Understood...thanks, anyway.
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, January 25, 2004 10:43 AM
Subject: Re: [Declude.Virus] NOLEGITCONTENT
Can you tell us what things the test checks for? That might help us fine
tune
Hi Andy,
Not sure if you got a reply...but you need to set
Declude Virus LogLevel to MID. It's in the Readme.txt. I did the
same thing...ran the utility before looking at the doc...
Darin.
- Original Message -
From: andyb
To: [EMAIL PROTECTED]
Sent: Friday, January 30, 2004
Good list, John. Thanks for sharing.
Darin.
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 28, 2004 3:55 PM
Subject: RE: [Declude.Virus] BANEXT
What are the recommended extensions to BAN?
Looks like F-Prot is calling it W32/Bizex.A ... unless there's another one
today...
Darin.
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 25, 2004 1:26 PM
Subject: Re: [Declude.Virus] W32/[EMAIL PROTECTED] - new
Wow, F-Prot is
Somehow I don't think the server is generating those by itself...grin.
I've used the no changes line many times myself...I've been wrong more
than I've been right in that dept.
Darin.
- Original Message -
From: Serge [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, February 29,
Haven't heard anything back from F-Prot since I reported it a week ago.
Darin.
- Original Message -
From: Grant Griffith [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 02, 2004 12:07 PM
Subject: RE: [Declude.Virus] [Encrypted .ZIP file]
Didn't Scott say yesterday that
I think Scott's right. If he spends the time on this, implements it, and
virus writers immediately adapt as he suggested, then the effort was wasted
as it has not other longer reaching benefit. I think development time
should be spent on features that will have ongoing value. Otherwise we will
Interesting...so it's Outlook's fault, eh?
Understand about text files...they would be next to impossible to determine
what the content really was without greatly increasing processing time and a
lot of effort. However, I still think it is very valuable to add detection
of the obvious types like
Scott,
What are your thoughts on the /AI and /PACKED switches? Any particular
reason to use or not use them?
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 18, 2004 10:57 AM
Subject: Re: [Declude.Virus] Log error with
Right, so if we detected actual file type (GIF instead of .js=NO), we would
know that it was a .gif and therefore not a threat...so it wouldn't get
banned.
Darin.
- Original Message -
From: Matt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 18, 2004 11:50 AM
Subject:
, and that
may be true. However, F-Prot must have had some reason for adding those
switches (especially the PACKED switch), so I use them - just to be safe...
Bill
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 18, 2004 9:48 AM
Subject: Re
Thanks for the input, Scott.
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 18, 2004 1:12 PM
Subject: Re: [Declude.Virus] Log error with latest interim release
Scott, your thoughts?
From what I have seen, AV
Try just banning encrypted zips and allowing your virus scanner to handle
issues with non-encrypted zips.
Darin.
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 19, 2004 1:35 PM
Subject: Re: [Declude.Virus] whitelisting?
Because I am dealing
Scott,
Earlyin 2002 you mentioned in this
list...
We are planning to change the footer option so that it will only appear in
plain text segments, which will prevent interfering with the [Outlook]
meeting requests, and will ensure that the footer is visible even when HTML
and/or
Hmmm...I hate having to turn off the footer for everyone just because of one
customers. Haven't run into it yet myself, but some people on this list
will probably run into the problem with having to pass encrypted zips for
one customer while banning them for everyone else...or similar requests
Anyone else having trouble with a lot of new
viruses slipping through?
I submitted two to F-Prot earlier this morning, but
they are claiming that the attachments were Netsky.P. However, I have the
latest virus defs from them and the virus logs clearly show them being scanned
and virus
Sounds good. Now the question of the day is...how do we subscribe?
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 26, 2004 3:29 PM
Subject: [Declude.Virus] New Virus Alert mailing list for urgent virus
information
FYI, at
We set up emergency support aliases for exactly this purpose. They send to
phones/pagers and copy standard support aliases.
So you could create one and subscribe to the virus alert list with it.
Darin.
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL
We tried IMail's anti-spam features for a few days
but had a lot of trouble with false positives and spam slipping
through...Declude JM was much easier for use to implement, has many more
capabilities, and is extensible.
declude.junkmail is the JM list.
Darin.
- Original Message -
How is it that you're in a worse situation
During the trial it works, after the trial you're back where you started.
To completely remove it from mail processing after the trial just follow the
instructions in the Declude JM manual.
Darin.
- Original Message -
From: Mitch Hegstad
I didn't see any harm...actually though it was helpful as we all share tools
to get the job done. Sorry if I contributed to a bad evening because I
wasn't looking at the recipient address and thought you sent it twice...
Darin.
- Original Message -
From: Sanford Whiteman [EMAIL
Can this be made optional? I for one would rather have the option to delete
banned files with vulnerabilities.
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 14, 2004 7:39 AM
Subject: RE: [Declude.Virus] .smd files in c:/
I appreciate the suggestion, but that wouldn't help
in this case. If it was that simple, we would have already done
it...grin.
We review the virus held queue several times a day
to make sure no legitimate documents were held. However, most are PIFs and
SCRs which are never valid...so
Hi Scott,
Did this make it into the suggestion
database?
Darin.
- Original Message -
From: Darin Cox
To: [EMAIL PROTECTED]
Sent: Friday, April 30, 2004 9:20 AM
Subject: [Declude.Virus] Feature Request: Deletion of banned
files
Hi Scott,
We seem to be spending more and more
The obvious issue is allowing people to access infected files. That is
your
call whether they paste into another page and you keep track of their name
or they simply click a link and get the virus sent to them. The problems
can
occur on their end in both cases.
If you set Delete Viruses to
You're right in that there are several cases, but I still disagree with
allowing the sender to decide whether or not the recipient... I think the
recipient should be the one to decide if they want the email. The sender
should _not_ be able to force potentially harmful email through.
Look at it
Hi Matt,
Here's how we handled the issue.
Set postmaster and abuse aliases to forward to a
monitor account. The monitor account has a vacation message set to tell
the sender that this account is not monitored, and to forward to another
reporting account. The reporting account then gets
I understand...we got thoseNDRs as well until
we set it up this way.
Darin.
- Original Message -
From: Matt
To: [EMAIL PROTECTED]
Sent: Wednesday, June 02, 2004 1:49 PM
Subject: Re: [Declude.Virus] Bounces to encrypted zips
Thanks Darin, but these are NDR's that are being
Title: Strange...
Does this shed any light?
http://support.ipswitch.com/kb/IM-19980119-DD10.htm
Darin.
- Original Message -
From: Serge
To: [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 3:55 PM
Subject: [Declude.Virus] Stranger...
hi all
urgent help needed
I have imail1 client
?
see attached gif
- Original Message -
From:
Darin Cox
To: [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 10:21
PM
Subject: Re: [Declude.Virus]
Stranger...
Does this shed any light?
http://support.ipswitch.com/kb/IM-19980119-DD10.htm
Darin
Nice diagram, Markus.
Darin.
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 23, 2004 5:27 PM
Subject: RE: [Declude.Virus] virus increment
Ahh and here I thought that you would have some sort of fancy
program that would do
Language issue...meaning that all the way until the present (until now...up
to the present time) they are not infected...i.e. they have not had any
problems...
Darin.
- Original Message -
From: Douglas Cohn [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 25, 2004 10:48 AM
It may have just not been there yet when you
checked, but click on Bagle.AG on Symantec's home page and you get
to
http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
Section 11 under the technical details lists the
animalsBagle.AG's writer decided to take on the ark.
We've used it for a couple of years. Works as well as Symantec or McAfee as
far as we can tell. Just make sure you set up updates and notifications
properly and it works like a charm.
Darin.
- Original Message -
From: marc catuogno [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
Too late... (;^p)
__
/
/|
/__ / |
|
| |
|
| |
|
| |
|
| |
|
Message -
From: Darin Cox [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 04, 2004 10:55 AM
Subject: Re: [Declude.Virus] anybody still here?
Too late... (;^p
And Sophos, etc., etc.
Darin.
- Original Message -
From: Glen Harvy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, August 06, 2004 7:26 PM
Subject: RE: [Declude.Virus] Useful antivirus feed from Symantec
Hi,
Isn't something similar available from McAfee?
Sophos
http://www.sophos.com/virusinfo/infofeed/
declude has it on their home page
I couldn't find anything similar at mcafee's site.
regards
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Friday, August 06, 2004 6
I believe John was asking about attachments, not viruses, which is a very
good question...and something that I don't believe is available.
I would certainly like to do it as well. That way we can avoid notifying
users on banned files that are for know viruses where virus definitions have
not yet
Us as well...had a rather unfriendly postmaster at ml.org send us a
nastygram saying we were now blocked from sending to him. We sent a
friendly reply back, but I don't know if he'll receive it.
Scott, got any idea when this will make it to the forging list?
Based on this I'm considering not
Thanks, Scott.
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 07, 2004 5:37 PM
Subject: RE: [Declude.Virus] JS/IFromot.A
I have received a report of this today as using a forged sender.
This is now being treated as
/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Darin Cox
Sent: Tuesday, September 07, 2004 2:43 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] JS/IFromot.A
Us as well...had a rather unfriendly postmaster
These kinds of problems are why we went with a scheduled FTP process instead
of using F-Prot's updater. Works flawlessly. There are a couple of
examples on Declude's tools/utilities page. We went with the simplest one.
Darin.
- Original Message -
From: Goran Jovanovic [EMAIL
Look in the archives for info on dictionary attacks. They're very common
these days.
Darin.
- Original Message -
From: Stan Buck [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 21, 2004 11:49 AM
Subject: [Declude.Virus] Attack?
For three days now we've been getting
Scott,
Would it be possible for these vulnerabilities to have a notification email
associated with them, like banned files? Correct me if I'm wrong, but I
don't believe there are any notification possibilities with these currently.
If this were added, then our users could be automatically
Well then, I sit corrected...
It would be nice to have more granular control over this, though...to
perhaps only send for particular hosts, IPs, or email addresses in response
to the existing criteria for virus name and vulnerability.
Any thoughts on the exemption/weighting system idea for
Suppose I should have taken the time to read the manual...grin
John, does this help with your issue?
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, September 24, 2004 2:00 PM
Subject: Re: [Declude.Virus] Paypal and Outlook 'Blank
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Darin Cox
Sent: Friday, September 24, 2004 11:07 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Paypal and Outlook 'Blank Folding'
Vulnerability
Suppose I should have taken the time to read the manual...grin
John
Title: New release
Hi Sharyn,
Looks like it was yesterday.
Our officejust came back online yesterday
afternoon as well. Hope you didn't have much damage.
Darin.
- Original Message -
From: Sharyn
Schmidt
To: [EMAIL PROTECTED]
Sent: Wednesday, September 29, 2004 9:04 AM
Subject:
Title: Message
Actually, this rebuttal is not true. The
graphic links do indeed both link to the full installer.
Darin.
- Original Message -
From: Douglas Cohn
To: [EMAIL PROTECTED]
Sent: Friday, October 01, 2004 6:15 PM
Subject: RE: [Declude.Virus] Declude Release 1.81 - Error on
If you're looking for what others have done as well... we delete viruses,
for banned files notify the recipient with a link in the notification to a
web script that will requeue the file if they want to receive it, and review
vulnerabilities, deleting or requeueing as needed.
Darin.
-
The good
news is that I just saved myself the money
by switching to GEICO?
Sorry, couldn't resist. The IPswitch
situation is just getting pretty humorous...
Fortunatelymost of us willhave from 1-2
years before having to replace IMail. Big question is what do companies
likeCH do that
I can't imagine they would sell the old
code...remember IMail is the core of ICS.
Darin.
- Original Message -
From: Greg
Little
To: [EMAIL PROTECTED]
Sent: Wednesday, October 27, 2004 11:46 AM
Subject: Re: [Declude.Virus] Making or buying a MAIL SERVER
proposal
While we are on
Yep...we started seeing these this morning.
Darin.
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, October 29, 2004 12:04 PM
Subject: [Declude.Virus] Possibly a new variant of JS/ virus in [HTML
segment]
In addition to what others have
My advice: Get it in writing. Verbal communication can always be denied
later on.
It has happened to me way too many times in the past that I'm told something
when I buy, then the company that sold it later denies that they told me
that thing when I question changes.
Darin.
- Original
Why don't you use one of the FTP scripts to update the F-Prot defs. We've
used the simple one on the Declude Tools web page for a couple of years now
and never had one problem, while the F-Prot updater seemed to work only
intermittently.
It's also recommended to use an off-hour update time. A
Batch file FTP scripts work great. Very reliable and we never have an issue
with updates taking very long by not doing them on the hourjust takes a
few seconds.
Darin.
- Original Message -
From: Douglas Cohn [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, November 05, 2004
Hmmm...sounds to me like we might want to handle these like banned files
instead of viruses, since we haven't found a virus with either of these exit
codes.
Especially for those of us who delete viruses...
Darin.
- Original Message -
From: Goran Jovanovic [EMAIL PROTECTED]
To: [EMAIL
Are you using the F-prot real-time protector? If so, you should disable it.
Darin.
- Original Message -
From: Jim Nitterauer [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 24, 2004 12:49 PM
Subject: RE: [Declude.Virus] Not detecting viruses
Hello.
I made the
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Wednesday, November 24, 2004 12:21 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Not detecting viruses
Are you using the F-prot real-time protector? If so, you should disable
Hi Scott,
We've been getting a number of Wurmark.A postmaster
notifications. It seems to be a forging virus. Should this be added
to the Declude Forging Virus list?
Thanks,
Darin.
Not high volume, but still don't want postmaster
emails going out in response to it. I added it to our forging list, but it
would be best in the Declude list.
Darin.
- Original Message -
From: Markus Gufler
To: [EMAIL PROTECTED]
Sent: Sunday, December 05, 2004 12:54 PM
Subject:
that? Am I missing
anything?
Thanks for your time.
Todd
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Tuesday, November 30, 2004 4:50 PM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] Declude vs Ipswitch AV
Highly recommend using
Nope...sorry...it's all or nothing, but this is a feature that has been
requested.
Darin.
- Original Message -
From: Dan Geiser [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 13, 2004 11:08 AM
Subject: [Declude.Virus] Supress Universal Footer for 1 Domain
Hello, All,
How do we disable all notifications except for
banned attachment?
I've changed the names of all of the templates
except BANnotify.eml, but am still getting some postmaster notifications for
virus detections.
Thanks,
Darin.
Hi Markus,
Sounds like you're experiencing what we saw starting on November 16th... a
tenfold increase in spam overnight.
After a little over a week ours settled down ton about 3 times the amount of
spam prior to the 16th. That has been steady ever since.
We've attributed it to the recent
Thanks, Scott,
As Rick suggested, I moved all of the other notifications to a separate
folder.
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 16, 2004 3:12 PM
Subject: Re: [Declude.Virus] Disable all virus
You should use fpcmd.exe instead of
f-prot.exe. fpcmd.exe is the 32-bit command line version. Check the
JunkMail manual on the declude website for the suggested command line
settings.
Darin.
- Original Message -
From: Matthew Brandes
To: '[EMAIL PROTECTED]'
Sent: Tuesday,
can't see any step near to 2004-11-16 but the virus creating this big
wall of infected messages is Zafi.D, appeared some days ago.
