see above, that's what I figured. But what's the NAME?
It was about 2-3 weeks since I saw this, so I do not remember it off hand. I
know it is a Trojan. I will see if I can find it later on.
John Tolmachoff
MCSE, CSSA
Owner, Network Engineer/Consultant
eServices For You
City of Industry, CA
Thanks Frederick.
John Tolmachoff
MCSE, CSSA
Owner, Network Engineer/Consultant
eServices For You
City of Industry, CA
www.eservicesforyou.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
Do you have Auditing setup? Check the security log.
I would seriously consider the box has been compromised some how.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL
Has anyone else noticed the Sobig.C virus routing through backup email
servers and not straight to the primary one. I have noticed that ever
other
virus that declude catches goes straight to our primary mailserver but in
every case, the sobig.c virus always hits our backup mail server first,
Last week, I was getting a lot messages being caught with banned extension
that appeared to otherwise be Bugbear.B. Upon Scott's recommendation, I
submitted them to F-Prot.
I received a response from F-Prot this morning, and they were indeed
Bugbear.B, but do to long file names, F-Prot DOS could
Oh great.. so F-Prot for DOS is trash then right?
Without actually saying so, that is basically what they said. I should ask
for a free upgrade.
Just kidding. My renewal is up in July, so I will change to Windows version
in the next day or two. One more task to add to my busy schedule.
John
Robert, I have noticed the same thing, but in my case they were caught by
banned extension. I did submit to F-Prot and here is the reply I got earlier
in the week, which was then discussed on this list:
F-Prot Antivirus detects
What would make our Imail server stop delivering mail running
with Declude? What do I look for? About an hour and a half
ago everyone quit receiving mail. We sent to ourselves and
it never came. Mail sent from others to us never came. I
ran regedit and replaced declude.exe with
Did you upgrade Imail?
Did you change any tests?
Did you change DNS servers?
Did you change ISP?
Did your ISP change DNS servers?
Did you change hardware?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL
We have a negative list that we add these type of emails. Our list is
called NegativeEmailList. We subtract 100 points from each of these
emails.
I would not Whitelist them because at times you will get spam with faked
addresses from these places. A negative list is much more desirable.
Below is the header
it does say:
Received: from Diaby [216.226.209.71] by cefib.com
(SMTPD32-7.15) id AC0967A0288; Fri, 27 Jun 2003 18:25:13 +
Doesn't this mean this is NOT an imail/webmessaging mail ?
so why was it not scanned by declude ? no declude virus or junkmail
headers
if a file has a banned extension and a virus
will it trigger the banned extension email or the recep, ... virus email?
is a banned extension first scanned for viruses ?
Virus scan first, if clean, checks for banned extension.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
Actually, looks like some one put this back into the spool directory. Notice
what time Imail SMTP is processing it and what time Declude scanned it:
20030627 182647 127.0.0.1 SMTPD (067A0288) [216.226.209.71] RCPT
TO:[EMAIL PROTECTED]
20030627 182658 127.0.0.1 SMTPD (067A0288)
Does anyone know what the information means that this program outputs ? It
says
at this time I have over 700 emails being received and over 800 orphaned
emails !
Those are most likely D files without a related Q file. That can happen for
different reasons, such as loops where Imail will finally
Since upgrading to F-Prot 3.14 windows (without real-time) I've now seen
web messaging lock up twice and I get a SMTP error on the IMail
server. The error message (didn't write it down) is a pop-up window on
the
server. I'm running Declude Virus v1.70 also.
Chris, you know we need the error
I'm not clear on alert messages, and I'm not sure we even want to do them.
BUT
Can we send just one alert message when an email passes a certain weight
and
list all the tests that message failed? That is, listing all of the
failures
in one message?
Is this a Declude JunkMail question?
Now that the first virus has come out in a zip file, the question arises on
how to protect against this during the time that the virus first appears and
when the AV companies come out with updated definitions and when we get
those definitions.
While it is true that the user first has to open and
I guess I should have clarified. SoBig.E is in a executable file that is
within a zipped file, your_details.zip. The virus was sending itself out
this way. Therefore, it was not caught by banned extension until the virus
definitions were updated.
The reason it came up was that one of my clients
Just sent you one before I saw the posts on the list.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, August 01, 2003
I just received 4 of them.
The html file inside looks very suspious.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Pereira
Sent:
The ones I got came from 204.73.176.250
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock
Sent: Friday, August
01, 2003 10:20
-6027 - [EMAIL PROTECTED]
**
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff
(Lists)
Sent: Friday, August 01, 2003 10:58 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus
You will get a better response to your question by asking on the junkmail
list.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Hirthe, Alexander
I have to agree with the others. One just came through about 2 hours ago and
using the latest def files from this morning.
