Re: [Declude.Virus] Declude & Kill.lst

[R. Scott Perry]

>Which runs first on the Imail machine
>when an email comes in:  Declude or
>the kill.lst and rules.ima?

First (when the E-mail is being received), the kill.lst and access control 
(IP list) are run.

Next, Declude is called.

Finally, during the delivery, the rules.ima is used.
  -Scott

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] Could not find parse string

[R. Scott Perry]

>In my virus log I see this error:
>Waring: Virus Scanner reported an error #8.

F-Prot will return a #8 code if it finds a "suspicious" file.  You may want 
to try adding " /NOHEUR" to the SCANFILE line in \IMail\Declude\virus.cfg 
to prevent F-Prot from running its heuristics test, which could be 
producing the #8 error.
-Scott

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] AnnaKournikova

[Jerry Murdock]

What version of Declude?
What version/scan engine rev/signature rev  of Netshield?
Do you know the source and message format of the incoming message?

Jerry

- Original Message -
From: "Sharyn Schmidt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 12, 2001 10:49 AM
Subject: [Declude.Virus] AnnaKournikova


> Hi Everyone,
>
> Earlier this week we were infected with the Anna virus. I am running
> Declude and McAfee Netshield on my mail server.  After looking at the
> logs, it appears that Declude did not recognize this as a virus and let
> it on through, both in the original email from the outside, and each
> time it replicated and sent itself out to others on my network.  For
> some reason (Murphy's Law perhaps), the desktop VirusScan software on
> this particular user's machine didn't catch it either.
>
> Fortunately, the desktop VirusScan software on everyone else's machines
> did catch it and no other machine was infected except the original one.
>
> I am, however, at a loss as to why Declude missed it.  The only thing I
> can think of is that the attachment was  .jpg.vbs and the software quit
> after seeing the .jpg extension. As an aside, my firewall missed it too.
> Any input would be appreciated. Both the Netshield on the mail server
> and the all the desktop VirusScan Software are running the same latest
> and greatest DAT file.
>
> Thanks in advance for your help! I am VERY satisfied with Declude but,
> of course, like any network administrator, I want perfection :)
>
> Sharyn Schmidt
> Network Specialist
> Florida Distillers Company
> (863) 956-1116 x139
>
>
> We are the worldwide producer and marketer of the award winning Cruzan
> Single Barrel Rum, judged "Best in the World" at the annual
> San Francisco Wine and Spirits Championships, and the
> artisan tequilas of Porfidio 100% Agave Tequilas, judged "Best
> Tequila" four years running by the Wine Enthusiast magazine. For
> more information, please click (go to) http://www.cruzanrums.com";>http://http://www.cruzanrums";>www.cruzanrums.com
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".  You can E-mail
> [EMAIL PROTECTED] for assistance.  You can visit our web
> site at http://www.declude.com .


This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .