Scott,
I don't know that our firewall is the issue due to it working
under i7 and all prior Declude versions. The Firewall only modifies the
extension, it does not in anyway alter the file. When you wrote that i7
will not block encrypted zips without the BANEXT EZIP line, it was my
understanding if you have the following:
BANEZIPEXTS ON
BANEXT com
then it will block encrypted zip files containg .com files? Am
I wrong? Do I need to have all the following lines in there?
BANEZIPEXTS ON
BANEXT EZIP
BANEXT com
I thought you mentioned that BANEXT EZIP was 'undesireable' and
using the first example above was ideal?
Version i7 is causing the .vir directories and the lines in the
log that indicate Declude could not remove the .vir directory. Inside
those directories are files called 0.zi and 1.zi It was my
understanding that i8 fixed this issue with the .vir directory and also
added new features for attacking .bat, .scr. Etc.
I am currently on i7, due to i8 not catching encrypted .zip
files with extensions in my BANEXT listing. This was tested from the
encoded zip file as well as an eicar.com file zipped and password
protected.
Keith
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, March 03, 2004 10:16 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] New interim Declude Virus Pro to block
bogus .bat, .com, .pif, and .scr files
> I am not using BANEXT EZIP with i7 nor i8 per your
> instructions to remove it in place of the new commands:
In that case, i7 will *not* block any encrypted .ZIP files.
>BANEZIPEXTS and BANZIPEXTS ON
>
> I used that encoded file to test it under i8 first and it went
> straight through, that is what tipped me off that something was not
right.
What extension does the attachment in your mail client show? I'm
thinking that the firewall is mucking things up (if it renames the .ZIP
to .ZI or .ZI_, for example, Declude Virus won't look at it).
>I am unsure where to turn as our .vir directories are off the charts.
Unfortunately, this isn't useful information without knowing which
version(s) caused them, and preferably the log file entries for them as
well. There was an old interim that could cause this, but the latest
should not.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
