re: [Declude.Virus] OT: Alligate as a gateway for providers ?
If Declude is running the load will not change. We found that declude with using 99% of the resources on our server. We turned on Greylisting added SpamAssasin and turned off declude. Then took the same server and created virtual servers on it. I now have an extra virtual server I use for monitoring. Maybe it was the version we were on or the way we had Declude configured but it just killed our box no matter what we did even with just a few domains. (Declude 4.3) Maybe it was us, I don't know but we get virtually no spam at all now and the server is running twice as fast. Original Message Return-Path: [EMAIL PROTECTED] Hi list, we are a small provider doing some shop-hosting services. As a side-service we are running one eMail-server for 65 domains and approximately 270 user. We tried Alligate (trial) as a gateway server to minimize the load on this server. But my administrator said, that POP3 eMail never goes through to our eMail-Server. Our request is, that the gateway is doing second level SMTP-Outbund filtering/checks and POP3 first level inbound filtering/checks. The eMail-server-SW is: SmarterMail 4.x on Windows2003 and SPAM/Virus-Filtering is done by Declude EVA. And the customers should be able to receive their eMails via SmarterMail directly (bypass Alligate). Any chance on doing this with Alligate ? Uwe --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Version 6
AH HA Well now I see. Yea I use F-prot as a low cost AV scanner for remote locations. I no longer use it on Declude/SmarterMail since it includes AVG and I see no reason for belts and suspenders. Version 3 is still available for now as is Mcafee. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Wednesday, March 14, 2007 1:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] F-Prot Version 6 As Andrew pointed out, you did not read the fine print. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Tuesday, March 13, 2007 8:50 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] F-Prot Version 6 F-prot is $50 for 10 licenses per year. $5 per machine per year. Version 6 Why is that not still reasonable? Please explain -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Thursday, February 01, 2007 8:33 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] F-Prot Version 6 Changed when they released the new version. About 3 months back. Check the archives of this list. We were complaining about it. We dumped using their product and just use the AVG built into Declude. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 01, 2007 3:33 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-Prot Version 6 When did their licensing change? F-Prot used to be extremely reasonable. Don - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Wednesday, January 31, 2007 11:14 PM Subject: RE: [Declude.Virus] F-Prot Version 6 Read the license. It may be compatible but the licensing is expensive. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Dodell Sent: Wednesday, January 31, 2007 7:26 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] F-Prot Version 6 Been using F-Prot version 3 for years ... and now getting notices to upgrade to version 6. Anyone done this yet, and is it still compatible with Declude/Imail, etc? David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Version 6
F-prot is $50 for 10 licenses per year. $5 per machine per year. Version 6 Why is that not still reasonable? Please explain -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Thursday, February 01, 2007 8:33 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] F-Prot Version 6 Changed when they released the new version. About 3 months back. Check the archives of this list. We were complaining about it. We dumped using their product and just use the AVG built into Declude. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 01, 2007 3:33 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] F-Prot Version 6 When did their licensing change? F-Prot used to be extremely reasonable. Don - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Wednesday, January 31, 2007 11:14 PM Subject: RE: [Declude.Virus] F-Prot Version 6 Read the license. It may be compatible but the licensing is expensive. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Dodell Sent: Wednesday, January 31, 2007 7:26 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] F-Prot Version 6 Been using F-Prot version 3 for years ... and now getting notices to upgrade to version 6. Anyone done this yet, and is it still compatible with Declude/Imail, etc? David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t
Yes this is plain DUMB. He should be shot IMO. Declude should look at this as a way to get people off the list. More people leave lists when things like this happen than at any other time. Douglas Cohn VP Engineering Photogra, Inc. www.photogra.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, January 04, 2007 5:43 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t Ok, this makes it over a hundred received this afternoon. Declude, would you kindly remove him from the list so we don't all get inundated with more autoreplies? Also, this is a gentle reminder to be a good list netizen and don't use autoresponders for addresses that you use to subscribe to lists. If you need to use autoresponders, just set up a separate email address for list subscriptions and don't use one there. All the best, Darin. - Original Message - From: roconnor [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Thursday, January 04, 2007 4:24 PM Subject: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t I'm currently on a business trip down south and will be returning January 5th, 2007. If this is an emergency please call our office at 360.527.9111 Thanks, Rick --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t
I like both options. But killing him is also a good idea Douglas Cohn VP Engineering Photogra, Inc. www.photogra.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, January 04, 2007 6:01 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t So - shall we all call that emergency number and ask that he turn off his vacation notice, or shall we just fake the return address an unsubscribe him since the Declude staff is not taking action? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, January 04, 2007 04:48 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t 75 over 45 minutes. Dumb... Darin. - Original Message - From: Colbeck, Andrew [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Thursday, January 04, 2007 4:12 PM Subject: RE: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t I think I received 36 of them. Andrew. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Edmonds Sent: Thursday, January 04, 2007 12:55 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t Importance: High Is it me or did everyone get this autoresponder about 300 times? Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of roconnor Sent: Thursday, January 04, 2007 9:45 PM To: declude.virus@declude.com Subject: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t I'm currently on a business trip down south and will be returning January 5th, 2007. If this is an emergency please call our office at 360.527.9111 Thanks, Rick --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Sender.eml was sent even though forging virus?
