Re: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

2009-06-01 Thread declude
How could this have happened  How long has this been going on for?

I think some kind of explanation should be forthcoming.

David?

Don Winsauer
Net1 Media
  - Original Message - 
  From: Colbeck, Andrew 
  To: declude.virus@declude.com 
  Sent: Monday, June 01, 2009 5:24 PM
  Subject: RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX


  Aha! That was a fishy circumstance. Those errors were red herrings raised by 
my other virus scanner, not the AVG scanner.

  If anybody is interested, this is what the log lines looked like at the last 
time that AVG triggered on a virus was April 3rd, 2009:

  04/03/2009 08:54:05.047 Q003993048.smd Vulnerability flags = 2047
  04/03/2009 08:54:05.047 Q003993048.smd MIME file: [text/html][8bit; 
Length=2371 Checksum=206516]
  04/03/2009 08:54:05.062 Q003993048.smd MIME file: postcard.zip [base64; 
Length=449806 Checksum=56953283]
  04/03/2009 08:54:05.062 Q003993048.smd Banning .ZIP file with SCR extension.
  04/03/2009 08:54:07.501 Q003993048.smd AVG Reports VIRUS: Win32/Cryptor
  04/03/2009 08:54:07.501 Q003993048.smd File(s) are INFECTED [Win32/Cryptor: 7]
  04/03/2009 08:54:08.220 Q003993048.smd Virus scanner 1 reports exit code of 0
  04/03/2009 08:54:08.345 Q003993048.smd Scanned: CONTAINS A VIRUS [Prescan 
OK][MIME: 2 452321]
  04/03/2009 08:54:08.345 Q003993048.smd From: postca...@hallmark.com To: 
 [outgoing from 69.156.243.37]
  04/03/2009 08:54:08.345 Q003993048.smd Subject: You've received A Hallmark 
E-Card!

  There were three of those, and otherwise I had no detections, and no 
interesting messages from AVG or with "error" in the log line.

  After stopping the DecludeProc service, then replacing decludeproc.exe with 
the Imail version, decludeproc_IM4635.exe as decludeproc.exe, and then 
restarting the DecludeProc service, I can then send a test email with the EICAR 
test virus as an attachment, and AVG does pick it up.

  06/01/2009 18:11:11.305 Q000595199.smd Vulnerability flags = 2047
  06/01/2009 18:11:11.305 Q000595199.smd MIME file: eicar.com [base64; 
Length=68 Checksum=6829]
  06/01/2009 18:11:13.711 Q000595199.smd AVG Reports VIRUS: EICAR_Test
  06/01/2009 18:11:13.711 Q000595199.smd File(s) are INFECTED [EICAR_Test: 7]
  06/01/2009 18:11:13.727 Q000595199.smd Found a bogus .com file
  06/01/2009 18:11:13.727 Q000595199.smd Scanned: CONTAINS A VIRUS [MIME: 2 157]
  06/01/2009 18:11:13.727 Q000595199.smd From:  To:  [outgoing from 
]
  06/01/2009 18:11:13.727 Q000595199.smd Subject: test 03


  Andrew.






--
  From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David 
Barker
  Sent: Monday, June 01, 2009 2:00 PM
  To: declude.virus@declude.com
  Subject: RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX


  Not for everyone, but certainly for your server that would be true if that is 
what your logs indicate.

   

  From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck, 
Andrew
  Sent: Monday, June 01, 2009 4:03 PM
  To: declude.virus@declude.com
  Subject: RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

   

  David, this log excerpt seems to indicate that my AVG hasn't been working 
since May 1st 2009. Is this correct?