I am extremely disappointed with f-prot.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL
If you have a APC UPS, you can add a monitoring card to it.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Dan Star
Sent: Thursday, August 07,
I assume its advisable to remove the BANNAME in the virus.cfg file now,
eh?
Yes. Although it's nice to have an extra layer of protection, it's quite
possible that someone will intentionally send a file m e s s a g e . z I p
in the future.
First, kudos to Scott for adding this ability.
Here is the response I received from them this morning:
The Mimail.A worm started spreading this weekend and has already gained wide
distribution. W32/[EMAIL PROTECTED] spreads by infected attachments to e-mail
messages disguised as being from the recipient's local administrator.
W32/[EMAIL
I use Symantec (Norton) Corporate 8.1.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Danny Klopfer
Sent: Thursday, August 14, 2003 11:43 AM
To:
64 bit version has a different build number. I am not sure what it is off
hand.
Unless you are dealing with a serious gamer or programmer, I do not think
they would have spent the money of the 64 bit version.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
Scott, on this particular one, I have also seen 2 caught. Should we initiate
a dialog with Paypal so that they fix their problem?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
I have the following in my vulnerability.eml file:
SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability
ONLYSENDIFREMOTESENDER
SKIPIFRECIP [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: %ALLRECIPS%,[EMAIL PROTECTED]
Subject: We blocked an e-mail sent to you!
The notice is still being sent to [EMAIL
Is there just one space or tab in there? Have you double-checked to make
sure that the E-mail address is correct (no typos)?
Hanging Head in Shame
2 Tabs.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
---
[This E-mail was scanned for viruses by
this from one server and scan other servers across the network?
I'm assuming if you have a 10 user pack you could install on 1 computer
and
scan 9 others?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff
(Lists)
Sent: Thursday, August 14
Big Hugh risk.
If it is being caught by banned extension, the AV scanner is not catching
it.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of
Will the admin for this domain contact me off list ASAP.
Your notification configuration needs adjusting.
You are sending notices to forged addresses.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
---
[This E-mail was scanned for viruses by Declude
While everyone was reporting catching them starting yesterday morning, I did
not see the first one until mid afternoon. Go figure.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
True Fritz, his reply was to general and broad.
Scott explained it best.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Fritz Squib
Sent:
Tolmachoff (Lists)
Sent: Thursday, August 21, 2003 2:51 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Fw: Your mail server sent us a virus
Why is it there are mail admins out there running Imail and
Declude that are
continuing to send out virus notices to forged addresses?
I
And the reason being is that many if not most mail server are not configured
to accept messages to the IP address. Also, in the case of Sobig, that would
not work anyway, as the IP address is of the workstation infected, which
could be anywhere.
John Tolmachoff MCSE CSSA
Engineer/Consultant
According to this NBC news report, it will occur every Friday and Sunday.
http://www.nbc4.tv/technology/2426381/detail.html?treets=latml=la_natlbreak
ts=Ttmi=la_natlbreak_15913_01270008222003
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
Any one seeing hearing of any happenings on this?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
What is sick is their scanner loaded on Dell computers is NOT picking up
Sobig.F either.
I just ran a complete scan on a client computer with the installed McAfee,
and it came back clean. This was using their online scanner as installed on
computers. Sick.
I wonder how many home users out there
Ok, this calls for a white hat virus creator.
A virus that will infect all these unpatched computers, and the only thing
it does is create a big bold red popup every 15 minutes that says Patch your
computer, you dummy.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
disclosure
under
applicable law.
Any dissemination, use, or copying of this message is strictly prohibited
without the written permission from the sender and/or Awebhosting, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists
This has been answered, what, maybe 5
times in the last week?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rick O'Connor
Sent: Tuesday,
Sobig ALLWAYS forges the sender, so this
is a mute point.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of John Carter
Sent: Thursday,
August
That would be the spool\virus directory, correct?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, August 29, 2003
Personally, I have 2 months experience with my new ISP company and
Declude.
Not everyone is as smart as you.
Maybe you should leave the List and start your own discussion group.
Excuse you, but unless you have been hiding under a rock, the fact the Sobig
forges the sender has been discussed
Some of us out here are not command line savvy. I am one.
Thanks to Scott's posting of creating a file to find the from address of
virus infected files, I have created a batch to run scheduled. Amazingly, it
works.
For those like me, here is the batch file for others to use. Please remember
to
Question, what do others do to block repeat offenders who send SPAM with
vulnerabilities?
I know to add the from IP address to the SMTP control access file, but I
guess my question is more of do we see the same IP addresses?
