[Declude.JunkMail] Declude "deactivated" itself

[Andy Schmidt]

Title: Message

Now THAT was weird - or rather, outright scary!

 

Declude suddenly stopped working at 5:30 PM, did not create any log entries, etc...  I'm including a DIAG screen and the log.

 

No GP1/2 files in the root folder.

 

However, the spf.none file had grown to almost 256 MEGAbytes - and it's time stamp was 5:30 PM. Hmmmm.

 

I ended up rebooting the server and suddenly Declude revived itself.  Of course, in the meantime (about 50 minutes) we allowed zillions of viruses and spam through.

 

Scott? Any ideas?

 

 

Declude DIAG

D:\IMAIL>declude -diag
Declude 1.79i6 (C) Copyright 2000-2004 Computerized Horizons.

 

NoMaxQueProc

 

Diagnostics ON (Declude v1.79i6).

 

Declude JunkMail:  Config file found (D:\IMAIL\Declude\global.CFG).
Declude Virus:     Config file found (D:\IMAIL\Declude\Virus.CFG).
WARNING: Could not delete eicar.com file [2]!
Declude Hijack:    Not installed (no D:\IMAIL\Declude\Hijack.CFG file).
Declude Confirm:   Not installed (no D:\IMAIL\Declude\Confirm.CFG file).

 

85 spam tests defined: BYPASS19 BYPASS14 BYPASS12 DSBLSINGLE DSBLMULTI ORDB KUND
ENSERVER SPAMCOP BLITZEDALL NJABL NJABLRELAYS NJABLDUL NJABLDYNA NJABLSOURCES NJ
ABLMULTI NJABLFORMMAIL NJABLPROXIES AHBL AHBLRELAYS AHBLPROXIES AHBLSOURCES AHBL
PSSL AHBLFORMMAIL AHBLDYNA AHBLEXEMPT SORBS SORBS-HTTP SORBS-SOCKS SORBS-MISC SO
RBS-SMTP SORBS-WEB SORBS-BLOCK SORBS-ZOMBIE SORBS-DUHL SBL XBL-DYNA HIL SPFFAIL
SPFPASS BONDEDSENDER WEB-O-TRUST HUL RDNSBL AHBLDOMAINS SORBS-BADCONF SORBS-NOMA
IL MAILPOLICE-PORN MAILFROM PERCENT BADHEADERS BASE64 HELOBOGUS IPNOTINMX REVDNS
 SPAMROUTING SPAMHEADERS NOLEGITCONTENT COMMENTS BCC4 BCC6 BCC8 SNIFFER SNIFFER-
SNAKE SNIFFER-SCAMS SNIFFER-PORN SNIFFER-MALWARE SNIFFER-OBFUSC POSTMASTER SPAMD
OMAINS WEIGHTFILTER DYNAMIC-IP OPEN-RELAY MULTI-RELAY FORMMAIL WEIGHTKILL WEIGHT
10 WEIGHT8 WEIGHTHDR WEIGHTFOOTER WEIGHTSNIFFER NOTSNIFFed ACTIONBOUNCE ACTIONDE
LETE SPAMHAUS CBL

 

IMail reports Official Host Name as: "Maywood-IS-0002.Webhost.HM-Software.com".
IMail's SendName registry seems OK:  "D:\IMAIL\Declude.exe".
DNS Server: 127.0.0.1

 

Declude JunkMail Status:             PRO version registered.
Declude Virus Status:                Pro Version Registered.
Declude Hijack Status:               NOT REGISTERED: No activation code.

 

End of diagnostics.

 

Here the Declude log showing the gap.

 

06/15/2004 17:30:09 Q6a5540c200ea9cea SPAMCOP:7 XBL-DYNA:7 HELOBOGUS:3 REVDNS:5 SPAMROUTING:4 SNIFFER:4 SNIFFER-SNAKE:1 SPAMDOMAINS:4 .  Total weight = 35.
06/15/2004 17:30:09 Q6a5540c200ea9cea Bypassing whitelisting of E-mail with weight >=19 (35) and at least 1 recipients (1).
06/15/2004 17:30:09 Q6a5540c200ea9cea NOT bypassing whitelisting of E-mail with weight >=14 (35) and at least 4 recipients (1).
06/15/2004 17:30:09 Q6a5540c200ea9cea NOT bypassing whitelisting of E-mail with weight >=12 (35) and at least 6 recipients (1).
06/15/2004 17:30:09 Q6a5540c200ea9cea Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED]
06/15/2004 17:30:10 Q6a5540c200ea9cea Subject: Fwd: Get Meds Va/l/ium ? XA+n+ax & v|agr@ ) V1cod+in Pntermi.n. ? Som@  obqbjijryiqe
06/15/2004 17:30:10 Q6a5540c200ea9cea From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]  IP: 212.71.154.100 ID: w370DjN8798
06/15/2004 17:30:10 Q6a5540c200ea9cea Tests failed [weight=35]: BYPASS19=IGNORE DSBLSINGLE=WARN SPAMCOP=WARN BLITZEDALL=LOG NJABL=WARN NJABLPROXIES=LOG AHBL=WARN AHBLPROXIES=LOG SORBS=WARN SORBS-SOCKS=LOG SORBS-SMTP=LOG XBL-DYNA=IGNORE HELOBOGUS=WARN IPNOTINMX=IGNORE REVDNS=ALERT SPAMROUTING=WARN NOLEGITCONTENT=IGNORE SNIFFER=LOG SNIFFER-SNAKE=LOG SPAMDOMAINS=IGNORE WEIGHTKILL=DELETE ACTIONDELETE=DELETE
06/15/2004 17:30:10 Q6a5540c200ea9cea Last action = "">06/15/2004 18:18:48 Q75c1000100f64298 SPFPASS:-5 SNIFFER:4 .  Total weight = -1.
06/15/2004 18:18:48 Q75c1000100f6423a NOT bypassing whitelisting of E-mail with weight >=19 (-1) and at least 1 recipients (3).
06/15/2004 18:18:48 Q75c1000100f64298 NOT bypassing whitelisting of E-mail with weight >=19 (-1) and at least 1 recipients (3).
06/15/2004 18:18:48 Q75c1000100f64298 NOT bypassing whitelisting of E-mail with weight >=14 (-1) and at least 4 recipients (3).
06/15/2004 18:18:48 Q75c1000100f6423a NOT bypassing whitelisting of E-mail with weight >=12 (-1) and at least 6 recipients (3).
06/15/2004 18:18:48 Q75c1000100f64298 NOT bypassing whitelisting of E-mail with weight >=12 (-1) and at least 6 recipients (3).

 

Best Regards
Andy Schmidt

H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846

Phone:  +1 201 934-3414 x20 (Business)
Fax:    +1 201 934-9206

http://www.HM-Software.com/