Isn't it better to just remove all the eml files so as to be more of the solution and less of the problem. It just seems that is all of us stopped sending eml's that millions of useless messages would be stopped. What am I missing? What value do these messages possibly have? Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Wednesday, December 13, 2006 1:45 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Sender.eml was sent even though forging virus? Oh? I've never had the problem with my external McAfee scanner. Could this be a problem with Declude's internal AVG scanner? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, December 13, 2006 01:11 PM To: declude.virus@declude.com Subject: re: [Declude.Virus] Sender.eml was sent even though forging virus? I've seen similar behavior with viruses found by AVG. Original Message From: Andy Schmidt [EMAIL PROTECTED] Sent: Wednesday, December 13, 2006 12:42 PM To: 'Declude Virus List' declude.virus@declude.com Subject: [Declude.Virus] Sender.eml was sent even though forging virus? Hi, My sender.eml has the line: SKIPIFFORGING And my virus.CFG has: AUTOFORGE ON FORGINGVIRUS Anonymous Driver FORGINGVIRUS Antiman FORGINGVIRUS Avril FORGINGVIRUS Bagle Yet, declude virus just sent the sender.eml for the following details: File:Unknown File Result: FoundI-Worm/Bagle Message ID:[EMAIL PROTECTED] Our Domain:Schmidt.AS for Schmidt.AS Queue ID: D324e0153b795.smd Based on these headers: -Original Message Headers- Received: from [62.93.44.11] [62.93.44.11] by hm-software.com with ESMTP (SMTPD-9.10) id A24E331D0; Wed, 13 Dec 2006 12:03:10 -0500 Date: Wed, 13 Dec 2006 18:03:11 +0100 To: Andy [EMAIL PROTECTED] From: Webmaster [EMAIL PROTECTED] Subject: price 13-Dec-2006 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=oibzhbgyvnajpcxfwpdt --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Slightly OT: Encrypting or Securing Email Content
Hey stupid me but why not use a file transfer program for transferring files and not worry about what you block in email. That is what FTP was invented for anyway. If you have any type of Intranet or help desk system you should have a place that allows users to both upload files and download files. Email was never designed as a method of transferring files. Even though it is used that way all too often. A Simple web pahe with ASPUpload and another page with the shared files would solve your issue. Make it more complex and set access rights on the files as well. Just my two cents Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Tuesday, October 11, 2005 1:26 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] Slightly OT: Encrypting or Securing Email Content We're looking for a simple way to opportunistically allow our users to encrypt or password-protect certain emails and/or their attachments that contain sensitive data. We're running Declude Pro and have banned EZIP extensions (the highly recommended suggestion from several people on this forum), so that kinda rules out PKZIP and any kind of ZIP program (because as soon as you password-protect a ZIP file, it becomes an EZIP file). We looked at PGP, but it seems very complex and seems to require a hardware proxy in between our mail server and the Net. Is there a simple and effective way to encrypt or password protect documents for email transmission that doesn't cause problems with Imail or Declude and doesn't require software to be installed on the recipient's end? Thanks. Kevin --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Version 3.0.5.5
This is why I always wait for the bleeding edge people to suffer before I touch anything. After all the bugs get worked out of it and then 4 or 5 weeks later I will install it. But without you guys nothing would ever get going. So thanks. Diug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, September 30, 2005 11:39 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Version 3.0.5.5 Harry, The install procedure is being updated. David Barker www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Friday, September 30, 2005 11:34 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Version 3.0.5.5 Hi David One almost needs to know less using this method than having to go and uninstall the service and then reinstall it Will you make this file available in this manner in the future or will the install procedure be updated to help simplify things. I strive to have the greatest simplicity in operating my servers. It means I am spending less time with them and more with my customers. Thank you Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, September 30, 2005 11:11 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Version 3.0.5.5 Undocumented but here it is for those on the board who know what they are doing. IMAIL http://www.declude.com/Version/3055/IM/decludeproc3055.exe SMARTERMAIL http://www.declude.com/Version/3055/SM/decludeproc3055.exe David Barker www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Thursday, September 29, 2005 5:35 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Version 3.0.5.5 Thanks That's seems like a lot to do for such a simple process. Is it not just the decludeproc.exe that needs to be replaced? If so then stopping the service, replace the file with the new one and then starting it, would be quicker to do. Is there anywhere we can get just the new decludeproc.exe? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, September 29, 2005 5:15 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Version 3.0.5.5 Harry, The message on my system just said you need to remove the last version. Once I did that and re-ran the update all was well. Darrell -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Harry Vanderzand writes: I downloaded this update stopped decludeproc ran the update got message: Another version is already running, cannot update what's up with that? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Billman Sent: Thursday, September 29, 2005 2:53 PM To: Declude.Virus@declude.com; Declude.JunkMail@declude.com Subject: [Declude.Virus] Version 3.0.5.5 Declude Version 3.0.5.5 is available on the website for download. There are two changes from version 3.0.5.3 1.Fix for special character scanning causing abnormal termination. Special thanks to John Tolmachoff for identifying and helping us fix this nasty. 2.For SmarterMail only. Correctly handle parsing the XML file for the email installation path. SY, Bill Billman Declude -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.7/112 - Release Date: 9/26/2005 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an
RE: [Declude.Virus] Declude using CBL to block users sending mail?????
Here ya go Matt. The Headers as they come out of the email. It's like the pitcher covering his mouth with his glove when talking on the mound. Old habits die hard G Thank you for the detailed info. It is appreciated. This is the IP that had been in CBL 216.74.167.74. And you will see in my later reply that this IP was listed incorrectly. IE no virus was ever on that machine and the mail it detected and determined was a virus smtp engine was in fact a valid mail verifier program. (But can you really say that Is there such a thing as a VALID Mail verifier? I think not now) Return-Path: [EMAIL PROTECTED] Sun Jun 12 19:02:39 2005 Received: from photoadmin1.photograsupport.com [64.15.255.100] by photoimail1.photogra.com with SMTP; Sun, 12 Jun 2005 19:02:39 -0400 Received: from mail.inetservers.com [64.15.252.17] by photoadmin1.photograsupport.com with SMTP; Sun, 12 Jun 2005 19:02:06 -0400 Received: from UnknownHost [216.74.167.74] by mail.inetservers.com with SMTP; Sun, 12 Jun 2005 16:00:38 -0400 From: douglas cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Test inetservers Date: Sun, 12 Jun 2005 16:00:32 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcVviWNwVbHTbsZpSuy0Fh8yTDTA0w== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Declude-Sender: [EMAIL PROTECTED] [216.74.167.74] X-Declude-Spoolname: 37291275.EML X-Declude-Scan: Score [10] at 16:00:47 on 12 Jun 2005 X-Declude-Fail: CBL, WEIGHT10 X-Country-Chain: UNITED STATES-destination X-SmarterMail-Spam: SPF_None X-Rcpt-To: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, June 13, 2005 9:14 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Declude using CBL to block users sending mail? Andrew, Just to clear up any confusion, this message was sent by Doug through his own SmarterMail/Declude server, so his IP was the connecting hop and the DYNA/hop limiting tricks won't have an effect here. I think it might be valuable if people resisted the temptation