D]
To: %MAILFROM%
BCC: [EMAIL PROTECTED]
Subject: Mail not delivered to to banned filename
Delivery Failed: %ALLRECIPS%
The mail server for %LOCALHOST% does not accept E-mail with attachments that contain
the %BANEXT% extension.
Original message follows:
%HEADERS%
Scott Fisher
Director of IT
Farm Pro
.
P.S. The web page to send the test viruses is a phenomenal idea. I used it many a time
while configuring my system.
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail scanned for viruses by Farm Progress Companies using Declude Virus]
---
[This E-mail was scanned for
safe again.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 03/02/04 01:58PM >>>
FYI, we now have a new interim release 1.78i7 (at
http://www.declude.com/interim ) that will allow you to ban file extensions
within .ZIP files.
To do this, you
n the encrypted files for viruses this remains a risk.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 03/03/04 08:08AM >>>
FYI, there is a new virus that came out yesterday, Bagle.J. It spreads in
an encrypted .ZIP File. While an AV program can detec
I had to purchase the server version of AVG to run on Win2K server. It was $75 for a
two year subscription. So the price is pretty reasonable.
Didn't install the online scanner.
Couldn't get a batch file to update it very well. The scheduler seems to work well
enough for hourly updat
me because this command line scanner I could have used with Declude and Winzip.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 03/05/04 08:40AM >>>
Hi;
I read several postings regarding how to combat the Zip fiasco..
I recently sent an email to Wi
to be faster and better.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 03/04/04 07:09PM >>>
I should have read the previous message closer, so point the finger at
me for jumping the gun totally. The 32-bit version of avgscan.exe does
in fact no
Run 1.78i8 or higher.
Use BANEXT EZIP to ban encrypted zips
or
Use (pro only) BANEZIPEXTS ON to ban the extensions listed with BANEXT lines in
encrypted zip files.
You may also want to BANZIPEXTS ON to ban executables in normal zip files.
My F-Prot or AVG did not catch the Bagle.J that comes in
I see WinZip now has it's own MIME vulnerability.
http://www.winzip.com/fmwz90.htm
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail scanned for viruses by Farm Progress Companies using Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus
I'm testing Mcafee also.
I've also seen it pickup the W32/Bagle.gen!pwdrar in rar files.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 03/16/04 03:48PM >>>
I'm running F-Prot, McAfee, and AVG. Only McAfee is picking this up. Has
Perhaps Pete from Sniffer could assign a new Message Sniffer Result Code just for
these heuristics.
We could then assign a hold based on this specific result code.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 03/19/04 03:42PM >>>
Heuristics!
Thi
were to
stop because of an alpha/beta, I'd then be forced to go back to a previous release.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 03/19/04 04:21PM >>>
Hi Scott, and thanks for the reply. This leads to another issue: we haven't
u
done.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 03/22/04 10:03AM >>>
>178i28. I did catch one Object Data on 3/18.
Would it be possible to E-mail the D*.SMD file to the declude.com
virustrap@ address?
I log all the attachments that come into my system in my Declude database.
I searched the database for "deleted", "virus" and such then all "txt" attachments.
These came up.
So yes these are real attachments.
Scott Fisher
Director of IT
Farm Progress Companies
>
banning by size, a maximum file size could be a useful
tool also. When I was a McAfee WebShield user, there was this option.
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
g notifications in response to these
files. I tried SKIPIFVIRUSNAMEHAS DELETED0.TXT, but that didn't work. The problem of
course is that these files aren't in fact infected, and don't get trapped by the virus
scanner.
Is there any way to turn this off for a BANNAME?
Scott Fishe
I've noticed that Virusscan does a better job of catching viruses in the .ezip than
F-Prot.
In my smaller world here, there will be 2-5 times a day .ezip viruses a day that
VirusScan catches that F-Prot does not.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PR
SPAM] RE:
X-Mailer: Microsoft Outlook
Mime-Version: 1.0
Content-Type: text/html; charset=us-ascii
Message-Id: <[EMAIL PROTECTED]>
Declude JunkMail for spam.
X-Note: Reverse DNS lea.webgate.bg .
X-Country-Chain: BULGARIA->destination
Date: Tue, 11 May 2004 10:04:19 -0500
Scott Fisher
Director o
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WALLON.A
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 05/11/04 03:23PM >>>
Hello
Our Mail server recevied a mass mailing earlier today.
The email is address to [EMAIL PROTECTED]
I've found Declude Junkmail to be almost an addiction.
Is there a 12 step program available?
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 05/11/04 04:42PM >>>
Take note that there was a virus payload at the link as Greg pointed
out, but it a
dd
testfailed to look for each individual filters and then combo testfailed on those.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 05/06/04 09:10AM >>>
Help me out please.
Why are we looking for the beginning of an IP address? Also my
understand
If you are paranoid, choose a client side filter that you are not using to scan your
e-mail. This would give you an added layer of protection. I believe Symantec has
Symantec Anti-Virus Corporate Edition that does not include a SMTP scanning gateway,
thus significantly lowering the cost.
Scott
Could be something new going on:
I've just blocked my first CPL file at 12:15 today.
.CPL is a Windows Control Pane lapplet extension.
This was undected by F-Prot, McAfee and AVG.
It has the ever-suspicious name of details.cpl
Scott Fisher
Director of IT
Farm Progress Companies
---
[T
It looks like some new virus may be trying to use the RAR files again.
I blocked 4 .RAR files from China last night.
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
I've noticed the newsgroup at mail-archive.com hasn't been updated since last Friday.
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
u
New variant? Update the virus scanners and try again.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 04/29/04 08:20AM >>>
From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]>
>CPL files should be banned no matter what.
John, I am
I've blocked 4 "Deleted Attachment.txt" and one "Quarantined Attachment.txt"
I've seen nothing starting with Norton Antivirus here.
You wouldn't have
BANNAME Norton AntiVirus deleted0.txt in instead of deleted1.txt?
Scott Fisher
Director of IT
Farm Progress
That's good, something for Scott's plate when he comes back.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 05/21/04 03:34PM >>>
For sure!
I tried now with different files and found why certain files ar not blocked
with BANNAME.
At the
I would add Mailpure's ANTI-AV filter to elinate these bounces.
I've also seen that F-Prot does a slightly better job of catching the corrupted
variants than Mcafee.
<<< [EMAIL PROTECTED] 6/12 4:22p >>>
Beginning using the banned extension option with Declude (see virus.cfg).
Then any attachme
Just an idea.
That error code 1073741819 is associated with other applications crashing and the
sasser worm.
Does the error message go away if you restart your computer?
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 06/21/04 09:45AM >>>
I ha
The 1073741819 error message is sometimes related to the Sasser worm with other
products...
I can't say this is F-Prot's problem, but if you were to restart and the problem went
away, it might have been the Sasser worm.
Scott Fisher
Director of IT
Farm Progress Companies
>>&g
Yesterday McAfee really outshined F-Prot and AVG.
574 viruses found by Mcafee (11 exploit object trojan)
453 by AVG and
380 by F-Prot
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 07/19/04 11:32PM >>>
Just to expand upon a thread on the JunkMail
that you ban. If you don't need exe
and such coming in, this is a good switch to help stop viruses from coming in in .zip
files in that windows between a virus release and the update to the definitions that
can catch it.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [E
allow them. This would effectively block the hole.
That's not nonsense, it's common sense.
Using your logic,
AV programs have properly handled .EXE files for years. Why should there be a Declude
option to block them?
Scott Fisher
Director of IT
Farm Progress Companies
>>>
s and weights. Run it and it should create a filter file. Schedule it
to run periodically to stay current.
Add a line for the filter file into your global.cfg:
BODY-SCSURBLfilter D:\IMail\Declude\SURBL\surbl.txt
x 0 0
Scott Fisher
Director of IT
-Worm/Bagle.AP Attachment=fotos.zip [25] O
(NAI) Scanner 3: Virus= the Exploit-CodeBase.gen trojan !!! Attachment=fotos.zip [25] O
In this case, I'm sending out bogus notifications, and I'm wondering if I should
through Newstuff.06 in as a FORGINGVIRUS line in my virus.cfg.
Scott Fisher
D
ECTED]
[outgoing from 203.200.31.7]
09/05/2004 11:08:02 Q39d809bf029cc654 Subject: submissions end september 28th - Sun,
05 Sep 2004 14:05:50 -0200
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 09/07/04 04:26PM >>>
Hi,
I am seeing my McAfee scanner
An explanation of why some needed the switch and
others may not have:
From: http://vil.nai.com/vil/content/v_128461.htm
The 4395 DAT files no longer require that McAfee anti-virus products are
configured to scan with program heuristics enabled to detect this
threat.
My personal scores from best to worst:
Clamav (been only a week, but it hasn't missed one) and free (Also catches
some phish with prescan off)
Mcafee Virusscan (beats F-prot on encyrpted zips) pretty resonably priced if
you can secure DOS command line only license. (Also catches some phish with
p
version of ClamAV you
are using? When I installed it I couldn't figure out if it was in and
Declude kept throwing me an error. What is your Declude config line ?
Thanks -
Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent:
L PROTECTED]>
> >Sent: Thursday, October 07, 2004 4:16 PM
> >Subject: RE: [Declude.Virus] Recommended Scanner
> >
> >
> >I couldn't get Clamav to run on mine. May I ask what version of ClamAV
you
> >are using? When I installed it I couldn't figure out
nt: Thursday, October 07, 2004 4:16 PM
> >Subject: RE: [Declude.Virus] Recommended Scanner
> >
> >
> >I couldn't get Clamav to run on mine. May I ask what version of ClamAV
you
> >are using? When I installed it I couldn't figure out if it was in and
> &g
FYI:
Came in this morning to find about 30 false
positives from Clam-AV.
They were all were all on the detection of
Exploit.JPEG.Comment.1
They started about 9:45 yesterday morning and were
continuing through 8:25 this morning when I turned off Clam-AV.
I see this update was posted th
Also make sure your F-prot is current and your command line switches have
been updated to work with the more current version. About 2 or so months ago
a command line switch was changed regarding scanning zip files.
you could add a BANNAME RAPIDSYS.COM.ZIP line in the virus.cfg. Odds are you
won't
It's Friday afternoon and I've cleared out my 1000
messages from the Imail Forum, so I can't resist...
Isn't Declude for Exchange part of the
soon-to-be-announced Declude Collaboration Suite (DCS)? ;) or is it :(
?
- Original Message -
From:
Jim Matuska
To: [EMAIL PRO
Looking at today and yesterday's logs, F-Prot has been catching these here.
It was just two viruses shy of Clam/AV in yesterday's results.
Virus updates current?
- Original Message -
From: "Chuck Schick" <[EMAIL PROTECTED]>
To: "Declude. Virus" <[EMAIL PROTECTED]>
Sent: Tuesday, Novem
I use ClamAV.
Overall it is very effective. More effective than FProt and AVG. About the
same as Mcafee.
If you are willing to turn Prescan OFF, it is good at catching Phish too.
It did have some bad defs last month that caused about 15 emails to be
mis-flagged.
- Original Message -
Fro
And the link to that helper/wrapper is here:
http://www.smartbusiness.com/imail/declude/
- Original Message -
From: "Brad Morgan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 03, 2004 11:14 AM
Subject: RE: [Declude.Virus] BitDefender
> I'm using both at the mome
I've been getting some infrequent Declude bans of
EXE files with little or no size that the sender's system must have stripped out
the virus portion.