   

  C:\IMail\Spool>grep -c "smd Scanned: Error in virus scanner" vir.log
  vir0401.log:0
  vir0402.log:0
  vir0403.log:0
  vir0404.log:0
  vir0405.log:0
  vir0406.log:0
  vir0407.log:0
  vir0408.log:0
  vir0409.log:0
  vir0410.log:0
  vir0411.log:0
  vir0412.log:0
  vir0413.log:0
  vir0414.log:0
  vir0415.log:0
  vir0416.log:0
  vir0417.log:0
  vir0418.log:0
  vir0419.log:0
  vir0420.log:0
  vir0421.log:0
  vir0422.log:0
  vir0423.log:0
  vir0424.log:0
  vir0425.log:0
  vir0426.log:0
  vir0427.log:0
  vir0428.log:0
  vir0429.log:0
  vir0430.log:0
  vir0501.log:2722
  vir0502.log:640
  vir0503.log:623
  vir0504.log:3143
  vir0505.log:2885
  vir0506.log:2568
  vir0507.log:2761
  vir0508.log:2554
  vir0509.log:386
  vir0510.log:415
  vir0511.log:3110
  vir0512.log:2920
  vir0513.log:2761
  vir0514.log:2771
  vir0515.log:2429
  vir0516.log:300
  vir0517.log:376
  vir0518.log:857
  vir0519.log:2605
  vir0520.log:2793
  vir0521.log:2574
  vir0522.log:2598
  vir0523.log:279
  vir0524.log:430
  vir0525.log:2630
  vir0526.log:2751
  vir0527.log:3217
  vir0528.log:3026
  vir0529.log:2532
  vir0530.log:336
  vir0531.log:608
  vir0601.log:1894

   

   

  Andrew.

   

   


--

  From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David 
Barker
  Sent: Monday, June 01, 2009 12:38 PM
  To: declude.junkm...@declude.com; declude.virus@declude.com
  Subject: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

  If your AVG is not scanning emails, please upgrade immediately to 4.6.35 
which is available from the Declude website.

   

  If you are unsure w

RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

2009-06-01 Thread Colbeck, Andrew
Aha! That was a fishy circumstance. Those errors were red herrings
raised by my other virus scanner, not the AVG scanner.
 
If anybody is interested, this is what the log lines looked like at the
last time that AVG triggered on a virus was April 3rd, 2009:
 
04/03/2009 08:54:05.047 Q003993048.smd Vulnerability flags = 2047
04/03/2009 08:54:05.047 Q003993048.smd MIME file: [text/html][8bit;
Length=2371 Checksum=206516]
04/03/2009 08:54:05.062 Q003993048.smd MIME file: postcard.zip [base64;
Length=449806 Checksum=56953283]
04/03/2009 08:54:05.062 Q003993048.smd Banning .ZIP file with SCR
extension.
04/03/2009 08:54:07.501 Q003993048.smd AVG Reports VIRUS: Win32/Cryptor
04/03/2009 08:54:07.501 Q003993048.smd File(s) are INFECTED
[Win32/Cryptor: 7]
04/03/2009 08:54:08.220 Q003993048.smd Virus scanner 1 reports exit code
of 0
04/03/2009 08:54:08.345 Q003993048.smd Scanned: CONTAINS A VIRUS
[Prescan OK][MIME: 2 452321]
04/03/2009 08:54:08.345 Q003993048.smd From: postca...@hallmark.com
<mailto:postca...@hallmark.com>  To: 
<mailto:mcpie...@bentall.com>  [outgoing from 69.156.243.37]
04/03/2009 08:54:08.345 Q003993048.smd Subject: You've received A
Hallmark E-Card!
 
There were three of those, and otherwise I had no detections, and no
interesting messages from AVG or with "error" in the log line.
 
After stopping the DecludeProc service, then replacing decludeproc.exe
with the Imail version, decludeproc_IM4635.exe as decludeproc.exe, and
then restarting the DecludeProc service, I can then send a test email
with the EICAR test virus as an attachment, and AVG does pick it up.
 
06/01/2009 18:11:11.305 Q000595199.smd Vulnerability flags = 2047
06/01/2009 18:11:11.305 Q000595199.smd MIME file: eicar.com [base64;
Length=68 Checksum=6829]
06/01/2009 18:11:13.711 Q000595199.smd AVG Reports VIRUS: EICAR_Test
06/01/2009 18:11:13.711 Q000595199.smd File(s) are INFECTED [EICAR_Test:
7]
06/01/2009 18:11:13.727 Q000595199.smd Found a bogus .com file
06/01/2009 18:11:13.727 Q000595199.smd Scanned: CONTAINS A VIRUS [MIME:
2 157]
06/01/2009 18:11:13.727 Q000595199.smd From: 
<mailto:acolb...@bentall.com>  To:  <mailto:acolb...@bentall.com>
[outgoing from ]
06/01/2009 18:11:13.727 Q000595199.smd Subject: test 03
 
 
Andrew.
 
 
 



From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
David Barker
Sent: Monday, June 01, 2009 2:00 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX



Not for everyone, but certainly for your server that would be true if
that is what your logs indicate.

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
Colbeck, Andrew
Sent: Monday, June 01, 2009 4:03 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

 

David, this log excerpt seems to indicate that my AVG hasn't been
working since May 1st 2009. Is this correct?

 

C:\IMail\Spool>grep -c "smd Scanned: Error in virus scanner" vir.log
vir0401.log:0
vir0402.log:0
vir0403.log:0
vir0404.log:0
vir0405.log:0
vir0406.log:0
vir0407.log:0
vir0408.log:0
vir0409.log:0
vir0410.log:0
vir0411.log:0
vir0412.log:0
vir0413.log:0
vir0414.log:0
vir0415.log:0
vir0416.log:0
vir0417.log:0
vir0418.log:0
vir0419.log:0
vir0420.log:0
vir0421.log:0
vir0422.log:0
vir0423.log:0
vir0424.log:0
vir0425.log:0
vir0426.log:0
vir0427.log:0
vir0428.log:0
vir0429.log:0
vir0430.log:0
vir0501.log:2722
vir0502.log:640
vir0503.log:623
vir0504.log:3143
vir0505.log:2885
vir0506.log:2568
vir0507.log:2761
vir0508.log:2554
vir0509.log:386
vir0510.log:415
vir0511.log:3110
vir0512.log:2920
vir0513.log:2761
vir0514.log:2771
vir0515.log:2429
vir0516.log:300
vir0517.log:376
vir0518.log:857
vir0519.log:2605
vir0520.log:2793
vir0521.log:2574
vir0522.log:2598
vir0523.log:279
vir0524.log:430
vir0525.log:2630
vir0526.log:2751
vir0527.log:3217
vir0528.log:3026
vir0529.log:2532
vir0530.log:336
vir0531.log:608
vir0601.log:1894

 

 

Andrew.

 

 



From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
David Barker
Sent: Monday, June 01, 2009 12:38 PM
To: declude.junkm...@declude.com; declude.virus@declude.com
Subject: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

If your AVG is not scanning emails, please upgrade immediately to 4.6.35
which is available from the Declude website.

 

If you are unsure whether this means you, we suggest you upgrade, if you
need any assistance in this matter please contact supp...@declude.com

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
dbar...@declude.com <mailto:dbar...@declude.com> 

 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 


---
This E

RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

2009-06-01 Thread David Barker
You can just replace the decludeproc if you were previously running anything
later than 4.4.24

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Scott
Fisher
Sent: Monday, June 01, 2009 4:35 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

 

Can I replace the decludeproc.exe or is a upgrade install needed?

 

-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Monday, June 01, 2009 2:38 PM
To: declude.junkm...@declude.com; declude.virus@declude.com
Subject: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

 

If your AVG is not scanning emails, please upgrade immediately to 4.6.35
which is available from the Declude website.

 

If you are unsure whether this means you, we suggest you upgrade, if you
need any assistance in this matter please contact supp...@declude.com

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
 <mailto:dbar...@declude.com> dbar...@declude.com

 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

2009-06-01 Thread David Barker
Not for everyone, but certainly for your server that would be true if that
is what your logs indicate.

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck,
Andrew
Sent: Monday, June 01, 2009 4:03 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

 

David, this log excerpt seems to indicate that my AVG hasn't been working
since May 1st 2009. Is this correct?

