The proper procedure is:
Stop Imail SMTP
Stop Imail Queue Manager
Make sure spool\proc and spool\proc\work
are empty of files. If not, wait until they are processed.
Stop Decludeproc
Copy in the new file
Start Decludeproc
Start Imail SMTP
Start Imail Queue Manager
John T
eSe
; decludeproc.exe file then I could likely have "copied the new file"
> >
> > Harry Vanderzand
> > inTown Internet & Computer Services
> > 11 Belmont Ave. W., Kitchener, ON,N2M 1L2
> > 519-741-1222
> >
> >
> >
> >
> >
> >
Sorry to say it, but that is why we must
be blocking executables and zips that contain executables. For the sake of our
clients, we can no longer afford to be reactive, we must be proactive.
I caught a couple hundred using banned
BANZIPEXTS as it has an exe payload inside the zip file,
Matt, what is the payload inside the
zip?
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Thursday, October 06, 2005
9:32 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] New
variant as of
FYI, I do not ban EZIP outright. What I do is BANEZIPEXTs which will ban an
EZIP file containing a file that is banned.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Kevin Rogers
> Sent: Monday, October 10, 2005 10:26 PM
What is wrong with sharp objects? They make nice clean cuts.
Now, it's the blunt ones that I worry about.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Scott Fisher
> Sent: Tuesday, October 11, 2005 1:44 PM
> To: Declude.
tsystems.com for utilities for Declude And
> Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring,
SURBL/URI
> integration, MRTG Integration, and Log Parsers.
>
> - Original Message -
> From: "John T (Lists)" <[EMAIL PROTECTED]>
> To:
> Sen
Well, the answer lies within how those features were introduced. When the
first wave of viruses came out using zip files, we blocked zip files
entirely. But then we asked for a way to pass EZIP files, so Scott added
that feature whereby BANEXT ZIP did not ban EZIPs, instead introducing
BANEXT EZIP.
SKIPIFFORGING is only for virus
notifications, so it should not be in any other .eml file.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Wednesday,
October 12, 2005 12:30 PM
To: Declude.Vir
What is the payload inside?
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of John Carter
> Sent: Tuesday, November 01, 2005 7:51 AM
> To: Declude.Virus@declude.com
> Subject: [Declude.Virus] Blast of zips coming in
>
> We a
ips coming in
>
> on 11/1/05 11:38 AM, John T (Lists) wrote:
>
> > What is the payload inside?
>
> .exe files
>
> John's post about what we all should do with .exe files in zip attachments
> will follow in 3 ... 2 ... 1 ... :)
>
> Don't let me d
I use AVG as the second scanner and am happy with the results. I like
BitDefender as they publish updates on average a dozen or more times per
day, but it is more resource costly.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behal
Well, I am not sure about tomorrow, but in the last hour I have started to
see some messages being caught with banned ZIP-EXE with a subject line of
Thanks for your registration and a file name of reg_text.zip and a D file
size of 184 Kb that I have not seen before.
John T
eServices For You
> ---
ber to be released Nov-15-2005 ?
>
> Yep...seeing them here as well.
>
> Darin.
>
>
> ----- Original Message -
> From: "John T (Lists)" <[EMAIL PROTECTED]>
> To:
> Sent: Monday, November 14, 2005 7:57 PM
> Subject: RE: [Declude.Virus] New S
gt; I just went through all of the reports. Here's a list of new
> > > filenames to
> > > ban:
> > >
> > > # Added 11/15/2005 to handle new Sober.R, S, T, U, V, W variants
> > > BANNAME email_photo.zip
> > > BANNAME excel_table.zip
> &
ions within zip files we should be ok right?
>
> Mark Reimer
> IT Project Manager
> American CareSource
> 800-370-5994 ext. 267
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of John T (Lists)
> Sent: Tuesday, November 1
I have been seeing a bunch of blocked zip-exe but I have been on the phone
with clients for the last hour and have not had a chance to review it.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Rick Davidson
> Sent: Monday,
If you have Pro version you should be always blocking using "BANZIPEXTS ON"
and "BANEZIPEXTS ON".
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Rick Davidson
> Sent: Monday, November 21, 2005 12:12 PM
> To: Declude.Virus@d
Looks like F-Prot is now catching it as SoberZ
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Rick Davidson
> Sent: Monday, November 21, 2005 12:12 PM
> To: Declude.Virus@declude.com
> Subject: Re: [Declude.Virus] New Viru
Well, those are files which of them selves are not executable, rather they
are files which require something else been do to use them.