Looking through my reports, I note I have never
seen an Invalid EXE vulnerability. I see Invalid BAT, COM, CPL, PIF and
SCR.
Is there such a t
That's good news.
Thanks!
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 08, 2004 11:50 AM
Subject: Re: [Declude.Virus] Invalid EXE vulnerability question
>
> >I've been getting some infrequent Declude bans of EXE files w
I use this version of clamav: http://www.sosdg.org/clamav-win32/index.php
with this wrapper to get virus names:
http://www.smartbusiness.com/imail/declude/
My global.cfg lines:
SCANFILE2 d:\imail\declude\runclamscan.exe log=0
C:\clamav-devel\bin\clamdscan.exe --quiet --mbox -l report.txt
VIRUSCOD
Since these are HTML segments, my guess this is
another case of where Declude Virus Pro's Prescan would need to be turned off
for these to be scanned.
I am catching these segments with Prescan off with
Clam and Mcafee.
- Original Message -
From:
Greg Little
To: [EMAIL PR
I have noticed this problem with large files, usually TIFFs.
No solutions though...
-- Original Message --
From: "John Carter" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Mon, 15 Nov 2004 16:44:35 -0600
>Has anyone using ClamAV had problems with
A plus to Symantec for me is that since I can't use Symantec for my Declude
e-mail protection, and I do use it on workstations and servers, any e-mail
virus needs to make it through an additional and different A/V program on
the desktop. The higher the hurdle, the less that can make the leap.
These seem to be the changes I have
made:
Looking at my config:
Change the BANEXT to ban what extensions you want
to ban.
Decide what to do with Zip files:
BANEXT EZIP to ban encrypted zip files if you can
get away with it
BANZIPEXTS ON to apply Banned Extensions to
contents of Zip files
If you wish the banned file extensions to apply to files with .ZIP files,
you can add a line "BANZIPEXTS ON" to your \{MAILSERVER}\Declude\virus.cfg
file. For example, if you have a line "BANEXT EXE" and "BANZIPEXTS ON", then
.EXE files within .ZIP files will be blocked. You can also use BANEZIPEXT
the BANZIPEXTS ON is for non encypted zips
the BANEZIPEXTS ON is for encrypted zips
- Original Message -
From: "David Sullivan" <[EMAIL PROTECTED]>
To:
Sent: Monday, January 31, 2005 2:30 PM
Subject: Re[5]: [Declude.Virus] RAR Support - why not?
> Hello Scott,
>
> Monday, January 31, 2
I'd like to submit this for a Declude Virus feature
change:
I like having Prescan OFF to provide the maximum
amount of protection that I can.
I also run 3 virus scanners.
I'm wondering if it would possible to migrate the
Prescan parameter into the virus engines definitions to turn it on
Try adding this to your command line:
--max-ratio 0
The support compression ratio feature (--max-ratio). Overly compressed files
may get falsely detected. I believe the 0 turns it off.
it worked for me.
- Original Message -
From: "Hirthe, Alexander" <[EMAIL PROTECTED]>
To:
Sent: Thursda
F-Prot was catching some price...zips
Mcafee caught one at 6:30
But then this appears:
03/01/2005 09:09:30 Q8599093a02820e36 MIME file: price.zip [base64;
Length=15789 Checksum=2053241]
03/01/2005 09:09:30 Q8599093a02820e36 Banning .ZIP file with exe extension.
03/01/2005 09:09:33 Q8599093a02820e3
I block .com files.
The last 3 days, I've been getting consistent
blocking of spam messages referring to a gif file named .com:
Content-Type:
image/gif;
name="wdjgamexmail.com"
These are getting blocked, but the users are
getting a little tired of the bannotify.eml messages that t
otify.eml yesterday.
Darin.
-
Original Message -
From:
Scott Fisher
To: Declude.Virus@declude.com
Sent: Tuesday, March 15, 2005 3:31 PM
Subject: [Declude.Virus] Spam .com files being
blocked.
