42 Q275DA0790152A6BF Subject: Best Regards Andy Schmidt Phone: +1

[Declude.Virus] AVERT Medium Threat Advisory for Home Users Only: W32/Sober.p@MM

2005-05-02 Thread Andy Schmidt
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, May 02, 2005 04:36 PM Subject: AVERT Medium Threat Advisory for Home Users Only: W32/[EMAIL PROTECTED] Advisory This is a Medium Threat Advisory for W32/[EMAIL PROTECTED] for Home Users Only. Justification W32/[EMAIL PROTECTED] has

RE: [Declude.Virus] EXITSCANONVIRUS

2005-05-30 Thread Andy Schmidt
Title: Message Yep, that same happened with their hardware raid-1 on an ML 530 (a pretty up-scale server). Had one bad drive (apparently) and the controller managed to wipe out the complete string. The other controller channel was unaffected. I'm pretty certain, I've see this happen twice

[Declude.Virus] MS05-16 Exploit

2005-05-31 Thread Andy Schmidt
certain vulerabilities, just because they only occur very rarely. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: Nick FitzGerald [mailto:[EMAIL PROTECTED] Sent: Sunday, May 29, 2005 9:31 AM To: Bugtraq@securityfocus.com

RE: [Declude.Virus] .EML file syntax

2005-05-31 Thread Andy Schmidt
Title: Message Hi Goran: The "cc:" information is part of the (spoofable) SMTP header - the "bcc:" is not ANYWHERE. The only entitythat knows about the "bcc"s is the sending mail sever, it will simply distribute the message to anyone in the bcc and cc header. To each BCC or CC

RE: [Declude.Virus] .EML file syntax

2005-06-01 Thread Andy Schmidt
Title: Message Uh - thanks - got it. Now that I read how you phrased the question I see how the original poster meant it. Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan HorneSent:

RE: [Declude.Virus] Limit Size of message to be scanned?

2005-07-08 Thread Andy Schmidt
How do you prevent DoS attacks by someone sending a 405 MB attachment 100 times to a list of 10 cc's over a weekend, when it's likely not to be read? Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On

RE: [Declude.Virus] Sudden Internet Slowdown

2005-09-09 Thread Andy Schmidt
Can you wait 7 minutes? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, September 09, 2005 02:09 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Sudden Internet Slowdown Since when is Maine no longer in

RE: [Declude.Virus] Declude Beta 3.0.4.4 Posted

2005-09-22 Thread Andy Schmidt
class of machines is only working with a bandage. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, September 22, 2005 12:28 PM

RE: [Declude.Virus] Declude Beta 3.0.4.4 Posted

2005-09-22 Thread Andy Schmidt
give it try to see if I get lucky. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Billman Sent: Thursday, September 22, 2005 08:44 PM To: Declude.Virus

RE: [Declude.Virus] Declude Beta 3.0.4.4 Posted

2005-09-23 Thread Andy Schmidt
process doesn't handle that error condition right - who knows.) Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Friday, September 23, 2005 08

[Declude.Virus] FW: AVERT Medium Threat Advisory: W32/[EMAIL PROTECTED]

2005-10-05 Thread Andy Schmidt
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: AVERT Medium Threat Advisory: W32/[EMAIL PROTECTED] Advisory This is a Medium Threat Advisory for W32/[EMAIL PROTECTED] Justification W32/[EMAIL PROTECTED] has been deemed Medium due to prevalence. Read

[Declude.Virus] Hardware Issue -- NOT!

2005-12-26 Thread Andy Schmidt
Hi David: Thanks for acknowledging the hardware problem. However, I don't think anyone here really would be too upset about hardware problems on your end - if it didn't uncover what appears to be a HUGE software problem? It's the DecludeSOFTWARE that deactivates/downgrades itself, if we

RE: [Declude.Virus] Changes @ Declude

2006-02-10 Thread Andy Schmidt
Has anyone figured out yet WHAT exactly Declude 4.0 IS? I'm looking around on the web site (figured, it's been days since I receive the notice that it's available), but I still haven't seen anything on the web site that tells me what my extra money would be buying - or, what it is I'd be

RE: [Declude.Virus] Changes @ Declude

2006-02-10 Thread Andy Schmidt
Hi Kevin, I understand what you're saying- you believe Declude 4.0 is really just a"Declude 3.x Suite" vs. the Declude 3.x "legacy products".New customers can only purchase the Suite, while old customers will continue to upgrade their individual products. The code base is the same. In

RE: [Declude.Virus] Changes @ Declude

2006-02-12 Thread Andy Schmidt
Clear enough for me. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Simpson Sent: Sunday, February 12, 2006 03:26 PM To: Declude.Virus@declude.com Subject

  1   2   >