Re: [Declude.Virus] reque slips by Declude?
Gary, I do believe that messages that have been re-queued do not get scanned a second time. If they did, you would never be able to re-queue anything since it would be continually caught. Dean On 5/18/06, Gary Steiner [EMAIL PROTECTED] wrote: Back on May 9 my server was hit by the Feebs virus. I am using F-Prot, which did not detect it. But I am using BANEXT hta which caught it. Two days ago I upgraded to SmarterMail 3.1 and Declude 4.2.3. Among other things, I've been looking at the addition of AVG to Declude. I noticed that F-Prot still doesn't detect that version of the Feebs virus, but AVG does. So I thought I would test it. I still have a copy of the virus I received on May 9, so I requed it unchanged and unrenamed to let it got through the new Declude to see what would happen. To my surprise it was delivered! No new Declude headers were added to the message. Though SmarterMail did modify it because it detected it as spam. I checked the virus logs (LOGLEVEL set to HIGH) and there was no listing at all for this message. Naturally I am now quite nervous. Why did this happen? Have any other Feebs viruses slipped through? Unfortunately the eicar tests don't have an hta to use, so the only way I have to test this is with a live virus. The Feebs virus isn't one of the more common ones, but all it takes is one to get through to spoil the day of one of my customers. Gary Steiner --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- __ Dean Lawrence, CIO/Partner Internet Data Technology 888.GET.IDT1 ext. 701 * fax: 888.438.4381 http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] reque slips by Declude?
With older versions of Declude and Smartermail you used to have to do the X rename to skip Declude processing. If you left the X off it would be rescanned by Declude. However, now that Declude is intergrated into Smartermail v3 what is the correct requeing process? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dean Lawrence [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, May 18, 2006 7:48 AM Subject: Re: [Declude.Virus] reque slips by Declude? Gary, I do believe that messages that have been re-queued do not get scanned a second time. If they did, you would never be able to re-queue anything since it would be continually caught. Dean On 5/18/06, Gary Steiner [EMAIL PROTECTED] wrote: Back on May 9 my server was hit by the Feebs virus. I am using F-Prot, which did not detect it. But I am using BANEXT hta which caught it. Two days ago I upgraded to SmarterMail 3.1 and Declude 4.2.3. Among other things, I've been looking at the addition of AVG to Declude. I noticed that F-Prot still doesn't detect that version of the Feebs virus, but AVG does. So I thought I would test it. I still have a copy of the virus I received on May 9, so I requed it unchanged and unrenamed to let it got through the new Declude to see what would happen. To my surprise it was delivered! No new Declude headers were added to the message. Though SmarterMail did modify it because it detected it as spam. I checked the virus logs (LOGLEVEL set to HIGH) and there was no listing at all for this message. Naturally I am now quite nervous. Why did this happen? Have any other Feebs viruses slipped through? Unfortunately the eicar tests don't have an hta to use, so the only way I have to test this is with a live virus. The Feebs virus isn't one of the more common ones, but all it takes is one to get through to spoil the day of one of my customers. Gary Steiner --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- __ Dean Lawrence, CIO/Partner Internet Data Technology 888.GET.IDT1 ext. 701 * fax: 888.438.4381 http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] reque slips by Declude?
I Remove the x and place the files in the \proc directory. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, May 18, 2006 7:59 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] reque slips by Declude? With older versions of Declude and Smartermail you used to have to do the X rename to skip Declude processing. If you left the X off it would be rescanned by Declude. However, now that Declude is intergrated into Smartermail v3 what is the correct requeing process? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dean Lawrence [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, May 18, 2006 7:48 AM Subject: Re: [Declude.Virus] reque slips by Declude? Gary, I do believe that messages that have been re-queued do not get scanned a second time. If they did, you would never be able to re-queue anything since it would be continually caught. Dean On 5/18/06, Gary Steiner [EMAIL PROTECTED] wrote: Back on May 9 my server was hit by the Feebs virus. I am using F-Prot, which did not detect it. But I am using BANEXT hta which caught it. Two days ago I upgraded to SmarterMail 3.1 and Declude 4.2.3. Among other things, I've been looking at the addition of AVG to Declude. I noticed that F-Prot still doesn't detect that version of the Feebs virus, but AVG does. So I thought I would test it. I still have a copy of the virus I received on May 9, so I requed it unchanged and unrenamed to let it got through the new Declude to see what would happen. To my surprise it was delivered! No new Declude headers were added to the message. Though SmarterMail did modify it because it detected it as spam. I checked the virus logs (LOGLEVEL set to HIGH) and there was no listing at all for this message. Naturally I am now quite nervous. Why did this happen? Have any other Feebs viruses slipped through? Unfortunately the eicar tests don't have an hta to use, so the only way I have to test this is with a live virus. The Feebs virus isn't one of the more common ones, but all it takes is one to get through to spoil the day of one of my customers. Gary Steiner --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- __ Dean Lawrence, CIO/Partner Internet Data Technology 888.GET.IDT1 ext. 701 * fax: 888.438.4381 http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] reque slips by Declude?
So you are saying that the X is no longer needed? You just drop stuff in the spool directory and Declude will ignore it? That in order for Declude to rescan something it now has to be put in the proc directory? Original Message From: David Barker [EMAIL PROTECTED] Sent: Thursday, May 18, 2006 8:02 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] reque slips by Declude? I Remove the x and place the files in the \proc directory. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, May 18, 2006 7:59 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] reque slips by Declude? With older versions of Declude and Smartermail you used to have to do the X rename to skip Declude processing. If you left the X off it would be rescanned by Declude. However, now that Declude is intergrated into Smartermail v3 what is the correct requeing process? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dean Lawrence [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, May 18, 2006 7:48 AM Subject: Re: [Declude.Virus] reque slips by Declude? Gary, I do believe that messages that have been re-queued do not get scanned a second time. If they did, you would never be able to re-queue anything since it would be continually caught. Dean On 5/18/06, Gary Steiner [EMAIL PROTECTED] wrote: Back on May 9 my server was hit by the Feebs virus. I am using F-Prot, which did not detect it. But I am using BANEXT hta which caught it. Two days ago I upgraded to SmarterMail 3.1 and Declude 4.2.3. Among other things, I've been looking at the addition of AVG to Declude. I noticed that F-Prot still doesn't detect that version of the Feebs virus, but AVG does. So I thought I would test it. I still have a copy of the virus I received on May 9, so I requed it unchanged and unrenamed to let it got through the new Declude to see what would happen. To my surprise it was delivered! No new Declude headers were added to the message. Though SmarterMail did modify it because it detected it as spam. I checked the virus logs (LOGLEVEL set to HIGH) and there was no listing at all for this message. Naturally I am now quite nervous. Why did this happen? Have any other Feebs viruses slipped through? Unfortunately the eicar tests don't have an hta to use, so the only way I have to test this is with a live virus. The Feebs virus isn't one of the more common ones, but all it takes is one to get through to spoil the day of one of my customers. Gary Steiner --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- __ Dean Lawrence, CIO/Partner Internet Data Technology 888.GET.IDT1 ext. 701 * fax: 888.438.4381 http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