I block .com files.
The last 3 days, I've been
tion is detected.MattDarin Cox wrote:
Yep. I just added
SKIPIFEXT COM to my bannotify.eml
yesterday.
Darin.
- Original Message -
From: Scott
Fisher
To: Declude.Virus@declude.com
Sent: Tuesday,
March 15, 2005 3:31 PM
Title: Message
1.82 is what I am running.
I get an IP address with vulnerabilities and with
viruses but not with Banned file extensions.
- Original Message -
From:
Andy Schmidt
To: Declude.Virus@declude.com
Sent: Wednesday, March 16, 2005 11:38
AM
Subject: RE: [Dec
This won't help you now, but Declude Version 2.x has this feature
:
AV
ADD
ALLOWVULNERABILITIESFROM option that instructs Declude Virus to allow
vulnerabilities from a specific E-mail address or domain.
- Original Message -
From: "Dan Geiser" <[EMAIL PROTECTED]>
To:
Sent:
Also Declude will check the previous hops up to the HOPHIGH parameter unless
the test name has DUL/DUHL/DYNA in it. So you may be checking multiple IP's
for each mail.
- Original Message -
From: "Kevin Rogers" <[EMAIL PROTECTED]>
To:
Sent: Thursday, March 31, 2005 4:03 PM
Subject: [Dec
I had some today that fit this description.
Mcafee found them as: the W32/[EMAIL PROTECTED]
- Original Message -
From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
To:
Sent: Thursday, April 14, 2005 4:19 PM
Subject: [Declude.Virus] Possible new virus?
I have seen in the last hour 4 e
I also had to add the SKIPIFVIRUSNAMEHAS Mytob to my eml files.
- Original Message -
From: "John Carter" <[EMAIL PROTECTED]>
To:
Sent: Friday, April 15, 2005 2:53 PM
Subject: RE: [Declude.Virus] Skipifforging not working on Mytob
Shayne:
I haven't heard anything from anyone else. To th
I haven't seen anything obvious in a quick glance through today's logs.
Do you have an example?
Usually, I just force another download of the dats.
- Original Message -
From: "Matt" <[EMAIL PROTECTED]>
To:
Sent: Monday, April 25, 2005 3:42 PM
Subject: [Declude.Virus] McAfee throwing error
I'm using:
SCANFILE3 D:\VIRUSSCAN\scan.exe /ALL /NOMEM
/NOBEEP /NOBREAK /UNZIP /SILENT /NODDA /MANALYZE /MIME /PANALYZE /PROGRAM
/REPORT report.txt
Haven't seen any FPs with /MANALYZE or
/PANALYZE
I run PRESCAN OFF and the /MAILBOX isn't needed to
find Phish/Links
I sense a frustratio
Mcafee command line.
If you can find a license it should run about $25 a year.
- Original Message -
From: "Chuck Schick" <[EMAIL PROTECTED]>
To:
Sent: Monday, May 02, 2005 4:02 PM
Subject: [Declude.Virus] F-Prot Alternative
> We have been running F-prot as the virus scanner with Declude
I'd like to know the answer to this as well...
I do use
SKIPEXT JPG
SKIPEXT JPEG
to skip JPEGs since the larger couple MB JPEGs sure choke the virus scanning
engines.
- Original Message -
From: "Matt" <[EMAIL PROTECTED]>
To:
Sent: Friday, May 06, 2005 11:57 AM
Subject: [Declude.Virus]
I've seen it here rarely also.
Not positive here but here is a theory:
The zip file may gave been created on a Mac and contain some Mac specific
size 0 files?
- Original Message -
From: "Paul Navarre" <[EMAIL PROTECTED]>
To:
Sent: Friday, May 27, 2005 12:54 AM
Subject: [Declude.Vir
I'll second the EXITSCANONVULNERABILITY option.