of removing IP's from headers when shared because those that might help out would often benefit from this information. Sometimes it doesn't really matter of course, and Doug did give enough information to figure this out, but the three received headers were confusing without a careful read. Matt Colbeck, Andrew wrote: Doug, you're probably scoring on multiple hops by setting your HOPHIGH in global.cfg ... If you don't want RBLs to score on multiple hops, just comment out that HOPHIGH line. Alternatively, rename your CBL test to CBL-DYNA (don't forget to change the global.cfg definition plus the action line wherever it appears in your configuration files (e.g. CBL WARN to CBL-DYNA WARN). Andrew 8) p.s. Is your own machine's address on the Internet, or was CBL listing an internal, non-routable IP address like 192.168.1.1 ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Monday, June 13, 2005 5:03 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Declude using CBL to block users sending mail? My desktop IP was erroneously listed on CBL. It seems that declude is checking autheticated users sending mail for CBL and according to CBL this is wrong. SEE below Here is the header showing what went on with the actual Ips removed to proect the innocent (ME). But it sure seems that my desktop machine is the one being checked and shown as on CBL. Had 10 points been enough I would not have been able to send mail. The ONLY address within the below HEADER that was actually listed in the CBL is the HOST machine sending the email. NOT the MAIL servers but MY DESKTOP of which I am an authenticated sender. Why would declude check an authenticated sender on the CBL list? This all started because Smartermails SPAM does NOT check the authenticated senders and this is what confused me intially. IE I thought Smartermails SPAM was not working properly on another server where I do NOT have declude ANTISPAM installed. BUT as you see according to CBL it should NOT detect CBL on an autheticated senders IP. According to CBL this is not how the list is designed. Return-Path: [EMAIL PROTECTED] Sun Jun 12 18:35:56 2005 Received: from forwardeddestinationmailserver [123.123.123.123] by forwardeddestinationmailserver with SMTP; Sun, 12 Jun 2005 18:35:56 -0400 Received: from decludesmtpserver [456.456.456.456] by destinationmailserver with SMTP; Sun, 12 Jun 2005 18:35:20 -0400 Received: from UnknownHost [IP-in-CBL=MY DESKTOP] by decludesmtpserver with SMTP; Sun, 12 Jun 2005 18:34:59 -0400 From: douglas cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Test cbl Date: Sun, 12 Jun 2005 18:34:52 -0400 MIME-Version: 1.0 Content-Type: text
RE: [Declude.Virus] Declude using CBL to block users sending mail?????
to drop scores of such tests, and the net result of this would be trapping more spam with fewer false positives if you weight things optimally. Matt Douglas Cohn wrote: My desktop IP was erroneously listed on CBL. It seems that declude is checking autheticated users sending mail for CBL and according to CBL this is wrong. SEE below Here is the header showing what went on with the actual Ips removed to proect the innocent (ME). But it sure seems that my desktop machine is the one being checked and shown as on CBL. Had 10 points been enough I would not have been able to send mail. The ONLY address within the below HEADER that was actually listed in the CBL is the HOST machine sending the email. NOT the MAIL servers but MY DESKTOP of which I am an authenticated sender. Why would declude check an authenticated sender on the CBL list? This all started because Smartermails SPAM does NOT check the authenticated senders and this is what confused me intially. IE I thought Smartermails SPAM was not working properly on another server where I do NOT have declude ANTISPAM installed. BUT as you see according to CBL it should NOT detect CBL on an autheticated senders IP. According to CBL this is not how the list is designed. Return-Path: [EMAIL PROTECTED] Sun Jun 12 18:35:56 2005 Received: from forwardeddestinationmailserver [123.123.123.123] by forwardeddestinationmailserver with SMTP; Sun, 12 Jun 2005 18:35:56 -0400 Received: from decludesmtpserver [456.456.456.456] by destinationmailserver with SMTP; Sun, 12 Jun 2005 18:35:20 -0400 Received: from UnknownHost [IP-in-CBL=MY DESKTOP] by decludesmtpserver with SMTP; Sun, 12 Jun 2005 18:34:59 -0400 From: douglas cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Test cbl Date: Sun, 12 Jun 2005 18:34:52 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcVvnvNNt9F+fMW3RTWO2wS4w3LH6A== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Declude-Sender: [EMAIL PROTECTED] [IPinCBL=MY DESKTOP] X-Declude-Spoolname: 37296653.EML X-Declude-Scan: Score [10] at 18:35:09 on 12 Jun 2005 X-Declude-Fail: CBL, WEIGHT10 X-Country-Chain: UNITED STATES-destination X-SmarterMail-Spam: SPF_None X-Rcpt-To: [EMAIL PROTECTED] http://cbl.abuseat.org/ We're getting a lot of reports of spurious blocking caused by sites using the CBL to block authenticated access to smarthosts / outgoing mail servers. THE CBL is only designed to be used on INCOMING mail, i.e. on the hosts that your MX records point to. If you use the same hosts for incoming mail and smarthosting, then you should always ensure that you exempt authenticated clients from CBL checks, just as you would for dynamic/dialup blocklists. Another way of putting this is: Do not use the CBL to block your own users. --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Declude using CBL to block users sending mail?????
Now to my final question and the reason all of this happened. Imagine you work for developers that have an opted in mailing list with close to a million email addresses. Valid opted in users. When someone opts out they are removed. They can email opt out, they can even call the office and opt out, all legit. BUT over the years none of the bunk email addresses were ever cleaned from the list. (As I said opt outs are removed). Additionally in the early days email formation validity was not even checked so there may be addresses without an @ sign or addresses with @@@ etc etc etc. So the goal was two fold. 1. Correct the process so future newsletters that are sent process the bounces properly and remove any email addresses associated with hard bounces. 2. Run the current list through some kind of email verification program to avoid sending 1,000,00 extra emails over the course of the next few months as additional newsletters go out. They do NOT go out often, maybe 6 or 8 per year which helps the list remain valid. They are not spammers. Hence the issue. How do you clean such a list? I tried Advanced maillist verifier AMV). Advanced Email verifier (AEV) and BulkVerifier. Now all of these programs seem like they may work but they get your ips in trouble. Furthermore what struck me as very odd is all of them are at least 2 years old at a minimum and no further dev has been done on them since. This led me to believe the obvious. You simply cannot use these programs anymore in today's environment. That said I would like something that could at least look at the address and verify that it indeed created correctly and then verify that the domain is a valid mail domain. I played with DIG and DIG does return the info for you to determine if the domain is valid but it requires a lot of work to write a routine that would correctly validate the domains. I was using Dig domainame MX The problem is the return codes are not very easy to work with. It's not like I get a different errorlevel returned based on whether the domain has a valid MX record or not (which would be nice). Any ideas are appreciated. Regards Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Monday, June 13, 2005 11:34 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Declude using CBL to block users sending mail? - Original Message - From: Matt So it would be possibly useful in this case, but again, solving the issue that created the CBL listing is the most direct route, and less dependencyon any particular test by adding something like Sniffer and reducing weights on such things I think is still the best overall solution. Not to mention that anything done to reduce the weight of messages into you own system does nothing to control how others may be using CBL to weight or block spam coming into their systems. So as Matt said, the best thing to do is correct whatever issue got you listed in the first place, and then focus your efforts on getting the listing removed. Bill --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude using CBL to block users sending mail?????