 

C:\IMail\Spool>grep -c "smd Scanned: Error in virus scanner" vir.log
vir0401.log:0
vir0402.log:0
vir0403.log:0
vir0404.log:0
vir0405.log:0
vir0406.log:0
vir0407.log:0
vir0408.log:0
vir0409.log:0
vir0410.log:0
vir0411.log:0
vir0412.log:0
vir0413.log:0
vir0414.log:0
vir0415.log:0
vir0416.log:0
vir0417.log:0
vir0418.log:0
vir0419.log:0
vir0420.log:0
vir0421.log:0
vir0422.log:0
vir0423.log:0
vir0424.log:0
vir0425.log:0
vir0426.log:0
vir0427.log:0
vir0428.log:0
vir0429.log:0
vir0430.log:0
vir0501.log:2722
vir0502.log:640
vir0503.log:623
vir0504.log:3143
vir0505.log:2885
vir0506.log:2568
vir0507.log:2761
vir0508.log:2554
vir0509.log:386
vir0510.log:415
vir0511.log:3110
vir0512.log:2920
vir0513.log:2761
vir0514.log:2771
vir0515.log:2429
vir0516.log:300
vir0517.log:376
vir0518.log:857
vir0519.log:2605
vir0520.log:2793
vir0521.log:2574
vir0522.log:2598
vir0523.log:279
vir0524.log:430
vir0525.log:2630
vir0526.log:2751
vir0527.log:3217
vir0528.log:3026
vir0529.log:2532
vir0530.log:336
vir0531.log:608
vir0601.log:1894

 

 

Andrew.

 

 

  _  

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Monday, June 01, 2009 12:38 PM
To: declude.junkm...@declude.com; declude.virus@declude.com
Subject: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

If your AVG is not scanning emails, please upgrade immediately to 4.6.35
which is available from the Declude website.

 

If you are unsure whether this means you, we suggest you upgrade, if you
need any assistance in this matter please contact supp...@declude.com

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
 <mailto:dbar...@declude.com> dbar...@declude.com

 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

2009-06-01 Thread Scott Fisher
Can I replace the decludeproc.exe or is a upgrade install needed?

 

-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Monday, June 01, 2009 2:38 PM
To: declude.junkm...@declude.com; declude.virus@declude.com
Subject: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

 

If your AVG is not scanning emails, please upgrade immediately to 4.6.35
which is available from the Declude website.

 

If you are unsure whether this means you, we suggest you upgrade, if you
need any assistance in this matter please contact supp...@declude.com

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
  dbar...@declude.com

 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

2009-06-01 Thread Colbeck, Andrew
David, this log excerpt seems to indicate that my AVG hasn't been
working since May 1st 2009. Is this correct?
 
C:\IMail\Spool>grep -c "smd Scanned: Error in virus scanner" vir.log
vir0401.log:0
vir0402.log:0
vir0403.log:0
vir0404.log:0
vir0405.log:0
vir0406.log:0
vir0407.log:0
vir0408.log:0
vir0409.log:0
vir0410.log:0
vir0411.log:0
vir0412.log:0
vir0413.log:0
vir0414.log:0
vir0415.log:0
vir0416.log:0
vir0417.log:0
vir0418.log:0
vir0419.log:0
vir0420.log:0
vir0421.log:0
vir0422.log:0
vir0423.log:0
vir0424.log:0
vir0425.log:0
vir0426.log:0
vir0427.log:0
vir0428.log:0
vir0429.log:0
vir0430.log:0
vir0501.log:2722
vir0502.log:640
vir0503.log:623
vir0504.log:3143
vir0505.log:2885
vir0506.log:2568
vir0507.log:2761
vir0508.log:2554
vir0509.log:386
vir0510.log:415
vir0511.log:3110
vir0512.log:2920
vir0513.log:2761
vir0514.log:2771
vir0515.log:2429
vir0516.log:300
vir0517.log:376
vir0518.log:857
vir0519.log:2605
vir0520.log:2793
vir0521.log:2574
vir0522.log:2598
vir0523.log:279
vir0524.log:430
vir0525.log:2630
vir0526.log:2751
vir0527.log:3217
vir0528.log:3026
vir0529.log:2532
vir0530.log:336
vir0531.log:608
vir0601.log:1894

 
 
Andrew.
 



From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
David Barker
Sent: Monday, June 01, 2009 12:38 PM
To: declude.junkm...@declude.com; declude.virus@declude.com
Subject: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX



If your AVG is not scanning emails, please upgrade immediately to 4.6.35
which is available from the Declude website.

 

If you are unsure whether this means you, we suggest you upgrade, if you
need any assistance in this matter please contact supp...@declude.com

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
dbar...@declude.com  

 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.