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Thursday, December 16, 2004 4:46 PM
To: [EMAIL
had to move them to a sub directory or delete
them to get them to stop, renaming didnt work
Rick DavidsonNational Systems ManagerNorth American Title
Group-
- Original Message -
From:
Darin Cox
To: [EMAIL PROTECTED]
Sent: Thursday, December 16, 2004 10:37
AM
Subject
I would need a better understanding of exactly what that means before I
would be comfortable with it.
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Tuesday, December 21, 2004 7:16 PM
Subject: RE: [Declude.Virus] Upgrade issues
It's one thing to have the facts and make the decision yourself...it's
another to have blind faith in another. I think most people will need to
know exactly how the new licensing works to be comfortable with it.
To avoid a lot of calls, and having to explain everything over and over, it
would
questions customers will have - rather
than to be scrambling after the fact to assuage any concerns that are
raised.
Darin.
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Thursday, December 23, 2004 6:11 AM
Subject: Re: [Declude.Virus
http://www.thechannelinsider.com/article2/0,1759,1745654,00.asp
Darin.
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Tuesday, December 28, 2004 1:50 PM
Subject: [Declude.Virus] hlp attachments
I just had a client request
Sure For about two weeks until I get back from vacationuh, we still
get to charge for internet related services, right? ;^P
Darin.
- Original Message -
From: Greg Little [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Wednesday, December 29, 2004 12:59 PM
Subject: Re:
201 934-9206
http://www.HM-Software.com/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Friday, January 28, 2005 05:15 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] RAR Support - why not?
Notices only go out for banned
There could be many RBL's in your config (we have about 100 in ours...which
we probably need to prune since many don't add any real value), each of
which would require a DNS hit for each message.
Best just to set up your own DNS server and be done with it.
Darin.
- Original Message -
We just saw a rash of them as well. Same patterns you mentioned. Glad
we're holding on RAR!
Darin.
- Original Message -
From: John Carter [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Thursday, April 14, 2005 5:29 PM
Subject: [Declude.Virus] RAR followup
Starting to see
Huh? What about FTP is not working?
We're still FTPing from them. Latest defs are Monday at 10:34am. I just
ran the FTP update script manually and it ran fine.
Here's what we use
open ftp.frisk.is
user
anonymous
[EMAIL PROTECTED]
cd pub
binary
hash
prompt
get fp-def.zip
get macrdef2.zip
FAQ:
http://www.f-prot.com/support/windows/fpwin_faq/fpwin_faq_6.html
which lists:
http://www.f-prot.com/support/windows/fpwin_faq/30.html
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Wednesday, May 04, 2005 9:43 AM
ROTECTED]] On Behalf Of Darin Cox
Sent: Wednesday, May 04, 2005 9:43 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] f-prot update script
Huh? What about FTP is not working?
We're still FTPing from them. Latest defs are Monday at 10:34am. I
just ran the FTP update script manually and
I would hope existing vulnerability checks would
not be retired, since there are already flags to decide whether or not to check
for particular ones. We catch a bit of spam in the virus queue with these
checks that is not otherwise caught, especially some that someone else (Andrew?)
Matt,
Point taken that it may no longer be a
vulnerability. So, call it something different, maybe just another type of
spam test, but don't take it away. They still have value as tests.
As I stated earlier, we see spam held bythe vulnerability teststhat
were not detected byspamtests.
If
Hi Matt,
I think most of us always consider the "greater
good" before making requests... and by their nature, most requests from one
person have benefit to many others.
I think the recommendation you outlined below is
fairly good...but again, I would not like to see potentially valuable
Sounds good to me. I tend to think of both
virus and spam detection in the same breath, since I think they're stronger
together than separate... but you certainly have a valid point about moving code
to Junkmail...and it would seem more useful there as well.
I haven't seen the false
Oh man...I feel your pain! Happened
tous mid-April. Fortunately it was just after midnight on a Friday,
so we had everything back up before morning and no one noticed the interruption
in service.
Was it Windows mirroring or hardware
level?