My desktop IP was erroneously listed on CBL. It seems that declude is checking autheticated users sending mail for CBL and according to CBL this is wrong. SEE below Here is the header showing what went on with the actual Ips removed to proect the innocent (ME). But it sure seems that my desktop machine is the one being checked and shown as on CBL. Had 10 points been enough I would not have been able to send mail. The ONLY address within the below HEADER that was actually listed in the CBL is the HOST machine sending the email. NOT the MAIL servers but MY DESKTOP of which I am an authenticated sender. Why would declude check an authenticated sender on the CBL list? This all started because Smartermails SPAM does NOT check the authenticated senders and this is what confused me intially. IE I thought Smartermails SPAM was not working properly on another server where I do NOT have declude ANTISPAM installed. BUT as you see according to CBL it should NOT detect CBL on an autheticated senders IP. According to CBL this is not how the list is designed. Return-Path: [EMAIL PROTECTED] Sun Jun 12 18:35:56 2005 Received: from forwardeddestinationmailserver [123.123.123.123] by forwardeddestinationmailserver with SMTP; Sun, 12 Jun 2005 18:35:56 -0400 Received: from decludesmtpserver [456.456.456.456] by destinationmailserver with SMTP; Sun, 12 Jun 2005 18:35:20 -0400 Received: from UnknownHost [IP-in-CBL=MY DESKTOP] by decludesmtpserver with SMTP; Sun, 12 Jun 2005 18:34:59 -0400 From: douglas cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Test cbl Date: Sun, 12 Jun 2005 18:34:52 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcVvnvNNt9F+fMW3RTWO2wS4w3LH6A== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Declude-Sender: [EMAIL PROTECTED] [IPinCBL=MY DESKTOP] X-Declude-Spoolname: 37296653.EML X-Declude-Scan: Score [10] at 18:35:09 on 12 Jun 2005 X-Declude-Fail: CBL, WEIGHT10 X-Country-Chain: UNITED STATES-destination X-SmarterMail-Spam: SPF_None X-Rcpt-To: [EMAIL PROTECTED] http://cbl.abuseat.org/ We're getting a lot of reports of spurious blocking caused by sites using the CBL to block authenticated access to smarthosts / outgoing mail servers. THE CBL is only designed to be used on INCOMING mail, i.e. on the hosts that your MX records point to. If you use the same hosts for incoming mail and smarthosting, then you should always ensure that you exempt authenticated clients from CBL checks, just as you would for dynamic/dialup blocklists. Another way of putting this is: Do not use the CBL to block your own users. --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot update
They always said it!! Here's the previous update notice We recommend that users of F-Prot Antivirus for Windows update their programs to version 3.16b as soon as possible. Please visit our update center to update your program now: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J PorterSent: Thursday, June 09, 2005 2:14 PMTo: Declude.Virus@declude.comSubject: [Declude.Virus] F-Prot update I received a notice for 3.16c update from Frisk.I don't recall it being normal for them to recommend updating ASAP.Anyone tried it yet?~Joe
RE: [Declude.Virus] Second Scanner
Mcafee is a CPU HOG. Uses double the CPU of Fprot. I have a low powered machine and cannot even run Mcafee but fprot is no problem. Both is unreal. This is the mcafee command line scanner. The declude archive includes a Wget updater that works fine. I use a 4NT update script but the Wget is probably better I have just been too lazy to change it back. Of course you will not that the Website clearly states you are required to have a license to mcafee before you use this code which is readily available to all. You can also download the daily dats which are considered BETA quality but that's fine with me. Unluckily I do not use the with declude because smartermail and mcafee are just more than the measly server I have this one can handle. Luckily Smartermail and fprot are working just fine with declude and I have nothing to complain about (ESPECIALLY SINCE I GOT RID OF THAT IMAIL --- Blech). Here is a mcafee command line scanner. ftp://ftp.nai.com/CommonUpdater/ Download the latest superdat (sdat.exe) file from the Network Associates ftp site. Now you must unpack it using the /e parameter. From the mcafee folder, run sdat.exe /e (where is the version number, for example sdat4290.exe). When unpacking you don't see anything happen for about 20 seconds, just wait for it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Thursday, June 02, 2005 6:12 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Second Scanner Matt posted speed comparison's I'd say about a year ago. I use F-Prot ClamAV and McAfee - Original Message - From: David Sullivan [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Thursday, June 02, 2005 4:50 PM Subject: [Declude.Virus] Second Scanner I know this comes up every now and then, but the last thread I can find is from May 2004. I was interested in what folks were using as a second scanner aside from F-Prot. I've heard AVG is good but slow, Kaspersky fast with updates but expensive, MacAfee good but hard to get a command line. I thought someone had posted some stats about this but can't find them. Any suggestions? -- Best regards, David mailto:[EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Orphaned eml files SMARTERMAIL current DECLUDE 206
