It's a virus - a new bagle variant. I am
seeing it detected by Mcafee as JS/IllWill trojan. I have seen a
signifigant increase in this virus today compared to yesterday. It was the
second most detected virus on one of our servers today.
Here is the mcafee link - http://vil.nai.com/vil/co
Scott,
Looking at the logging in terms of vulnerabilities I noticed that under
certain circumstances it does not print out the "File(s) are Infected" line
when the vulnerability is found in the subject or from field. Is this by
design? Also, in terms of when it catches the vulnerability in somet
Scott,
Looking at the logging in terms of vulnerabilities I noticed that under
certain circumstances it does not print out the "File(s) are Infected" line
when the vulnerability is found in the subject or from field. Is this by
design? Also, in terms of when it catches the vulnerability in som
Has anyone tried out 8.0i (enterprise) on their mail server? 8.0i
enterprise on the desktop seems to consume a bit more resources than 7.x
which makes me wonder how well it will do on the mail server.
Darrell
- Original Message -
From: "Wolf Tombe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTEC
Not to switch the subject, but what would be nice is the option not scan
with the other scanners once a virus is found... Than you can have scanners
that in general require less CPU like F-Prot versus Mcafee.
Darrell
---
Check out http://www.invariantsyste
lude.Virus] Virus MRTG
> > [Also I believe Darrell ([EMAIL PROTECTED]) is working on
> > a mrtg ver of a virus analyzer which does this and more... No idea
> > of a release date - ]
> > -Nick
>
> For the most part its done. I just havent posted it to the web site yet
>
attachments and advise the sender by return
e-mail.
Visit our
websites: http://www.syscom.be
Van:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Namens Darrell
([EMAIL PROTECTED])Verzonden: dinsdag 14 december 2004
4:28Aan:
[EMAIL PROTECTED]; [EMAIL PROTECTED]Onderwerp
DLAnalyzer version 4.0 is now
released. With version 4.0 we have
integrated Declude Virus log processing into DLAnalyzer giving you the ability
to generate one report that encompasses both spam and virus statistics. In
addition, to the virus processing we have added many other features to
In my opinion two scanners is a must. For yesterday here is some stats for
the virus scanners we use. While both caught almost the same amount of
viruses Mcafee caught 5 that F-Prot did not. That very well could have been
your Exploit-MIME.gen.c .
Virus Scanner Summary Report (Mcafee)
Total Me
FYI - Not sure about hlp, but there is an exploit with chm (windows help
files).
Microsoft Internet Explorer Fully Automated Remote Compromise
Summary: Summary
A vulnerability exists in Microsoft Internet Explorer version 6.0 on Windows
XP SP2 or Windows Server 2003 due to the combination of mu
Yes it does.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log
Parsers.
Chris Hunt writes:
My company is mergin
Thomas,
The line you are looking for is the "Last Action"
line. The line you posted means the message triggered the ipnotinmx test
which normally is not used to punish messages. This message had a total
weight of -5. From the information provided Declude did not toss that
message. You
Title: F-prot help
Mark,
When you say "on access is set to on" and then
below that you mentioned the realtime scanner was not installed. Do you
have an on access virus scanner running? Even one other than F-Prot that
may be scanning your server?
Darrell
-
I am seeing it detected as "Bagle.BL" by F-Prot. It is not being detected
by Mcafee right now.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitorin
The odd thing on this was I had to add the "/MIME" flag to the scanner
command line in order for my systems to start catching these.
Darrell
Greg Little writes:
For McAfee users it should be caught as Bagle.BN or .DLDR
starting with this AM (4436)
4437 was just release with improved detect
For those that might not be handy with the unix util's you can grab a copy
of DLAnalyzer "lite" which is free that will do this type of reporting
including analyzing multiple days worth of logs at a time.