I am not sure of the value of blocking those.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Beh
> #
> # BANZIPEXT will block files based on EXT within ZIP files. EXT as
declared with BANEXT
> # BANEZIPEXT will do the same for ecrypted ZIPs.
> #
> # BB 1-11-05
> # Added BANxZIPEXT directives, BANEZIPEXT not neccesary as we block ALL
EZIP files.
> BANZIPEXT on
> #BANEZIPEXT on
Try "BANZIPEXTS
To add to Darin's list, I also block PPS files.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Darin Cox
> Sent: Wednesday, November 23, 2005 7:00 AM
> To: Declude.Virus@declude.com
> Subject: Re: [Declude.Virus] Blocking
That would be nice. I wonder if it shows up in Debug mode.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of John Carter
> Sent: Thursday, November 24, 2005 8:34 AM
> To: Declude.Virus@declude.com
> Subject: Re: [Declude.Virus
P4 2 Ghz
1 GB memory
2 ATA 133 drives mirrored
3 SCSI 10K drives configured with 3 mirrored partitions
Windows 2000 Server fully patched
Imail 8.20 HF2
Declude 3.0.5.20
Declude JM Pro
Declude Virus Pro
Declude Hijack
F-Prot 32 bit
AVG
Kiwi Syslog
Volume of aprox 5K messages per day
Sniffer
SortM
BANNAME mailtext.zip
The ones I saw were bounces, but they may be made to look like bounces.
Only Norman and Avast found it on VirusTotal as a Sober variant, and NOD32
suspects it is a variant.
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe,
Interesting thought.
However, on my system, that would not work.
I am scanning for viruses first. I block executables within zips. So my
point of adding the BANNAME is so that the banned file notice that goes out
(until the AV scanners update their defs) does not just have the generic
banned fil
Well, I would say it is more like a restaurant but you can not get blow
fish, alcohol, cigarettes, 10 Lbs of greasy French fries, etc.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Markus Gufler
> Sent: Friday, November 2
FYI, any server hardware that is not being used I disable. Removes items
from equations when trying to solve problems.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of sbsi lists
> Sent: Friday, November 25, 2005 11:25 AM
> T
Title: Strange...
I do not think this is either an Imail
or Declude issue, rather a server security issue, or rather a comprise of
server security.
Sounds like you have some type of virus
or Trojan on that server.
John T
eServices For You
-Original Message-
From:
www.virustotal.com
This is a very small e-mail, the D file being only 11 kb.
Some of the small AV companies are reporting it as a Bagle variant and
F-Prot is reporting it as MitGlieder.GU although it is not catching it on
the server.
John T
eServices For You
> -Original Message-
> From:
Uh, keyboard virus?
;)
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Goran Jovanovic
> Sent: Thursday, December 15, 2005 7:53 AM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] Where to send exe's to check
Great news, not. Any one know if F-Prot or AVG or BitDefender is catching
this yet?
http://www.sophos.com/virusinfo/analyses/w32feebsa.html
John T
eServices For You
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing lis
Looks like another round of Bagle is starting?
John T
eServices For You
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Vi
What is sad is that the fix is very simple, as I have pointed out to Declude
exactly what the problem is. When the confirmation is received, Declude
Confirm is looking at the wrong location for the D or Q file. One of the
files gets properly renamed and moved, but the other does not.
John T
eServi
Is this what you are seeing?
http://www.sophos.com/virusinfo/analyses/w32feebsa.html
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of JT
> Sent: Thursday, January 05, 2006 6:44 AM
> To: declude.virus@declude.com
> Subject:
m
> Subject: RE: [Declude.Virus] Sober.X Variant
>
> What I am experiencing is that the server lets the virus go through the
> system. It scans and result is clean, the end user gets the email and
> their Symantec Enterprise snags it and tags it as [EMAIL PROTECTED]
>
> On Thu, 2006-01-05
RE: [Declude.Virus] Sober.X Variant
>
> John,
>
> What do I need to do to block banned extensions within zip files
>
> Thanks,
> JT
>
> On Thu, 2006-01-05 at 09:14 -0800, John T (Lists) wrote:
> > That means you are not blocking banned extensions wit
> >
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of JT
> > > Sent: Thursday, January 05, 2006 10:39 AM
> > > To: Declude.Virus@declude.com
> > > Subject: RE: [Declud
Title: Mail.zip from AOL Encrypted Messaging Service?
Well,
neither the HELO nor the IP received from looks to be anything from AOL.
I would say it is a virus.