It was been about 2 weeks since I reported this issue and I just found files in my proc dir again even though I upgraded to the version you told me to use below. I was under the impression this version [2.0.6.10 (or higher) incremental release;], as stated by you, resolved the issue. Yet it does nothing of the sort. I see no difference between this and what was happening before. I must still manually move the messages back to have them get processed. Why can't you do something in the meantime until you find a solution. Do something meaning make sure the files do not end up in the proc dir. Or at least tell us the truth so I downgrade to 205 where the issue does not occur. That I had to discover this myself is very distressing. I agree you have been more proactive but this is till upsetting. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ralph Krausse Sent: Wednesday, May 11, 2005 9:39 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Orphaned eml files SMARTERMAIL current DECLUDE 206 A few customers have reported similar issues with orphaned eml files and we are working on a resolution. In the meantime we would recommend implementing the 2.0.6.10 (or higher) incremental release; it does not run the routine to reprocess email. Declude Engineering -- -Original Message- -- From: [EMAIL PROTECTED] [mailto:Declude.Virus- -- [EMAIL PROTECTED] On Behalf Of Douglas Cohn -- Sent: Tuesday, May 10, 2005 9:01 PM -- To: Declude.Virus@declude.com -- Subject: [Declude.Virus] Orphaned eml files SMARTERMAIL current DECLUDE -- 206 -- -- I have orphaned hdr files in my spool directory like this -- -- C:\SmarterMail\Spool\62298363.~DR -- -- Then I found this in proc -- -- C:\SmarterMail\Spool\proc\62298363.EML -- -- Has anyone else seen this? -- -- Doug -- -- --- -- [This E-mail scanned for viruses by Declude Virus] -- -- -- --- -- This E-mail came from the Declude.Virus mailing list. To -- unsubscribe, just send an E-mail to [EMAIL PROTECTED], and -- type unsubscribe Declude.Virus.The archives can be found -- at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Orphaned eml files SMARTERMAIL current DECLUDE 206
I have orphaned hdr files in my spool directory like this C:\SmarterMail\Spool\62298363.~DR Then I found this in proc C:\SmarterMail\Spool\proc\62298363.EML Has anyone else seen this? Doug --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ALLOWVULNERABILITIES Directive
THANK YOU FOR THE Participation in the forum!!! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ralph KrausseSent: Wednesday, May 04, 2005 9:11 AMTo: Declude.Virus@declude.comSubject: [Declude.Virus] ALLOWVULNERABILITIES Directive We are currently looking into a possible issue with this directive. We will be shortly releasing a incremental version with some enhancements and fixes. If ALLOWVULNERABILITIES does have an issue, it will be dealt with and documented. Thank you Declude Development
RE: [Declude.Virus] f-prot update script
This update is the worst method IMO (The one referenced in the link here). I used to update every hour and using this I would find the machine with the updater hung on the screen timed out at least once a week. W2K Server SP4. What OS are you using it on where it does NOT create issues? I started writing a simple updater using 4NT copy /u which copies across anonymous ftp and http links and only copies new files. Perfect but then I read somewhere that fprot has no FTP updates available anymore so I rewrote the one for Mcafee command line instead since I do not have the full version installed on this machine and do not want to install the full version. The script pulls the superdat expands it and then the daily dat. I could not get the wget Mcafee script from the Declude links to work for long either. Wget got corrupted after 2 days saying it was not a valid win32 application. Those links on the Declude site should be removed as that stuff does not work anymore. 4NT from Jpsoft is simply the best tool for the job anyway. That and unzip from infozip and it is done. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Monday, May 02, 2005 11:21 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] f-prot update script Daniel, Give this a try: http://www.f-prot.com/support/windows/fpwin_faq/88.html -Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Ivey Sent: Monday, May 02, 2005 11:06 AM To: 'Declude.Virus@declude.com' Subject: RE: [Declude.Virus] f-prot update script I have tried using this script. I keep getting an error referring to wget.exe and it doesn't update F-Prot. Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 [EMAIL PROTECTED] -Original Message- From: Goran Jovanovic [mailto:[EMAIL PROTECTED] Sent: Monday, May 02, 2005 11:02 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] f-prot update script Take a look at: http://www.declude.com/Articles.asp?ID=100 F-Prot for DOS updater - A batch file that automatically updates F-Prot and its virus definitions (old version here), and a Cygwin version, and a complete .ZIPed version. Finally, a Simple version! Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Daniel Ivey Sent: Monday, May 02, 2005 9:52 AM To: 'Declude.Virus@declude.com' Subject: [Declude.Virus] f-prot update script Does anyone have an f-prot update script that they wouldn't mind sharing? I have tried one that I found, but never could get it to work. Any help is appreciated. Thanks, Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Who is minding the store
Plus, if they actually integrate our feedback, we'll buy the support agreement in order to download the latest fruits of our labor. :) Yes that is a key point and the reason I always rushed out to renew in the past. I sent this email because now I am not so sure. And I know others that have the same feelings. Renew or not renew. I was told the company would be run in the same high quality manner as before. Clearly that is not the case. Without knowing the coders know their stuff relating to spam it is quite risky to take the chance with such a small company. We knew Scott was the best, who are the people that took over the reins and what credentials do they have. I mean Symantec cannot do it right and I should trust someone who won't participate in their own forums? If Scott would chime in here and say DON'T worry Doug these people know their stuff, you are in good hands. I would order a renewal. But he left. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan Sent: Sunday, May 01, 2005 5:59 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Who is minding the store Douglas Cohn wrote: Using this forum for support is certainly less expensive to the company ... unless you're charging for support, then it could be viewed as a losing proposition to assist in free support. I fear this may be the mindset. This view, is, of course, entirely wrong; as you mentioned, our RD feedback is very valuable-worth more than a support contract. Plus, if they actually integrate our feedback, we'll buy the support agreement in order to download the latest fruits of our labor. :) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Is this sort of stuff necessary on a list?