Darrell
Check out
Ben,
You are 100% correct on your diagnoses. If you had the date range set to
3/7/2005 it will read the dec0307.log file in its entirety. In the course
of programming DLAnalyzer the possibility of someone still having last years
log file in the same location where the Declude logs were gener
FYI -
McAfee is announcing to itsâ customers who are operating on a previous
version of the McAfee VirusScan Engine (version 4320) are susceptible to a
buffer overrun when scanning LHa files.
â No action is required if your environment is currently running the 4400
Scan Engine (issued November 2004
Mark,
As one of the testers I can say 2.0.6 is for Imail as well.
Darrell
Mark E. Smith writes:
Will this version work with iMail as well?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, March 25, 2005 9:48 AM
To: D
Yes, its very possible.
10 RBLS x 1200 emails in an hour is easily 12K hits.
The 10 RBLS is also conservative. I am sure they will end up doing what
AT&T does and just blackhole queries to certain RBL's. I would look at
setting up a local DNS server.
Darrell
DLAnalyzer 4.1.0 has been released. Version 4.1.0 is compatible with the
enhanced logging changes introduced with Declude version 4.0.6.
DLAnalyzer is a comprehensive reporting tool that integrates both Junkmail
and Virus statistics into one report. Some of the features require the
Enterpris
Without the attachments.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
Robert
Not that this solves the issue, but what if you installed Sophos first?
Darrell
invURIBL - Intelligent URI Filtering for Declude Junkmail. Blocks 85% of
SPAM with the default configurations. Try it out -
http://www.invariantsystems.com
Aaron
In the last 24 hours I have seen F-Prot start to use an excessive amount of
CPU. Normally it very rarely shows up in task manager and now it has been
using a considerable amount of CPU.
Thoughts?
Darrell
Comprehensive Declude Virus and Jun
Subject: Re: [Declude.Virus] High CPU F-Prot
I saw F-Prot time out 3 times today in my logs, and I can't
remember that ever happening before. McAfee didn't time out
once, and that's usually the first to go. Maybe this
explains the issue. I think it's time to so
>>/PANALYZE - Turn on program heuristics.
I have been running this switch for a while and
have not seen any issues with it. I turned it on as a result of the jpeg
exploit - see http://www.mail-archive.com/declude.virus@declude.com/msg10831.html
Darrell
>>improved. If a virus is found with scanner 1, I'd like an option to avoid
calling later scanners. While >>it's good for comparison sakes, if a virus
is found, I don't need 2 other programs to confirm that.
>>I'd also like to have the PRESCAN ON/OFF setting moved within the virus
scanner definitio
Matt,
I am seeing the same thing - but my server (this one) is way more loaded
than it should. Scanner 2 is F-Prot as you can see there is an excessive
amount of time when this issue occurs. It was so bad that I ended up
disabling F-Prot until I can get to the bottom of this.
Darrell
04/
Title: Message
Andrew,
During your test what did the CPU look like was it
a solid 100%? I have not ran the test, but on my mail server when I was
seeing the issue live it was 100%.
Darrell
---DLAnalyzer - Comprehensive
reporting for Declude Junkmai
Alex,
Also make sure you add their mail servers address in the relay for ip
address options in smtp..
Everything else you mentioned from the Declude side is correct and what we
do.
Darrell
-
invURIBL - Intelligent URI filtering plug-in for Declude. S
>>Does declude virus need any modification as
such?
No...
Darrell
---invURIBL - Intelligent URI
Filtering. Stops 85%+ SPAM with the defaultconfiguration. Download a
copy today - http://www.invariantsystems.com
Don,
Attachment banning is global / for all domains. I do not believe there is a
way around this.
Darrell
---
invURIBL - Intelligent URI Filtering. Stops 85%+ SPAM with the default
configuration. Download a copy today - http://www.invariantsystems.com
--
My thoughts are this - a virus is a virus and a vulnerability is a
vulnerability. My expectation is that if a virus is detected than the other
scanners will not be called. However, if a vulnerability is detected the
scanners will execute until such time a "virus" is found.
Maybe two switches - E
John,
What do the filenames appear to be - any pattern either filename, subject,
body content etc?
Darrell
John Tolmachoff (Lists) writes:
One of the servers I manage is getting hit with lots of messages being
caught with banned exe within zip.
They are coming from different IPs
John
a mass-mailing virus. Declude defaults to BANCSLID ON which may or may
not protect from such an attack. Some CSLID calls are entire valid and
normal for Outlook/Office generated E-mails, and I'm not totally sure
Plus the other question is does Declude look for the CSLID calls in files in
zi
Another MyTob variant is out. F-Prot is catching it but Mcafee is not.
Mcafee does have an extra.dat for it.
The file is coming in as "info-text.zip".
Darrell
DLAnalyzer - Comprehensive reporting on Declude Junkmail
Kevin,
You would place that in your virus.cfg file.
Darrell
-
DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus. Try it
today - http://www.invariantsystems.com
Kevin Rogers writes:
Should I put "AVAFTERJM ON" in my global
If you are using Imail just add it into the SMTP Access Control List. This
will block them from connecting to them.
Darrell
--
DLAnalyzer - Comprehensive reporting for Declude Junkmail and SPAM. Try it
today http://www.dlanalyzer.com
Susan Duncan wri
Dan,
I have been running 2.0.6 with no "major" issues that plague me on a daily
basis. The only issue I have encountered is when the server is under high
load and Declude spawns processes until the server starts generating errors.
Since I upgraded the server it doesnt happen very often.
For
FYI - For those who have not seen this and are running ClamAV.
05.26.8 CVE: CAN-2005-1923
Platform: Cross Platform
Title: ClamAV Cabinet File Parsing Remote Denial of Service
Description: ClamAV is a virus scanning utility. ClamAV is affected by a
remote denial of service issue. ClamAV versions
See - http://www.mail-archive.com/declude.junkmail@declude.com/msg24938.html
I posted about this issue a couple of times. We are currently waiting on a
fix - but this is the cause from what I can see from the debug logs.
Darrell
---
invURIBL - Intelligen
Grant,
Their is nothing native to Declude to prevent that - the only real option
besides something custom is to limit the size at the imail layer.
Darrell
InvURIBL - Intelligent URL filtering - stops 85% of spam with the
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, July 08, 2005 9:13 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Limit Size of message to be scanned?
Grant,
Their is nothing native to Declude to prevent that - the only real optio
]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, July 08, 2005 9:34 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Limit Size of message to be scanned?
Grant,
What I do is set the "Single Message Size" under the domain. The limit I
have in
Slap on the wrist and his friends got paid for turning him in... Looks like
a win-win for all of them.
Darrell
John Tolmachoff (Lists) writes:
So the virus writer got a slap on the wrist. Boy, that will sure send a
message to would be virus writers.
John T
eServices For You
Here is the dirt:
From RIPE:
descr:Telefonica Wholesale International Service
members: AS12956
It appears at the moment that Telefonica have advertised announcements from
their customer 26210 of some /8's rather than blocked them as they should
(including 12/8). Sprint and GX
Also, any emails that are mime/base64 encoded should be mime decoded by the
AV scanner. I know mcafee has that option which we enable.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail
David,
Any progress on the issues we seen under multi-processor environments?
Darrell
David Barker writes:
If you are running the Declude Beta please upgrade to 3.0.3.8 and send
feedback to [EMAIL PROTECTED]
David B
www.declude.com
---
This E-mail came from the Declude.Virus mailing l
* Processor load: sometimes for minutes a processor load of 100% (lots of
declude.exe, avgscan.exe and like l08w987.exe (from sniffer) processes) > >a
System process that fills up to 100%. In those periods there is no System
Idle processor time.
Does not really indicate a probelm per say. I
Marcel,
"AVAFTERJM ON" goes in the virus.cfg file and it makes AV run after JM as
you suspected. Several of us run this mode for the reason you cited. The
only deal you have to remember is if something is trapped by JM and you put
it back in the queue it will not be virus scanned.
Darrell
The directives are for tuning both single and multiprocessor systems.
They
are not meant as a tradeoff. Some multiprocessor systems do not exhibit
the
reported sleep for 30 seconds behavior. We have not been able to
reproduce
it ourselves.
I can produce it on my machine even on version 3.0.
I think it really depends on your volume if you will see this. Also, if you
have already tweaked your "WAITFORMAIL" you may not see it as well. On my
system during off peak hours I get on anverage between 75-100 messages per
minute. What you will see is Declude will spawn up to 20 or so threa
Our MRTG scripts that we make available for Declude users have been updated
for the new log format of Declude 3.0. The programs are provided free and
"as is".
They can be downloaded from our site listed in the tag line.
Any questions let me know.
Darrell
--
Jeff,
Yes that is normal with the 3.0 upgrade. It is just a cosmetic change and
does not really impact anything.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Ove
Harry,
The message on my system just said you need to remove the last version.
Once I did that and re-ran the update all was well.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail
Alot got through today with that one, but its being
caught by F-Prot now.
10/05/2005 22:06:18 Q86937B8E01F27E50 MIME file:
pword_change.zip [base64; Length=113709 Checksum=13075286]10/05/2005
22:06:18 Q86937B8E01F27E50 Scanner 2: Virus=W32/[EMAIL PROTECTED]
Attachment=pword_change.zip [12]
visit us at www.avertlabs.com
---DLAnalyzer - Comprehensive
reporting on Declude Junkmail and Virus. Download it today - http://www.invariantsystems.com.
- Original Message -
From:
Darrell
([EMAIL PROTECTED])
To: Declude.Virus
FYI - For those using Bitdefender -
05.40.20 CVE: Not Available
Platform: Cross Platform
Title: BitDefender Antivirus Logging Function Format String
Vulnerability
Description: BitDefender Antivirus is a proprietary antivirus product
for multiple platforms. It is vulnerable to a format string iss
Kevin,
I thought PGP had a desktop version that integrates directly with outlook?
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI
Please no talk about sharp objects - I just had a vasectomy a couple of
hours ago - oh the pain...
Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring, SURB
FYI - for those using clam...
05.42.21 CVE: Not Available
Platform: Cross Platform
Title: Clam Anti-Virus File Handling Denial Of Service
Description: ClamAV is an anti-virus application. It is vulnerable to a
denial of service issue due to a failure in the application to handle
malformed OLE
(4) MODERATE: Multiple Anti-virus Vendor Detection Bypass
Affected: Multiple AV vendors including McAfee, Trend Micro, Kaspersky,
Sophos, CA, Panda.
Description: Multiple anti-virus engines reportedly contain a vulnerability
that can lead to bypassing detection of malware in ".bat", ".html" a
Anyone seen this before? The message (attachment) have the W97M/Thus Virus
and is detected by McAfee as having such, but the final virus string somehow
ends up at Netsky?
Darrell
x:\imail\spool>grep -i q41c378d5099ed6c9.smd vir1028.log
10/28/2005 11:21:09.718 q41c378d5099ed6c9.smd Vulnerabi
qaf506d06099e03ac.smd Scanner 1: Virus=
W32/[EMAIL PROTECTED] Attachment=email-password.zip [11] O
10/28/2005 00:56:05.015 qaf506d06099e03ac.smd File(s) are INFECTED [
W32/[EMAIL PROTECTED]: 3]
Darrell ([EMAIL PROTECTED]) writes:
Anyone seen this before? The message (attachment) have the
message to sender
=
Bill
- Original Message ----- From: "Darrell
([EMAIL PROTECTED])" <[EMAIL PROTECTED]>
To:
Sent: Friday, October 28, 2005 9:37 AM
Subject: [Declude.Virus] Virus name reported as different than what
scanner detected.
Anyone seen this before? The
David,
Can you eloborate on "connectivity issues" I am trying to grasp what is
meant by connectivity issues (i.e. rbl's not returning data, etc?).
