RE: [Declude.Virus] Sobig- The Morning After

2003-08-23 Thread Pete McNeil
At 11:45 AM 8/23/2003 -0500, you wrote: THIS IS AN INCREDIBLE GROUP ! DECLUDE IS AN INCREDIBLE PRODUCT !!! KUDUS to you Scott. Grateful THANKS to all the members who contributed yesterday ! Agreed! My users were protected even before receiving the updated DAT's due to banning the

RE: [Declude.Virus] Something interesting..

2003-11-07 Thread Pete McNeil
Wdialupd / Porndial - Probably a variant. _M |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Jeff |Maze - Hostmaster |Sent: Friday, November 07, 2003 2:47 PM |To: [EMAIL PROTECTED] |Subject: RE:

Re: [Declude.Virus] How do we block the next Bagle?

2004-03-19 Thread Pete McNeil
The Malware rule group (55) is designated for this. There is currently a heuristic in there for any attempt to use the object vulnerability with a numbered link - that is, a highly generalized form of the pattern used in Bagle.Q. It is possible to renumber any rule or rules upon request, but I

Re: [Declude.Virus] How do we block the next Bagle?

2004-03-19 Thread Pete McNeil
To clarify, group 62 is experimental. Malware is in group 55. _M At 05:20 PM 3/19/2004, you wrote: I'm a big fan of deeper categorization. I believe these are listed in the Experimental category presently, but due to some of the patterns in that rule base, I actually score it lower than the

[Declude.Virus] Watch out for this...

2004-04-23 Thread Pete McNeil
I just got this thing - it looks like big trouble. Don't follow the link. (I broke it up with spaces) Just got this from CNN Osama Bin Laden has just been captured! A video and some pictures have been released. Goto the link below for pictures, I will update the page with the video as soon as I

Re[2]: [Declude.Virus] Bitdefender claims terror ties to virus

2004-07-22 Thread Pete McNeil
On Thursday, July 22, 2004, 12:04:19 PM, Markus wrote: Right now there IS a vast network of zombies being used to send spam. If the virus writers sell or give access to spammers, they could be giving access to anyone and these compromised computers could be used just as easily to launch

Re[2]: [Declude.Virus] Feature request

2004-07-27 Thread Pete McNeil
On Tuesday, July 27, 2004, 4:38:49 PM, Dan wrote: What about BNAZIPn where n is some number of levels or greater. That is BANZIP3 instead of BANZIPZIPZIP, and in case someone wants to allow 3 levels of depth (if it comes to that) BANZIP4... _M DG I would like to request BANZIPINZIPINZIP. DG

Re[2]: [Declude.Virus] OT: Hello?

2004-07-29 Thread Pete McNeil
On Thursday, July 29, 2004, 1:36:45 PM, Marc wrote: MC Hi Sharyn. MC   MC I haven't seen anything today either, maybe everyone in the MC north-east is out looking at that strange yellow object in the sky MC (the sun) and trying to dry out. That's not the sun. It's a hologram projected overhead

Re[2]: [Declude.Virus] Stop When a scanner finds a virus

2004-08-02 Thread Pete McNeil
I agree with the sudden death scenario. With Virus scanners it would be helpful to stop after the first found virus. If the first scanner is significantly more efficient than the others (such as FProt) then the savings would be amplified quite a bit. Since virus scanners are almost always dumb

Re: [Declude.Virus] anybody still here?

2004-08-04 Thread Pete McNeil
S. You'll frighten them and they will swim to the other end of the tank. %^b On Wednesday, August 4, 2004, 9:59:18 AM, Bruce wrote: BL I have not seen anything since Monday am? Is it just this slow? BL Bruce BL --- BL [This E-mail was scanned for viruses by Declude Virus

Re: [Declude.Virus] Opteron Server spec??

2004-10-15 Thread Pete McNeil
On Friday, October 15, 2004, 11:31:38 PM, Greg wrote: GH I am running a dual 2.4HT 533 xeon with 1gig 2100 and 73 gig GH 10k sata drives. We process about 200k messages a day and I am GH starting to get complaints about slow delivery. As well we are GH running around 85% to 100% CPU util across

Re[2]: [Declude.Virus] Windows Update!

2005-04-11 Thread Pete McNeil
Note, I found and filtered a few of these today that used ordinary links rather than numbered ones. I'm guessing the variants are already out. _M On Monday, April 11, 2005, 6:01:24 PM, Greg wrote: GL Here's some background info on this pest (from another list). GL Greg Little GL

Re[2]: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG

2008-06-23 Thread Pete McNeil
On Monday, June 23, 2008, 2:16:47 PM, Kevin wrote: I have complained about this for a while now. This process of fix the configuration the place in the proc folder only works if you are constantly pouring through your hold folders. We do not do that. We send an email to our users with

Re: [Declude.Virus] How to disable CommTouch Zerohour (for testing)

2010-03-19 Thread Pete McNeil
On 3/19/2010 11:26 AM, Andy Schmidt wrote: Thanks - downloaded and installed. I'll have to take a look at the integrated Sniffer. I got pulled away and never got back to it. I'll have to take a good luck at the rulebase update - on first glace it seems as if your script is leaving out the

Re: [Declude.Virus] Integrated Sniffer

2010-03-19 Thread Pete McNeil
On 3/19/2010 1:46 PM, Andy Schmidt wrote: Hi Pete: Thanks for jumping in. 1. The SNF engine performs the SNF2CHECK task before it accepts a new rulebase I'm a little confused - the script replaces the rulebase - without checking. So what happens if the rulebase is bad. By the time the engine

Re: [Declude.Virus] Integrated Sniffer

2010-03-19 Thread Pete McNeil
On 3/19/2010 2:48 PM, Andy Schmidt wrote: Thanks If the rulebase does not properly authenticate in the SNF engine then the reload is rejected. Once the guard time expires the update script will be run again (by default after 3 minutes). Which also means, if the corrupt rulebase

Re: [Declude.Virus] Commtouch/Temp files going back to last year?

2010-03-19 Thread Pete McNeil
On 3/19/2010 5:52 PM, Andy Schmidt wrote: Hi, No I have a little cscript I wrote that iterates through subdirectories and takes parameters like /lastweek /lastmonth etc. If you're looking for something ready-made and don't need anything extra I used to have good luck