Or even allowed on a list What many lists I belong to help avoid this is disallow any reposting of the footers. That way an automated process like this would never get through. It requires the users posting, us, to cut off the footers manually but that keeps the lists mean and lean. Initially I hated it but they are right. They do not allow HTML and they allow no footers and it works well. Jpsoft.com is one such list DFC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Stillwell Sent: Monday, May 02, 2005 2:59 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Is this sort of stuff necessary on a list? Hahaha.. Yeah, I agree. - Original Message - From: Chuck Schick [EMAIL PROTECTED] To: Declude. Virus Declude.Virus@declude.com Sent: Monday, May 02, 2005 2:49 PM Subject: [Declude.Virus] Is this sort of stuff necessary on a list? I posted to list about a virus problem then I get this stupid (IMHO) challenge-response stuff. If everyone did this on all the lists I belong to - I would do a posting and then spend the next 3 days answering all the challenge-responses. I think I will report this as spam. Dear Greg Hedgepath - get a clue. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com Dear Chuck, Thanks for your email, but at this point I have NOT actually received your message because I have implemented a challenge-response based anti-spam solution. Before I can receive your message you must respond in ONE of the ways outlined below. --- CLICK ON THE URL --- Visit the following URL and follow the simple instructions. When you do this I will receive the message you sent and ALL future messages. http://spambot.ahphosting.net/?key=6811e93e.42766ac2.5a637c50 If the above URL does not appear all on one line, copy and paste it into your browser's address bar. PLEASE NOTE: If you receive an error message when attempting to visit the above URL, it is very likely that your network is not allowing you to visit my confirmation page. If this is the case, contact your network administrator for help, or contact me by telephone. You will not have to do this again. --- REPLY TO THIS MESSAGE --- Simply reply to this email message ensuring the subject of your reply contains the subject of this message. When your reply arrives I will receive your ORIGINAL message and all FUTURE messages. Or as an alternate method follow these instructions: If you do not respond within 7 days, your message will be DELETED and I will not be able to receive messages from you in the future. I apologize for this small one-time inconvenience, but I have been forced to implement this challenge-response based anti-spam solution to eliminate 100% of the spam I receive, and it really works! To learn more about the software I am using to stop spam, please visit http://www.Zaep.com/. Zaep has stopped 100% of all the spam messages I was receiving every day. Thank you, Greg Hedgepath --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com --- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Who is minding the store
What I find very odd is where is declude technical participation on this list? Since Scott left I see no SOLID ANSWERS to many questions. Answers that often came from Scott. I surely understand that there are many very skilled programmers, technicians and network managers that are all communicating on this forum BUT is simply not the same without Scott or his replacement. Not the same in a very important sense though. It seems to me that declude is no longer learning anything from this forum and while it may serve the purpose for some users I fear that the information being posted here no longer has that Perry seal of approval. What I mean by that is if someone said something that was simply wrong Scott would debate the response and show why it was wrong. Since, as you all know, many posters are extremely skilled technicians and their answers are taken as fact and many times they are fact. But it only requires one piece of misinformation to wreck a server So again I ask where is declude and why are they not participating in this forum. I have this feeling in my gut that EVERYTHING that is done is based on the direct return. While that is completely understandable in any business venture decisions like this should be thought about very carefully. While it may appear like a loss to pay programmers and skilled support people to read through every email and debate the responses the final outcome should result in the same outcome Scott got from it. That is a more refined product that works better and is field tested and field proven. PLUS the reality that many people used these forums as their sole route to support. Using this forum for support is certainly less expensive to the company and more conducive to better results since 2 heads are better than one and so on (3 are better than 2). For a second just now I got the feeling that maybe they do not want to give away support since it is NOT required to have an active support contract to be on this list. If that is the reason than it is just another reason to look for another company for Spam and Virus protection on my mail server. The software was purchased originally and forum support is almost always available to all users especially those without support contracts. The support contract should add access to updates and direct phone support. Scott handed the new owners a built in RD Department full of many very skilled professionals willing to assist at no charge so they can get the best product available. From what I see no effort has been made to make use of it and every day that goes by more key people are dropping off and losing faith in declude. In the end everyone suffers. This should have been looked at as one of the most valuable support resources included in the deal and ignoring it is plain dumb (sorry but there is no better word). How can I have any faith in declude's stability going forward? Considering this what do the rest of you have to say? I am NOT saying declude software is not doing a good job right now since I am running 1.82 but after 1.82 what will there be? Who is writing the code and why would any of us trust that code? If they would communicate on the list we could see what we are dealing with and if they are not up to snuff YET they can continue communicating and probably get there. If not then they were not suited for the job anyway and again Declude as a company has used this forum to improve their company. I would like to see declude answer this post on the list and of course without starting an argument since that is the furthest thing from my mind. While I may not be overjoyed in losing Scott from this list I really do NOT KNOW how things stand at this company. That is common for many companies but declude was different which made it an Excellent company to do business with. I do not believe that the only way to get that excellence is by getting Scott back. I believe that they can follow that formula and attain the same success in excellent product development and support. JUST MY TWO CENTS, what are your thoughts on this very important, very appropriate subject. ***NOTE: PLEASE CORRECT ME IF I AM WRONG. I AM QUITE AWARE I MAY BE COMPLETELY LOST AND HAVE NO IDEA WHAT I AM TALKING ABOUT. IF THAT IS TRUE PLEASE SHOW ME WHERE I AM WRONG. I am a big boy and very willing to admit being wrong if I a have stated anything that is false. Regards, Doug --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Skipifforging not working on Mytob
The only other difference is that I'm using SmarterMail. That cause your Smarter. The difference between SmarterMail and Imail is just unreal. It is like the difference between breathing and having a plastic bag over your head. Imail always sucked but I lived with it because I owned a copy from a previous business venture and Declude worked great. I cannot imagine what anyone else's excuse is G but I am sure they exist and are valid as well. But Smartermail is so much faster, smoother nicer need I say more. It also does not choke on every little thing that pounds the server. Dump Imail and be glad you did. Just my 1 cent. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shayne Embry Sent: Friday, April 15, 2005 12:53 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Skipifforging not working on Mytob I have also been experiencing this, for over a week. I'm only using F-Prot, but have added the appropriate lines to eml and virus.cfg files as John has. The only other difference is that I'm using SmarterMail. Shayne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Friday, April 15, 2005 10:48 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] Skipifforging not working on Mytob Shortly after adding ClamAV to the Imail Server a few days ago, my system started sending virus notices on Mytob (and so far, only Mytob) even though I have SKIPIFFORGING in the sender.eml, recip.eml and postmaster.eml, plus I have Mytob in the list of forging viruses in the virus.cfg. In the virus log lines below, scanner 1 is F-Prot and scanner 2 is ClamAV. The timing to the addition to ClamAV may be only a coincidence. Any ideas about what's happening? Thanks, John Notice lines: == Declude Virus 2.0.5 caught a incoming virus Subject: hello From: [Forged] To: [EMAIL PROTECTED] Msg ID: [EMAIL PROTECTED] Queue#: D74590703010e25a9.SMD Remote IP: 63.197.109.187 Virus Name/File: W32/[EMAIL PROTECTED] data.zip postmaster.eml == SKIPIFFORGING From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: E-mail virus notice Declude Virus %VERSION% caught a %INOROUT% virus Subject: %SUBJECT% From: %MAILFROM% To: %ALLRECIPS% Msg ID: %MSGID% Queue#: %QUEUENAME% Remote IP: %REMOTEIP% Virus Name/File: %VIRUSNAME% %VIRUSFILE% Headers: %HEADERS% Virus log lines: 04/15/2005 02:59:36 Q74590703010e25a9 Banning .ZIP file with exe extension. 04/15/2005 02:59:36 Q74590703010e25a9 Scanner 1: Virus=W32/[EMAIL PROTECTED] Attachment=data.zip [36] I 04/15/2005 02:59:37 Q74590703010e25a9 Scanner 2: Virus= Worm.Mytob.T-2 Attachment=data.zip [36] I 04/15/2005 02:59:37 Q74590703010e25a9 File(s) are INFECTED [W32/[EMAIL PROTECTED]: 1] 04/15/2005 02:59:37 Q74590703010e25a9 Deleting file with virus 04/15/2005 02:59:37 Q74590703010e25a9 Deleting E-mail with virus! 04/15/2005 02:59:37 Q74590703010e25a9 Scanned: CONTAINS A VIRUS [MIME: 2 58859] 04/15/2005 02:59:37 Q74590703010e25a9 From: [Forged] To: [EMAIL PROTECTED] [incoming from 63.197.109.187] 04/15/2005 02:59:37 Q74590703010e25a9 Subject: hello --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Current Stable Declude manual install IMAIL only
What is the current stable Declude version for IMAIL systems? Is there still a version that allows manual updating of declude.exe? Of course a legally licensed copy I refer to only. Doug --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Mcaffee commandline scanner is it really free with updates??