Would it be a good idea to share the IP addresses of the repeat
Now we have to worry about viruses in picture files?
http://www.eweek.com/article2/0%2C4149%2C1247120%2C00.asp?kc=EWMS102049TX1K0
100487
http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
Thanks Kami.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Kami Razvan
Sent: Saturday, September 06, 2003 1:12 PM
To: [EMAIL PROTECTED]
What really gets me on these bugs, is that you're supposed to disable
System
Restore in ME/XP You would think that compressed backup data would be
immune to this sort of thing. What's the point of having sys restore if
everytime you MAY have a virus you need to wipe ALL the restore data?
Right, I got that, but if you have 3 months of CLEAN restore points, you
only just got infected today, for example, you shouldn't have to trash
every
restore point, only today's, or even yesterday's, or even a month back.
for
that matter.. If that's the only way, why have restore points at
Are you using the DOS version or Windows version of F-Prot?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Mailing Lists
Sent: Monday, September
and
Declude
Junkmail and Declude Junkmail
Windows version,
Peter
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, September 08, 2003 3:26 PM
Subject: RE: [Declude.Virus] Blue Screen on Imail with Declude Virus and
Declude
Which keyword do I need to add to the *.eml file to see which attachment
(filename) was stopped? I have not been able to find an appropriate
keyword
but I might have missed it.
You can use %VIRUSFILE% for that. Note that %VIRUSFILE% only works when a
virus is detected (not for banned file
Curiosity got to me, so I checked.
LOL
All from one IP.
Header says: (with spaces added)
Subject: Re: A p p r o v e d
Date: Sun, 24 Aug 2003 20:20:14 +0530
X-M a I l S c a n n e r : F o u n d t o b e c l e a n
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.
He's got the date on his computer wrong.
Declude-Users please create a new eml-file to send out a warning like:
==
SKIPIFVIRUSNAMEDOESNOTHAVE Sobig
Your computer's date is set wrong and you're infected with Sobig.
Please set the correct date or
That is not Sophos, that is Declude finding them.
What does the virus log say? You might need to put it in Debug mode.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL
Which exact version please?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Mailing Lists
Sent: Wednesday, September 17, 2003 7:37 AM
To: [EMAIL
I have seen a couple of those.
If you look at the body, the attachment is not actually there, although the
mime header for it is.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
I believe this is a JunkMail question. :))
Kidding aside, I think the ANYWHERE is only good in the filter files.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL
Are you sure it has an actual exe attachment?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Markus Gufler
Sent: Monday, September 22, 2003 12:18
First, I hope you are dealing with what ever situation that put the messages
into the hold folders in the first place.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL
In the appropriate .eml files, add a line:
SKIPIFRECIP @domaintoskip.com
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL
It shows that I'm running 1.76i1 but still I've found today messages on
hold with suspicious double extension attachments like .xls.pif. Also
pif is in my list of banned extensions.
I would do a test.
Put both Virus and Hijack logs into DEBUG mode and then send an attachement
to yourself.
I'm still using the default Hijack hold levels, they seem OK for our
case. Since I started using it (5 days ago) I've seen 3-5 hold cases,
usually from users sending chain letters, missioner's pray letters,
e-mails to group of friends, relatives, etc. I'm whitelisting those that
have a real
First thing to do is go to a command prompt and change to the Imail
directory and type in without the quotes:
declude -diag
and see if there are any errors noted.
Also check to see if there are any declude.gp(number) files in the C:\
drive.
John Tolmachoff MCSE CSSA
Engineer/Consultant
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Thursday, October 02, 2003 1:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] MS Security Patch Emails
Chad, exe is the absolute first extension that should be banned.
In the three years I
Hello all.
In an attempt to help everyone with issues than have been reported lately, I
have put together a survey that I would like everyone to take.
I will then post the results here as well as send them to Ipswitch for
review.
I know we are all busy, but if I can take the hour it took to
Recently a problem has developed where the SPOOL folder is accumulating
huge (tens of thousands) of SMD files. These files build up very
quickly. What is more worrisome is that some mail isn't being delivered.
No bounce, undeliverable, or any other message from postmaster either. I
have
Are you using Imail AntiSpam DNS tests?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of ISPhuset Nordic AS
Sent: Tuesday, October 14, 2003 1:29 PM
-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
Sent: 15. oktober 2003 07:01
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Huge problems with new server
Are you using Imail AntiSpam DNS tests?
John Tolmachoff MCSE CSSA
Have you done a complete virus scan?
