Bonno, >From the Declude manual
If all mail was quarantined or not delivered: If your virus scanner reported an error that caused all mail to be quarantined, you can easily force the mail to be delivered. You can take the files from the \IMail\spool\virus\ directory and copy them back into the \IMail\spool\ directory, and they will be delivered on the next queue run (about 30 minutes -- to send them more quickly, run IMail Administrator to view the queue, and click the "Send All" button several times). Declude processes the mail before it is placed in the queue. If you return the Q* and D* records to the queue then Declude will not process them again. If it did, you would end up with the back in the virus queue and never be able to send them out. George Kulman Partner Ridge Systems, L.L.C. Cell - 201-647-3250 or 516-582-0019 Office - 201-291-0600 Fax - 201-291-8887 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bonno Bloksma Sent: Monday, December 23, 2002 4:20 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] requqing mail Hi, Below a report of a mail that was caught by declude. I then looked at it using "spamreview" (www.slsoft.com/spamreview.htm) and told it to reque the file, putting the D*.SMD and Q*.SMD file back into the C:\IMail\spool directory. I then realised that probably declude would pick it up again and the mail would still not be delivered. However..... the mail was delivered without Declude svanning it. Here the snippet from sysmmdd.log: 12:23 10:04 SMTPD(queue run) 14831 1 33 12:23 10:04 SMTP-(00000788) C:\IMail\spool\Q4ae5030501047e98.SMD 12:23 10:04 SMTP-(00000788) processing C:\IMail\spool\Q4ae5030501047e98.SMD 12:23 10:04 SMTP-(00000788) ldeliver mailie.tio.nl i.wannet-main (1) [EMAIL PROTECTED] 4330 12:23 10:04 SMTP-(00000788) finished C:\IMail\spool\Q4ae5030501047e98.SMD status=1 As you can see from this snippet of the virus.log file, the mail was not scanned by Declude: 12/23/2002 10:01:20 Qd0df05ab0104563b Scanned: Virus Free [MIME: 1 715] 12/23/2002 10:04:02 Qd181016f0198cefa Scanned: Virus Free [MIME: 2 431] 12/23/2002 10:04:26 Qd1990064016a2e95 Scanned: Virus Free [MIME: 2 1273] 12/23/2002 10:05:12 Qd16f001902888822 Scanned: Virus Free [MIME: 3 610404] Why did Declude not scan it the second time? Because it was a local delivery? Are *all* local deliveries not scanned? Can somebody please tell me what the process was that happened here so I can better understand it and better understand possible gaps in the virus security. Met vriendelijke groet, Bonno Bloksma --------------------------------- This is the original report from Declude when the mail was caught the first time. Declude Virus v1.65 caught the [Conflicting Encoding Vulnerability] virus in Unknown File from [EMAIL PROTECTED] to: [EMAIL PROTECTED] Date: 12/20/2002 17:52:55 Subject: Vervallen van uw WAP2 mobiele nummer Spool File: D4ae5030501047e98.SMD Remote IP: 80.60.240.173 Headers: Received: from proxy.campusstores.nl [80.60.240.173] by mailie.tio.nl (SMTPD32-7.07) id AAE53050104; Fri, 20 Dec 2002 17:52:53 +0100 Received: (qmail 3402 invoked by uid 3001); 20 Dec 2002 16:48:08 -0000 Date: 20 Dec 2002 16:48:08 -0000 Message-ID: <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Vervallen van uw WAP2 mobiele nummer MIME-Version: 1.0 From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Content-Type: multipart/alternative; boundary="=_a214198d5726d1ecfde9ab707b7eb74e" --- [This E-mail scanned for viruses by Declude Virus using f-prot] --- [This E-mail scanned for viruses by Declude Virus using f-prot] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
