I did not think that I had another scanner in the way but now I am going
to have to go back and check further.
Thank you for the explanation.
Goran Jovanovic
The LAN Shoppe
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:Declude.Virus-
> [EMAIL PROTECTED] On Behalf Of Dan Horne
> Sent: Friday, July 23, 2004 8:50 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.Virus] BanNotify Problem
>
> It would seem that in your setup, before Declude processes the
message, it
> gets sent to another program for processing (possibly on a gateway
server,
> or another antivirus program on the same server).
>
> 1) From your setup, Declude shouldn't have banned the first message,
and
> it
> didn't (AFAIK, Declude doesn't strip attachments, it holds the entire
> email).
> 2) The second one seems to have had the EXE stripped out of the zip
file,
> which as before, Declude doesn't strip attachments, it blocks them.
When
> the exe was stripped out, it "broke" the zip file, therefore you got
the
> vulnerability.
> 3) Your first scanner apparently doesn't have the ability to scan
inside
> encrypted zips, so it let the last one pass, but Declude blocked it
> correctly.
>
>
> Dan Horne
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Matt
> Sent: Thursday, July 22, 2004 4:47 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.Virus] BanNotify Problem
>
> Goran,
>
> Are you running any other software or hardware that might be
inspecting
> these messages? The EXE response doesn't seem very Declude'ish.
>
> Matt
>
>
>
>
> Goran Jovanovic wrote:
>
> >I have Virus Pro latest interim release 179i8.
> >
> >I have BANEXT EXE and BANEXT EZIP in my config file. I do not have
> >BANEXT ZIP, BANZIPEXT nor BANEZIPEXTS
> >
> >I have a bannotify.eml file in my \imail\declude directory
> >
> >So I sent a couple of tests
> >
> >EXE only attachment:
> >
> >I did NOT get my bannotify message. I got the following appended to
my
> >email
> >
> >File attachment: MarchBreak2004infoflyer.exe The file attached to
this
> >email was removed because the file name is not allowed.
> >
> >EXE in a ZIP file
> >
> >I got a Vulnerability Alert message telling me that I had the Outlook
> >Vulnerability [Invalid ZIP Vulnerability]. This should have got
through.
> >
> >EXE in an encrypted ZIP
> >
> >I actually got my BANNOTIFY on this one.
> >
> >Why did the EXE only not send me the BANNOTIFY?
> >Why did the EXE in a ZIP send me a vulnerability message?
> >
> >Thanx
> >
> >
> > Goran Jovanovic
> > The LAN Shoppe
> >
> >---
> >[This E-mail was scanned for viruses by Declude Virus
> >(http://www.declude.com)]
> >
> >---
> >This E-mail came from the Declude.Virus mailing list. To
unsubscribe,
> >just send an E-mail to [EMAIL PROTECTED], and
> >type "unsubscribe Declude.Virus". The archives can be found
> >at http://www.mail-archive.com.
> >
> >
> >
> >
>
> --
> =====================================================
> MailPure custom filters for Declude JunkMail Pro.
> http://www.mailpure.com/software/
> =====================================================
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus". The archives can be found
> at http://www.mail-archive.com.
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus". The archives can be found
> at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