Darrell
Check out http://www.invariantsystems.com for utilities for Declu
I use Mcafee and it has been great they tend to be amoung the top for
getting updates out quick. However, it is very resource intensive.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Ima
Also, in the Command AVAFTERJM OFF
I assume this means it SCANS viruses first, then the junkmail?
No it actually scans for viruses after junkmail.
Darrell
---
invURIBL - Intelligent URI Filtering. Stops SPAM by focusing on the
David,
When you say messages are getting stuck in the spool do you mean after they
are processed by Declude? When you upgraded to Declude 3.x did you replace
the declude.exe file?
Darrell
---
Check out http://www.invariantsystems.com for utilities for
Dodell" <[EMAIL PROTECTED]>
To: "Darrell ([EMAIL PROTECTED])"
Sent: Saturday, November 05, 2005 3:57 PM
Subject: Re[2]: [Declude.Virus] Help! Upgraded from 1.82 to 3. today
Saturday, November 5, 2005, 1:42:02 PM, Darrell
([EMAIL PROTECTED]) wrote:
Also, in the Command AVAFT
http://www.invariantsystems.com for utilities for Declude And
Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parsers.
- Original Message -
From: "David Dodell" <[EMAIL PROTECTED]>
To: "Darr
Mark,
In general for these types of viruses yes you are ok as long as the
extensions in the zips are ones that you are blocking.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IM
I run 3.0.5.20 DFx - I think 1 or 2. It has a few extra fixes for me the
dnsbl issue is the ket one. I run it on two servers (imail) volume on
server 1 - 150K and volume on server 2 - 100K.
External tests: invURIBL & Sniffer
Darrell
---
I understand what everyone is saying, beleive me I do. What I can tell you
is that 3.x is much better than 2.x. Especially, since it fixes the issues
I had where 100's of declude processes would unexpectantly launch and would
hose the server. I have found the later versions to be very stable
Knowing that there are issues with 1.x and 2.x with Imail 8.2x and 2006
extends from 8.2x I would suspect that you may have issues.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. I
http://www.pcworld.com/news/article/0,aid,123876,00.asp
Key paragraph -
//begin
Security firm iDefense said it broke the encrypted code in a Sober variant
discovered in November and found that it is designed to download the unknown
code from various Web addresses on January 5, 2006. Millions o
Filenames?
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
Goran Jovanovic wri
FYI - For the other affected by this I put 3.0.5.22
back on and everything is flying along with no issues. Processing messages
as fast as could be.
FWIW - My issues started on December 24th at
approximatly - 2:10pm EST.
I will follow-up with Declude tomorrow to determine
why my version
How does AVAFTERJM cut down on work? I thought it only affected the
order in which JM and AV ran, and that AV ran each time, regardless of
this setting.
The main benefit is that it cuts down on the amount of messages virus
scanned thus saving resources. It has been a MAJOR help for me.
Dar
:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, January 27, 2006 10:02 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Feature request: DELETEVIRUSNAME
How does AVAFTERJM cut down on work? I thought it only affected the
order in which JM and AV ran, and
anner still scans it, won't it still use
the same CPU cycles?
Keith
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, January 27, 2006 10:43 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Featu
scanner (which makes sense to me). If that is so, then how does it
cut down on machine resources?
Friday, January 27, 2006, 9:43:19 AM, Darrell ([EMAIL PROTECTED]) <[EMAIL
PROTECTED]> wrote:
Dsic> Keith,
Dsic> It still gets virus scanned. I have tons of viruses in my virus
HOLD, DELETE, ETC - Does not get virus scanned with AVAFTERJM
ROUTETO, SUBJECT, Etc - Does get virus scanned.
Think of it this way anything that ends up being delivered somewhere (i.e.
mailbox etc) gets scanned.
Darrell
Matt writes:
This is the crux of the issue that I would like to fig
If you don't want to bother learning or using perl
I suggest you look at DLAnalyzer. It can do Junkmail reporting and Virus
reporting for Declude integrated into one Windows based application. There
is a functional free version (lite).
