It would seem that in your setup, before Declude processes the message, it gets sent to another program for processing (possibly on a gateway server, or another antivirus program on the same server).
1) From your setup, Declude shouldn't have banned the first message, and it didn't (AFAIK, Declude doesn't strip attachments, it holds the entire email). 2) The second one seems to have had the EXE stripped out of the zip file, which as before, Declude doesn't strip attachments, it blocks them. When the exe was stripped out, it "broke" the zip file, therefore you got the vulnerability. 3) Your first scanner apparently doesn't have the ability to scan inside encrypted zips, so it let the last one pass, but Declude blocked it correctly. Dan Horne -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, July 22, 2004 4:47 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] BanNotify Problem Goran, Are you running any other software or hardware that might be inspecting these messages? The EXE response doesn't seem very Declude'ish. Matt Goran Jovanovic wrote: >I have Virus Pro latest interim release 179i8. > >I have BANEXT EXE and BANEXT EZIP in my config file. I do not have >BANEXT ZIP, BANZIPEXT nor BANEZIPEXTS > >I have a bannotify.eml file in my \imail\declude directory > >So I sent a couple of tests > >EXE only attachment: > >I did NOT get my bannotify message. I got the following appended to my >email > >File attachment: MarchBreak2004infoflyer.exe The file attached to this >email was removed because the file name is not allowed. > >EXE in a ZIP file > >I got a Vulnerability Alert message telling me that I had the Outlook >Vulnerability [Invalid ZIP Vulnerability]. This should have got through. > >EXE in an encrypted ZIP > >I actually got my BANNOTIFY on this one. > >Why did the EXE only not send me the BANNOTIFY? >Why did the EXE in a ZIP send me a vulnerability message? > >Thanx > > > Goran Jovanovic > The LAN Shoppe > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.Virus mailing list. To unsubscribe, >just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". The archives can be found >at http://www.mail-archive.com. > > > > -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
