Scott, I don't know that our firewall is the issue due to it working under i7 and all prior Declude versions. The Firewall only modifies the extension, it does not in anyway alter the file. When you wrote that i7 will not block encrypted zips without the BANEXT EZIP line, it was my understanding if you have the following:
BANEZIPEXTS ON BANEXT com then it will block encrypted zip files containg .com files? Am I wrong? Do I need to have all the following lines in there? BANEZIPEXTS ON BANEXT EZIP BANEXT com I thought you mentioned that BANEXT EZIP was 'undesireable' and using the first example above was ideal? Version i7 is causing the .vir directories and the lines in the log that indicate Declude could not remove the .vir directory. Inside those directories are files called 0.zi and 1.zi It was my understanding that i8 fixed this issue with the .vir directory and also added new features for attacking .bat, .scr. Etc. I am currently on i7, due to i8 not catching encrypted .zip files with extensions in my BANEXT listing. This was tested from the encoded zip file as well as an eicar.com file zipped and password protected. Keith -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, March 03, 2004 10:16 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files > I am not using BANEXT EZIP with i7 nor i8 per your > instructions to remove it in place of the new commands: In that case, i7 will *not* block any encrypted .ZIP files. >BANEZIPEXTS and BANZIPEXTS ON > > I used that encoded file to test it under i8 first and it went > straight through, that is what tipped me off that something was not right. What extension does the attachment in your mail client show? I'm thinking that the firewall is mucking things up (if it renames the .ZIP to .ZI or .ZI_, for example, Declude Virus won't look at it). >I am unsure where to turn as our .vir directories are off the charts. Unfortunately, this isn't useful information without knowing which version(s) caused them, and preferably the log file entries for them as well. There was an old interim that could cause this, but the latest should not. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.