Darin.
- Original Message -
From: John
Title: Message
I asked about this about a month ago. From
what I was told, Declude cannot determine who is on the CC or BCC list due to
where they look for that info.
Darin.
- Original Message -
From: Goran
Jovanovic
To: Declude.Virus@declude.com
Sent: Tuesday, May 31, 2005 9:27
Title: Message
Hi Goran,
Oh, I thought you wanted to separate the ALLRECIPS
into TO, CC, and BCC groups.
Does CC work? I would think that it would,
but haven't tried it.
In any case, you might be able to insert
ascript in the process chain for virus scanning to check the result code
and
Title: Message
Do you use scripts to set up your accounts?
Saves us a ton of time when restoring or migrating accounts.
When we had a similar problem mid-April that also
required a server rebuild, running the scripts allowed us to recreate all of the
websites on that server in a few
You don't have to have PRO. You can also use a FROMFILE test with a text
file listing all of the email addresses and/or domains you want to penalize.
Just put a line like this in your Global.CFG:
FROMBLACKLIST fromfile C:\IMail\Declude\fromblacklist.txt x 200
0
This penalizes every
Nope... add a filter test and put those lines in it. The same thing I
mentioned without pro applies here for adding test names to the global.cfg
and $default$.junkmail.
The manual at http://declude.com/junkmail/manual.htm decribes adding filter
files pretty well.
Darin.
- Original Message
to do anything else to the junkmail file to reference MYFILTER
or does the WEIGHT20 take care of everything?
Thanks.
Kevin
Darin Cox wrote:
Nope... add a filter test and put those lines in it. The same thing I
mentioned without pro applies here for adding test names to the global.cfg
and $default
. In the
case of a virus, I don't know if the envelope from would have the forged
address in it.
You'd have to capture some of the messages to know for sure.
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Thursday, June 02, 2005 5:48 PM
Subject: Re
Hi Bill,
First, welcome. I hope yours will be a
constant voice on the list.
Questions:
1. What version of Declude? 2.06 only,
or other versions as well?
2. How about older versions of IMail (8.1x,
8.0x, 7, 6, etc.)
Thanks.
Darin.
- Original Message -
From: Bill Billman
To:
Thanks, Bill.
Darin.
- Original Message -
From: Bill Billman
To: Declude.Virus@declude.com
Sent: Friday, June 03, 2005 5:05 PM
Subject: RE: [Declude.Virus] System resources
Thanks
Darin.
The problem seems to be
with IMail 8.2 and any version of Declude. We havent seen this
HOLD
Do I need to do anything else to the junkmail file to reference
MYFILTER or does the WEIGHT20 take care of everything?
Thanks.
Kevin
Darin Cox wrote:
Nope... add a filter test and put those lines in it. The same
thing I
mentioned without pro applies here for adding test names
PROTECTED]
To: Declude.Virus@declude.com
Sent: Sunday, June 05, 2005 3:17 PM
Subject: Re: [Declude.Virus] Newbie question
Thanks for the quick response. Yes, I have the Pro versions for both AV
and Junkmail.
Darin Cox wrote:
Do you have the Pro version of Declude Junkmail? You have to have pro
:[EMAIL PROTECTED] Auftrag von Darin Cox
Gesendet: Sonntag, 5. Juni 2005 23:02
An: Declude.Virus@declude.com
Betreff: Re: [Declude.Virus] Newbie question
I don't know if it still exists since it is not in the current manual, but
there was an option in previous versions of AV called AVAFTERJM
Similar pattern to Markus' here, except that ours
fell off to nothing slipping through from mid-March to mid-May. Previous
pattern of receivingtwo or three a week resumed mid-May, but has gotten
better over the past couple of weeks thanks to Sniffer.
Darin.
- Original Message -
Don't know what it is yet, but the attached file
was named kitten.zipcontainingan
unencryptedEXE.
Darin.
1 - 100 of 165 matches
Mail list logo