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Just got this from Sophos:
http://www.sophos.com/virusinfo/analyses/trojbagledlbj.html
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Colbeck, Andrew
> Sent: Wednesday, January 25, 2006 10:14 AM
> To: Declude.Virus@declud
But if we are cycling the held viruses on a x day basis, (my cycle is 5
days,) why would that be needed?
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Markus Gufler
> Sent: Wednesday, January 25, 2006 2:37 PM
> To: Declud
As a work around until and if Declude adds the requested feature, you could
write a script to search the files on a timed based for a phrase (virus
name) and have it delete them.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf
Why
not catch it with less resources via banning hta files and BANZIPEXTS and
BANEZIPEXTS?
John T
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis
Alberto Arango
Sent: Wednesday,
January 2
I am using viruscode 8 and it is not blocking password protected zips. I
think like Markus said it is looking for a combination of a password
protected zip, and executable and the phrase he listed.
Markus, did that attachment have an executable within the zip file?
John T
eServices For You
"See
dated signatures.
>
> Markus
>
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
> > Sent: Tuesday, January 31, 2006 7:17 PM
> > To: Declude.Virus@declude.com
> > Subject: RE:
Matt, are you saying the attachment as
Declude would see it is B64, UU, UUE, MIM, MME, BHX and HQX? If that is so,
what harm would be in blocking those for now?
John T
eServices For You
"Seek, and ye shall
find!"
-Original Message-
From: [EMAIL PROTECTED]
[mailto
Actually, I am already blocking hqz and
uue so I went and added the others and will see what happens.
John T
eServices For You
"Seek, and ye shall
find!"
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (L
ther packing formats, but no luck so far (or rather, I've had the good
luck to receive so few copies in so few formats).
Andrew 8)
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
Sent: Tuesday, January 31, 2006
5:44 PM
To: Declude.Virus@declude.c
luck so far (or rather, I've had the good
luck to receive so few copies in so few formats).
Andrew 8)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of John T (Lists)
Sent: Tuesday,
January 31, 2006 5:44 PM
To: Declude.Virus@declude.com
Subject: RE: [
kmal.E/MyWife.d virus hit? If so have you
seen any negative effects from doing this. I'm thinking of blocking them as
well.
Mark
Reimer
IT Project Manager
American CareSource
214-596-2464
-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of John T (
Seeing HQX, BHX and UUEs being blocked this morning.
John T
eServices For You
"Seek, and ye shall find!"
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED]
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of John T (Lists)
> Sent: Saturday, February 25, 2006 9:04 AM
> To: Declude.Virus@declude.com
> Subject: [Declude.Virus] New Virus?
>
> Seeing HQX, BHX and UUEs being blocked this morning.
>
> John T
> eSer
No I have not tested lately. I have been
extremely busy this week. I will try on Saturday.
John T
eServices For You
"Seek, and ye shall
find!"
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Griffith
Sent: Friday, March
03,
I will see if I can muster the time to test later tonight, probably late
tonight.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of David Sullivan
> Sent: Wednesday, March 08, 2006 9:05 AM
> To: Dec
Declude.Virus]
Updates from Declude
Sounds good John, was just curious if you were still seeing
the issue also.
Thanks,
Grant Griffith
Web Application Developer
Enhanced Telecommunications Corp.
(812)932-1000
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of John T
You nor I nor Declude nor any one knows where that leads too. You can not
scan the destination for a url.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Nick Hayer
> Sent: Tuesday, April 11, 200
-
-Nick
John T (Lists) wrote:
You nor I nor Declude nor any one knows where that leads too. You can notscan the destination for a url. John TeServices For You "Seek, and ye shall find!"
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Beha
PPPOONNGGG!
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of David Barker
> Sent: Thursday, April 27, 2006 6:22 AM
> To: Declude.Virus@declud
Wow, a busy little bugger isn't it?
http://www.sophos.com/virusinfo/analyses/w32kidalaa.html
W32/Kidala-A is a mass-mailing worm and IRC backdoor Trojan for the Windows
platform.
W32/Kidala-A runs continuously in the background, providing a backdoor
server which allows a remote intruder to gain
Is the word document only named that?
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus
> Gufler
> Sent: Tuesday, June 27, 2006 11:32 AM
> To: declude.virus@declude.com
> Subject: [Declude.Viru
To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
>
> As I know yes but
>
> BANNAME my_notebook.doc
>
> wouldn't work for files within zip-archives.
>
> Markus
>
> > -Original Message-
> &
Back to the matter indicated in the subject line, how are others dealing
with this?
Is F-Prot and AVG and others catching this now?
Which AV scanners are indeed catching it?
Now for the bigger question: How do we combat this and future such versions
without outright blocking of the file extensio
Sure it is not some form or the Pebcak virus Andrew?
Sorry, couldn't resist. I needed the laugh.
;-)>
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Colbeck,
> Andrew
> Sent: Wednesday, June 28
Declude 4.2.12 for Imail 9.10 preview2 on Windows Server 2003
This is my new server currently being fully configured and tested before
going into production. I have one domain live on it right now, my personal
domain.
I have uu files blocked in the virus.cfg file, so the following log lines
stri
In other log lines Declude states it is an invalid/bogus pif file. That
might explain it.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
> Steiner
> Sent: Friday, July 14, 2006 2:43 PM
> To: d
t; ---- Original Message
> > From: "John T \(Lists\)" <[EMAIL PROTECTED]>
> > Sent: Friday, July 14, 2006 9:46 PM
> > To: declude.virus@declude.com
> > Subject: RE: [Declude.Virus] Declude error, not ClamAV error
> >
> > In other l
rom the command
line does
> it say anything about an attachment, nor do I see the
"Attachment=[Unknown: Err]"
> statement. That's why I believe it is something generated by Declude not
by ClamAV.
>
>
> Original Message
> > From: "John T \(Li
FYI
By banning potentially malicious extensions, including within zip files, I
caught an email with the FEEBS virus. Per VirusTotal, ClamAV, McCrappy, AVG,
F-Prot is not catching these.
John T
eServices For You
"Seek, and ye shall find!"
---
This E-mail came from the Declude.Virus mailing l
When a vulnerability is detected, it looks for vulnerability.eml only. When
a virus is detected, it uses any and all .eml files except for
vulnerability.eml.
So yes, you could do that.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: [EMAIL PROTECTED] [m
> not, does it work with SmarterMail?
>
>
> So it seems that most of the files are used by EVA, one by Junkmail and
one by
> Confirm. Does that mean that Junkmail and Confirm only use their one
specific .eml
> file and ignore all the others? If I create a randomly named .eml file
Matt, please keep us informed about this
bug. I thank you for your diligence.
John T
eServices For You
"Seek, and ye shall
find!"
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Monday, October 02, 2006
11:56 AM
To: de
Andrew, wouldn’t the second line
include the first meaning only the second line is needed?
John T
eServices For You
"Seek, and ye shall
find!"
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Colbeck, Andrew
Sent: Monday, October
> Also, how is FORGINGVIRUS different from SKIPIFVIRUSNAME? Do you need to
have
> both statements in the virus.cfg or is that redundant?
FORGINGVIRUS is in the virus.cfg file and it is to list those viruses that
forge the from address. Then, in your various eml files, you just need to
put in SKIP
October 27, 2006 5:07 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] AUTOFORGE
>
> I think you meant to say SKIPIFFORGING not SKIPIFFORGINGVIRUS.
>
>
> ---- Original Message
> > From: "John T \(Lists\)" <[EMAIL PROTECTED]>
RAR files should be treated the same as ZIP files, so unless something has
changed if you have BANZIPEXTS ON and have BANEXT EXE it should be banned.
John T
eServices For You
"Life is a succession of lessons which must be lived to be understood."
Ralph Waldo Emerson (1802-1882)
---
What happens if you restart the Queue Manager service?
John T
eServices For You
"Life is a succession of lessons which must be lived to be understood."
Ralph Waldo Emerson (1802-1882)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David
Do
Did you put it into the Declude.cfg file?
John T
eServices For You
"Life is a succession of lessons which must be lived to be understood."
Ralph Waldo Emerson (1802-1882)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wolf
Tombe
Sent: Sund
Search for all log lines for that message in both the junkmail and virus
logs to see if there is another error message preceding that.
John T
eServices For You
"Life is a succession of lessons which must be lived to be understood."
Ralph Waldo Emerson (1802-1882)
-Original Mess
Do not use "Digital email Signatures" when posting to a list.
John T
eServices For You
"Life is a succession of lessons which must be lived to be understood."
Ralph Waldo Emerson (1802-1882)
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [E
Using Imail rules, no! Imail rules are the last to run of all other items.
Exactly what are you intending to do?
John T
eServices For You
"Life is a succession of lessons which must be lived to be understood."
Ralph Waldo Emerson (1802-1882)
> -Original Message-
> From: [EMAIL PROTECT
lid
> email in over 2 years.