I am confused. I have recently found the Mcaffee command line scanner on several freeware apps. Is it free? They claim everything on their site is 100% legit. Additionally they even explain how to update it using the superdat. Is it too old to be properly effective?? Not the signatures but the engine of course. What is missing from the rendition of the commandline scanner because I know nothing in life is free!! Thanks DC --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What's the IFrame vulnerability
This may help http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob McGregor Sent: Thursday, December 02, 2004 1:06 PM To: Declude-List Subject: [Declude.Virus] What's the IFrame vulnerability Just wondering if someone can explain what the HTML / IFrame @ expl capture from f-prot is? is it a vulnerability or worse? thanks, bob --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Issues with F-prot 3.16 or not?
OOOPs Just got this. FRISK Software has released version 3.16a of F Prot Antivirus for Windows. More information on this release can be found on our website: http://www.f-prot.com/news/gen_news/041124_release_win316a.html We recommend that users of F-Prot Antivirus for Windows update their programs to version 3.16a as soon as possible == I see a lot of posts surrounding F-prot 3.16. I have not updated my server yet. Is there an issue with it and declude? Should the fpcmd.exe line be changed from prior to 3.16? (Scott?) One thing I do notice when using the desktop scanner version of 3.16. It detects Word macros as viruses much more frequently. It also detects several utility programs as viruses that neither previous versions of F-prot nor Norton Corp 8.0 were detecting before. Zebra's printer driver--- C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K52VK16B\ZNetUtil.zip could be an archive bomb MSDN downloads D:\CD Flat\msdn-extract\sms20sp3enu.exe-SP3enuCD/SMSSETUP/NETMON/ALPHA/McSvcps.dl l could be a corrupted executable file D:\CD Flat\W2K Server Reskit\W2KRESKIT\APPS\CRYSTAL\DISK12\CRWEXE.00_-(PackWord) could be a corrupted executable file D:\CD Flat\W2K Server Reskit\W2KRESKIT\APPS\CRYSTAL\DISK4\CRPEDLL.00_-(PackWord) could be a corrupted executable file Scan settings: Safe tools. E:\storage\Foundstone\udpflood.zip-udpflood.exe is a destructive program Virus-infected files in archives cannot be disinfected. E:\storage\InfoZip\Wiz.exe could be a corrupted executable file The scanning was aborted by the user, with infected or suspicious --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Server Virus Scanners
F-prot seems to work fine for on-demand for me but I do not have any have excel and word uploaded files. I figured since I had to buy a 10 machine license might as well make some use out of it. There is still an issue with the auto updater occassionally timing out though so I use batch files to update it. From the last I checked F-prot was faster and they release sigs sooner than most other AV companies. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Lawrence Sent: Friday, November 12, 2004 8:28 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Server Virus Scanners I am about to setup a new server and I was previously using Trend Micro's Server Protect on my other servers. I was wondering what others were using for their on-demand scanner. I'm already using F-Prot for my command line scanner with Declude, but I also need to have a server class scanner for uploaded files. This box is a web server and my clients upload word and excel files to the system. I want to be able to scan those immediately. The reason I ask about a different scanner than Trend is that my service agreement with them has expired and their marketing practices is forcing me to buy a whole new product instead of using my existing copy. So, I wanted to explore some other options before succumbing. Thanks, Dean -- __ Dean Lawrence, CIO/Partner Internet Data Technology 888.GET.IDT1 ext. 701 * fax: 888.438.4381 http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Server Virus Scanners
Ignore my previous post about F-prot on your server. It will not suffice if you need to exclude certain folders from being scanned as I have found no method that allows that yet. As you know it is lightweight cannot be optimized to ignore specific folders. For servers that are not accessed by end users I find it more than appropriate but if users are constantly uploading files it is not the correct product. Sorry for wasting time. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Lawrence Sent: Friday, November 12, 2004 8:28 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Server Virus Scanners I am about to setup a new server and I was previously using Trend Micro's Server Protect on my other servers. I was wondering what others were using for their on-demand scanner. I'm already using F-Prot for my command line scanner with Declude, but I also need to have a server class scanner for uploaded files. This box is a web server and my clients upload word and excel files to the system. I want to be able to scan those immediately. The reason I ask about a different scanner than Trend is that my service agreement with them has expired and their marketing practices is forcing me to buy a whole new product instead of using my existing copy. So, I wanted to explore some other options before succumbing. Thanks, Dean -- __ Dean Lawrence, CIO/Partner Internet Data Technology 888.GET.IDT1 ext. 701 * fax: 888.438.4381 http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Updater timing out?