There is an occasional need to requeue a message
that false positived on a vulnerability, so I would myself prefer that all those
messages would be checked for viruses.
I'd run:
EXITSCANONVIRUS ON
EXITSCANONVULNERABILITY OFF
I think it would
Matt posted speed comparison's I'd say about a year ago.
I use F-Prot
ClamAV
and McAfee
- Original Message -
From: "David Sullivan" <[EMAIL PROTECTED]>
To:
Sent: Thursday, June 02, 2005 4:50 PM
Subject: [Declude.Virus] Second Scanner
I know this comes up every now and then, but the
If you've got pro, you could add a filter:
MAILFROM10 CONTAINS [EMAIL PROTECTED]
that will check the envelope mailfrom.
To check for those addresses in the headers:
HEADERS 10 CONTAINS [EMAIL PROTECTED]
Another option is to update your virus software more often to minimize the
opportunity windo
l.cfg for outgoing messages, and add it to your $default$.junkmail as
well.
Lastly, make sure you have a carriage return at the end of the
fromblacklist.txt to avoid the last line being ignored..
Darin.
- Original Message -
From: "Scott Fisher" <[EMAIL PROTECTED]>
To
line "MAILFROM10 CONTAINS [EMAIL PROTECTED]" in
virus.cfg or global.cfg? Do I need to use another file?
If I use the HEADERS option "HEADERS 10 CONTAINS [EMAIL PROTECTED]"
- where would I put that?
Sorry for the newbie questions.
Kevin
Scott Fisher wrote:
If you've got
P.S. You can schedule freshclam often because it makes a DNS call to
determine if there is a new version of the database, it will only download
if that DNS result tells it to.
Very efficient. I schedule freshclam every 15 minutes.
- Original Message -
From: "David Sullivan" <[EMAIL PRO
One other ClamAV tip.
If you can afford the performance hit and can use PRESCAN OFF, clamav will
be a very effective Phish blocker.
- Original Message -
From: "David Sullivan" <[EMAIL PROTECTED]>
To:
Sent: Friday, June 03, 2005 3:20 PM
Subject: Re[2]: [Declude.Virus] Second Scanner
-mail was sent from 206-72-95-86.wi.skypipeline.com ([206.72.95.86])" or
in the X-Declude-Sender field?
Maybe I should just use the HEADERS 0 CONTAINS.... instead.
Thanks again.
Scott Fisher wrote:
One caveat. The MAILFROM uses the envelope mailfrom, which is different
than the one
I'm running 2.0.6.16 and would consider it as stable as 1.82
- Original Message -
From: "David Sullivan" <[EMAIL PROTECTED]>
To: "John Carter"
Sent: Friday, June 03, 2005 2:02 PM
Subject: Re[4]: [Declude.Virus] Second Scanner
Looks like I have clam up and running. I'm testing it as
One last ClamAV comment...
I've added the command line switch --max-ratio 0
I've had some false positives on some .zip files that forced me to add the
switch.
- Original Message -
From: "Terry Fritts" <[EMAIL PROTECTED]>
To: "David Sullivan"
Sent: Thursday, June 02, 2005 5:52 PM
Su
I also use Terry's runclamscan with no issues.
I have had rare email melt downs when I was running runclamd. I could never
pin it firmly on anything. So I stopped the runclamd to see how it handles.
- Original Message -
From: "David Sullivan" <[EMAIL PROTECTED]>
To:
Sent: Saturday,
Yes I have seen them too:
email starts with:
Dear Valued Member, According to our site policy
you will have to confirm your account by the following link or else your account
will be suspended within 24 hours for security reasons.
- Original Message -
From:
Jim Matuska
I use skipext to bypass some of my larger file
types:
SKIPEXT EPSSKIPEXT GIFSKIPEXT inddSKIPEXT JPGSKIPEXT JPEGSKIPEXT MPGSKIPEXT MPEGSKIPEXT MOVSKIPEXT P65SKIPEXT PMDSKIPEXT PDFSKIPEXT
PSDSKIPEXT QXDSKIPEXT TIFSKIPEXT
TIFF
Of course by skipping these extensions (especially
...and hope that Declude or the AV-Engine will catch this vulnerability as
soon as possible.
I completely agree. As a publishing company we receive lots of large jpeg
files and the thought of having to virus scan all those, makes my mail
server want to run and hide.
I'd like to see a comment
http://www.mail-archive.com/declude.virus@declude.com/msg12070.html
This vulnerability is triggered if the file format diverges from the
official ZIP format specification.
- Original Message -
From: "Grant Griffith" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, August 09, 2005 1:42 PM
Subj
ich might
not put things in the correct format.
Thanks,
Grant Griffith
EI8HTLEGS, A Division of ETC
(812)932-1000
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Tuesday, August 09, 2005 2:09 PM
To: Declude.Virus@declude.com
Subject: Re: [D
You can't do an internet reboot on a Friday. You need to wait until the
weekend.
- Original Message -
From: "Matt" <[EMAIL PROTECTED]>
To:
Sent: Friday, September 09, 2005 10:48 AM
Subject: Re: [Declude.Virus] Sudden Internet Slowdown
Maybe someone should reboot the Internet.
Matt
Great catch Matt.
Mine's gone too since August 2
Thank you Declude for multiple virus scanner
option.
Try:
http://download.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip
From:
http://groups.google.com/group/mailing.unix.amavis-user/browse_thread/thread/890f45b2e1cfd
Here's the Mcafee page:
http://vil.mcafeesecurity.com/vil/virus-4d.asp
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 2:26
PM
Subject: Re: [Declude.Virus] Seemingly
bad virus this morning
This is a new Bagel varia
-Matt,
Does the wget -N command work for you with
Mcafee.
I also use the -N and get the full download every
time.
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 4:13
PM
Subject: Re: [Declude.Virus] Seemingly
bad v
Arrrggg.
Mr. Obvious says if you rename the
win_netware_betadat.zip, wget will never find a file to compare it to and will
always download the update.
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 5:34
PM
Subject: Re:
I've caught 76 conflicting encoding messages with
EVA this month all 3 days. All spam messages.
What's odd is I've I had 53 conflicting encoding
messages the whole last month.
Is this a change in Declude 3.05 or a shift in my
spammers?
I block all encrypted zips based on the fact that I can't virus scan them.
But then again I'm slightly paranoid and should not be trusted with sharp
objects.
- Original Message -
From: "Kevin Rogers" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, October 11, 2005 3:08 PM
Subject: Re: [Declu
So I though with Declude 3 running ok, I'm going to
try the clam av service again.
I'm running into a problem with
runclamd
when I issue a runclamd -start, these log messages
are produced
10-20-2005 11:42:39
SERVICE_START_PENDING10-20-2005 11:42:39 Status:
410-20-2005 11:42:41 star
I would consider 3.0.5.10/11 interim releases... Scott would never have
documented them.
I too would like to see the release notes updated with each and every
version...
but it's a long long standing issue.
- Original Message -
From: "Darin Cox" <[EMAIL PROTECTED]>
To:
Sent: Saturd
I use F-Prot 1, McAfee 2, Clam 3
I use the Cygwin version of clam with runclamd and runclamscan. You'll find
those at http://www.smartbusiness.net/imail/declude/
runclamd runs clam as a service. much faster.
runclamscan returns a virus name to Declude
Don't forget this is allowable:
#
# (2.0.6
Just the DOS scanner
Dirt cheap if you can find someone to sell it to you.
A little spikey on the CPU utilization, but also pretty quick at
definitions.
- Original Message -
From: "David Dodell" <[EMAIL PROTECTED]>
To: "Scott Fisher"
Sent: Wednesday,
1 - 100 of 153 matches
Mail list logo