Darrell
-
Michael,
Can you post some log snippet's from your junkmail logs showing this going
through junkmail and the corresponding AV log entries. I run this exact
same configuration and do not have this issue.
Darrell
Check o
DLAnalyzer 5.0 has been released. DLAnalyzer is a comprehensive reporting
tool that integrates both Junkmail and Virus statistics into one report.
Some of the features require the Enterprise or Standard version, but we also
have a FREE LITE version available.
With version 5.0 we have added ma
Eric,
Are you only using Declude Virus? If not are
there other Declude headers in the message?
In the Virus logs does this message exist? Is
there virus logs (virMMdd.log).
Did you uninstall Declude because of this issue or
is this a new server? If this is a new server did you double c
change?
Thanks
Eric
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Darrell ([EMAIL PROTECTED])Sent: 08 May 2006 13:34To: Declude.Virus@declude.comSubject: Re: [Declude.Virus]
(re)Installing Declude v1.65 on Imail 8.22?
Eric
With older versions of Declude and Smartermail you used to have to do the
"X" rename to skip Declude processing. If you left the "X" off it would be
rescanned by Declude.
However, now that Declude is intergrated into Smartermail v3 what is the
correct requeing process?
Darrell
-
fpReview is a utility that allows you to easily review held mail on your
Imail or SmarterMail system. With fpReview you can review messages and
return them back to the queue for delivery or rescanning by Declude. Besides
being able to return the message to the queue for delivery many other
opti
Mcafee is catching these Trojan.Myno on my systems.
Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude, Imail,
mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parse
Actually, it is CLAMAV catching it. Not sure about McAfee as I stop on
first virus. F-Prot is def. not catching it though.
Darrell
Darrell ([EMAIL PROTECTED]) writes:
Mcafee is catching these Trojan.Myno on my systems.
Darrell
---
Check out http
John,
CLAMAV is catching it on my systems.
Darrell
---
fpReview - Review held mail easily and quickly.
http://www.invariantsystems.com
John T (Lists) writes:
Back to the matter indicated in the subject line, how are others dealing
with this?
Is
John,
What problems are you having with scan.exe? A lot of us use McAfee and have
no issues.
Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude, Imail,
mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI
Since upgrading to 4.2.20 I started seeing the following error:
07/12/2006 00:34:41.812 q7bca020f6715.smd 1 [1 of 2 not deleted] files
were deleted. You should not use an on-access virus scanner that scans the
\IMail directory or sub-directories.07/12/2006 00:34:41.328
This only happens
PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Wednesday, July 12, 2006 05:46 PM
To: declude.virus@declude.com
Cc: [EMAIL PROTECTED]
Subject: [Declude.Virus] 4.2.20 Error in Log
Since upgrading to 4.2.20 I started seeing the following error:
07/12/2006 00
canned: CONTAINS A VIRUS
[Prescan OK][MIME: 2 108872]
Darrell
Darrell ([EMAIL PROTECTED]) writes:
Andy,
Besides AVG I have 3 scanners: listed in order (F-Prot, Clam AV, McAfee).
I do think its an AVG issue like you suggested. I am trying to find a way
to disable the built in AVG virus s
What version are you running Matt in version
3.0.5.20 they fixed a ms-tnef issue with winmail.dat.
This might be the issue you are
seeing.
Darrell
Check
out http://www.invariantsystems.com for
utilities for Declude And
I noticed a new build from the SOSDG group has been released (88.3-1).
http://www.sosdg.org/clamav-win32/index.php
Anyone running it yet?
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail
Pretty nice peice of social engineering below - how
many of your users will click on this tomorrow :) Who can resist the
temptation of a "secret" greeting card.
The link actually takes you to
http://www.lkkm.cz/help/postcard.gif.exe
Darrell
---
1 - 100 of 126 matches
Mail list logo