>
> BTW.. I responded to you off-list on my last subject a few days ago. After
> thinking about it, I didn't think the subject had much place on the
Declude
> list.
>
> - Original Message -
> From: "John T (Lists)" &l
With the extensions listed, any one know if the payload is only in the
executuables?
W32/Piggi-A is a mass-mailing worm for the Windows platform.
W32/Piggi-A spreads via email and may pretend:
- to offer a free gift
- that your myspace, anti-virus, tax, financial or personal details have
been ha
As Andrew pointed out, you did not read the fine print.
John T
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> Douglas Cohn
> Sent: Tuesday, March 13, 2007 8:50 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] F-Prot Version 6
>
>
Bill, I will be back on in a couple of hours if you are still around and
need help.
John T
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> Bill Green dfn Systems
> Sent: Thursday, March 22, 2007 6:15 PM
> To: declude.virus@declude.com
> Subject: Re:
Just got off the phone with Tech Support.
A file pcres.dll was not included in the original upgrade executable and if
that file is not in the \Imail directory the decludeproc service will not
start.
She had to send me the file separately and they will now be changing the
upgrade executable.
Joh
My bad, the file is not pcres.dll but pcre3.dll.
Darn keyboard virus. I wish Declude could fix that.
;-)>
John T
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> John T (lists)
> Sent: Monday, April 16, 2007 12:38 PM
>
1) 86 the read receipt requests!
2) You should be running 4.3.46 at this point due to a problem with a
recent change in AVG.
3) Is this happening on every email, or random?
4) Since you are only running one virus scanner (aside from the built
in AVG,) I do not think you need
Unfortunately, I am still up, at least for another 15 minutes or so. If you
want to zip and send me a log file I will have a look see.
John Tolmachoff
eServices For You
[EMAIL PROTECTED]
(626) 737-6003
Fax (626) 737-6004
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hir
> Until Declude resolves the issue with BANEXT EZIP, I've had to ban all
> rar files. Unfortunately some of my customers regularly send rar
> attachments, so I've had to check the virus hold directory on a regular
> basis and manually resubmit any false positives there.
>
> Gary
Instead of manua
Actually, that is the BANNotify.eml file that is used.
John T
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> John T (lists)
> Sent: Friday, April 27, 2007 12:39 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Viru
What version of Declude? I am using 4.3.47 and it is working.
What does the Virus log say?
John T
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy
Armbrecht
Sent: Monday, April 30, 2007 12:45 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] BanNotify email n
: declude.virus@declude.com
Subject: RE: [Declude.Virus] BanNotify email not being sent
I just upgraded to 4.3.46 and same thing - BANnotify is not being sent...
Randy A.
_
From: "John T \(lists\)" <[EMAIL PROTECTED]>
Sent: Monday, April 30, 2007 8:21 PM
To: declude.virus@declude
ow is
- why is this being picked up as a forging virus?
Randy A.
_
From: "John T \(lists\)" <[EMAIL PROTECTED]>
Sent: Wednesday, May 02, 2007 12:25 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] BanNotify email not being sent
Put your virus log into debug a
I wonder if the name of the file you are testing with is on the forging list
at Declude.
Try creating a text file and renaming it to something like john.bat and then
see what happens.
John T
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy
Armbrecht
Sent: Thursday, M
Windows Defender Beta ended I believe in December 2006. The version out now
is a fully released supported verison.
John T
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> Gary Steiner
> Sent: Tuesday, May 08, 2007 10:57 PM
> To: declude.virus@declud
Why not use vulnerability.eml?
SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability
ONLYSENDIFREMOTESENDER
From: [EMAIL PROTECTED]
To: %ALLRECIPS%
Subject: We blocked a suspected malicious email sent to you!
Delivery blocked: %LOCALRECIPS%
The mail server for %LOCALHOST% scans each e-m
I do not ban EZIP outright, but instead I ban EZIPEXTS.
John T
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno
Bloksma
Sent: Thursday, June 28, 2007 5:30 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] banning EZIP but
Hi,
Just ran into a problem t
David, the log snipped posted is of the Declude Virus log, meaning it passed
Junkmail and was scanned.
John T
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David
Barker
Sent: Monday, July 30, 2007 9:24 AM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] exe in zip
I had a client receive an email with a PPS attachment this morning. PPS
files are banned. Looking at the Virus log for the message there are warning
lines about EOF encountered. I am assuming this means End Of File.
Is there a way to catch these?
09/19/2007 09:07:07.231 q492300cc5430.sm
99 matches
Mail list logo