If it is a virus, by far not all virus are e-mail borne.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Link Brokers Support
Sent:
http://filext.com/detaillist.php?extdetail=mprSubmit2=Go%21
FoxPro
http://filext.com/detaillist.php?extdetail=qinSubmit2=Go%21
Unknown
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On
Not sure if Scott is still around, so if you want, do the following:
Go to command prompt:
Change to the Imail directory.
Type exactly without the quotes, Declude -daig c:\declude.txt
Send that file along with your virus.cfg file zipped to Scott, the list or
me if you like, and it will be
Also, add VIRUSCODE 8 to the virus.cfg file please.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Web Administrator
Sent: Tuesday, October 28, 2003 5:24 PM
To: [EMAIL
, October 28, 2003 6:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] containing the Unknown Virus
My apologies, I copied the wrong file. The correct file is attached.
Regards,
CM
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Tuesday, October 28, 2003 10:36 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] containing the Unknown Virus
Please put the log into debug mode, run some through, then zip the log and
send please.
John
10/28/2003 23:30:36 Q5532251336c 1 [1 of 2 not deleted] files were deleted.
Use ONACCESS ON if you use an external (on access) virus scanner.
10/28/2003 23:30:36 Q553232c3244 1 [1 of 2 not deleted] files were deleted.
Use ONACCESS ON if you use an external (on access) virus scanner.
10/28/2003
Read the manual at www.declude.com\virus\manual.htm.
Did you notice the [1/3] after the file
name?
That means the sender has his e-mail
client set to take on message and break it up into smaller ones. Very bad. Lets
viruses hide there.
John Tolmachoff
Engineer/Consultant/Owner
Correct.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Keith Johnson
Sent: Wednesday, October 29, 2003 6:40 PM
To: [EMAIL PROTECTED]
Subject: FW: [Declude.Virus]
F-Prot is not yet catching. Symantec states will be in today's virus defs
available for download in a couple of hours.
I have added BANNAME photos.zip to the virus.cfg file.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus
Scott, when using BANNAME, the resulting banned file notice does not show
the name of the file.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday,
The extension does not even show.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, October 31, 2003 11:05 AM
To: [EMAIL PROTECTED]
Subject: RE:
I consult on a server that has Imail 8.03 on Windows 2003. There are some
issues.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Todd Holt
Sent: Friday, October 31, 2003
-
[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
Sent: Friday, October 31, 2003 12:41 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Declude and win 2003 server
I consult on a server that has Imail 8.03 on Windows 2003. There are
some
issues.
John Tolmachoff
Engineer
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Friday, October 31, 2003 4:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Declude and win 2003 server
The issues I have seen are related to DNS. Really bad is if you have MS
DNS
99 times out of 100, the message infected with a virus is not legit,
therefore there is no reason to clean and deliver.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Burzin
It would be nice to be able to specify which should run first Declude
Virus
or Declude JunkMail. Now that we have both products I get a lot more
notifications for possible viruses because Virus gets executed before
JunkMail and many of these e-mails were previously auto-deleted because of
It is already there. Check the manual at
www.declude.com/virus/manual.htm.
I'm either missing what you are referring to or it isn't there, or I am
wrong on what the current order of execution is. Could you be more
specific
as to which option you are speaking of?
Sorry, my bad. It is
Please explain what the purpose would be and exactly what you mean by that
variable?
If you mean the PTR record of the RemoteIP, that will serve no use, as most
viruses come directly from users computers, which either will have no PTR or
a generic ISP PTR, something line
that will serve no use, as most viruses come directly from users
computers, which either will have no PTR or
a generic ISP PTR, something line 1.1.168.192.adsl-
customer.mybig.isp.com.
That may be true in some cases.
It is more that some cases. I would have to say most cases.
but in my
In any case - it's much easier for an end user to see the Reverse DNS
domain
name than to see an IP address and then have to try to figure out who that
IP address is associated with so that they can send an email to the abuse
department (in the occasional case, that someone is bombarded by an
Nevermind Major brainfart on my end. We are running another remote
server. I don't manage it, yet I still receive notifications from it.
S'OK. Must have a least one of those per week or even day to relieve the
pressure. :))
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
Is this MS SQL 2000 or SQL 7.0?
Have you configured memory usage in SQL?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of ISPhuset Nordic AS
Sent: Sunday, January 04, 2004
I understand.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, January 15, 2004 8:05 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus]
What is the age of those Q files?
If you go into the Imail Admin, local host, View Queue, how many times does
it show that delivery has been attempted?
Is there any pattern to those?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL
Checking for Spyware would be the responsibility of a desktop application,
not at the e-mail server level. Most Spyware is installed as the result of
user internet browser use.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
1 - 100 of 312 matches
Mail list logo