I believe the updater is just very poorly written because I see this happen all the time on brand new systems that run XP SP2, W2k SP4, etc etc. With and without KVM's. The solution unlunkily is to use one of the batch files. I believe they simply do not have enough bandwidth at F-prot and the application does not handle timeouts properly. It should gracefully die and try again in 5 minutes but it does not. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joey Proulx Sent: Thursday, November 04, 2004 11:03 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-Prot Updater timing out? I'm running Declude 1.81 with F-Prot. It's on my NT 4.0 mail server, which is one of five servers we have, running on a Hawking Technology KVM. Screen saver set to go on after 5 minutes, but no hibernation or standby. I have F-Prot set to look for updates hourly...and lately I'll check the mail server and find this: --- Updater - An Error Occurred Failed to retrieve information about available updates. System Error - the operation timed out. Please check if your internet connection is working and try again. --- This seems to happen when the KVM is set to another server (shouldn't even affect it at all) and the mail server goes without human contact for a while. If I'm sitting at the mail server doing work, I'll see the updater popup on the screen and do its thing. This concerns me. Sometimes I'll check the server and see that message, then manually go in and check for F-Prot updates, and there will be some available for download. What if I was out for the week? Who knows what would get through in that amount of time... Any ideas as to what this could be? There are no f-prot errors in the Event Viewer, and no connection lapses Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] IpSwitch Collaboration Suite Yearly renewal costs up to $4995 per server per year
These are not maintenance fees but cross grade. It's only 10 TIMES the cost of the current renewal for an Unlimited version of Imail. HAHAHAHA We are dumping IMAIL within the next year. It is mopre than Exchange as far as I'm concerned. About triple the price for small in house corporate deveopers that use MSDN versions for their in house stuff. For ISPs you would have to be insane to use their crap. I mean come on. Imail was always crap but with Declude it sufficed. For these prices it is simply insane. There are plenty of products priced like the old Imail (and cheaper) and I am sure declude will be supporting one of them shortly if not already. Plus the alternates I have seen are definitely better than Imail (but that is not saying much really) DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Matuska Sent: Wednesday, November 03, 2004 5:54 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] IpSwitch Collaboration Suite Yearly renewal costs up to $4995 per server per year FYI for anyone who is contemplating going to the new version of Ipswitch's collaboration suite it looks like their yearly renewal prices are going to be about as much as the initial upgrade costs, I received the below email from IPswitch. It has been a bit since IpSwitch made their announcements re the collaboration suite, what is everyone else doing in regard to this? I am still up in the air here, but leaning further and further away from IPswitch I think. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 2:38 PM Subject: RE: Ipswitch Service Agreement Status Jim, I apologize for our delay in response. Mary is out of the office today and I wanted to get back to you. Below are the prices we have currently for subsequent renewals of ICS. The price depends on which level/version you cross grade to, for the ICS. Below are the current renewal prices. 25 User Standard Edition $ 375 Premium Edition $ 449 100 User Standard Edition $995 Premium Edition $ 1295 250 User Standard Edition $1495 Premium Edition $ 2695 Unlimited User Standard Edition $2995 Premium Edition $ 4995 Please let me know if I may further assist you. Thank you Traci Casparius Service Sales Coordinator Ipswitch, Inc. (P)781-676-5773 (F)781-676-5710 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Updater timing out?
I was not saying the batch files are bad, on the contrary they do work perfectly. It is the dumb updater that sucks. But that brings up a good point. If the issue is F-prot bandwidth why do the batch files always complete successfully??? ODD. I also use the batch files on my servers. Users desktops can deal with the occassional hung updater because the users are there to click. Additionally the f-prot updater requires a user login which is insane. We had issues even when using it via the scheduler. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, November 05, 2004 7:43 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] F-Prot Updater timing out? Batch file FTP scripts work great. Very reliable and we never have an issue with updates taking very long by not doing them on the hourjust takes a few seconds. Darin. - Original Message - From: Douglas Cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 05, 2004 7:01 PM Subject: RE: [Declude.Virus] F-Prot Updater timing out? I believe the updater is just very poorly written because I see this happen all the time on brand new systems that run XP SP2, W2k SP4, etc etc. With and without KVM's. The solution unlunkily is to use one of the batch files. I believe they simply do not have enough bandwidth at F-prot and the application does not handle timeouts properly. It should gracefully die and try again in 5 minutes but it does not. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joey Proulx Sent: Thursday, November 04, 2004 11:03 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-Prot Updater timing out? I'm running Declude 1.81 with F-Prot. It's on my NT 4.0 mail server, which is one of five servers we have, running on a Hawking Technology KVM. Screen saver set to go on after 5 minutes, but no hibernation or standby. I have F-Prot set to look for updates hourly...and lately I'll check the mail server and find this: --- Updater - An Error Occurred Failed to retrieve information about available updates. System Error - the operation timed out. Please check if your internet connection is working and try again. --- This seems to happen when the KVM is set to another server (shouldn't even affect it at all) and the mail server goes without human contact for a while. If I'm sitting at the mail server doing work, I'll see the updater popup on the screen and do its thing. This concerns me. Sometimes I'll check the server and see that message, then manually go in and check for F-Prot updates, and there will be some available for download. What if I was out for the week? Who knows what would get through in that amount of time... Any ideas as to what this could be? There are no f-prot errors in the Event Viewer, and no connection lapses Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ANN: SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.56 released
Plugs into Declude Virus??? How does it do that or was this intended for the Declude JunkMail list not the Virus list -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Tuesday, November 02, 2004 6:31 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] ANN: SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.56 released All, SPAMC32 has been updated to more easily function as a Declude 'weight' test type in addition to the default 'nonzero' type and the other command-line threshold options. See the release notes below and download from the traditional /release folder. --Sandy -- SPAMC32 Release 0.5.56 11/1/2004 * Release notes for this version: [ + Added feature] [ * Improved/changed feature ] [ - Bug fix ] [ ^ Cosmetic/naming change ] [+] Added switch '-e' to allow more granular management of SPAMD weights from a calling application. With -e enabled, SPAMC32 sets its exit code to the rounded weight received from SPAMD, regardless of client- or server- based spam thresholds. Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release / Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/downloa d/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/re lease/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Unknown virus warnings
I have been using Viruscode 8 for more than 6 months and have not received even 1 false positive, But my users are not a very large group and they most likely do not send a lot of attachments via email. I have taught them how to transfer files actually via ftp. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, October 29, 2004 11:27 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Unknown virus warnings I have not activated returncode 8 for F-prot in Declude yet because I wasn't sure if we would get to many false positives. Has anyone, or maybe f-prot themselves, any info on that? Does returncode 8 generate false positives and if so, how many? Bonno, I don't know how much false positives it would produce but I haven't never heard some customer complaining about it. Until this morning there was not more then 2 or 3 Unknown Virus warnings per day with 13000 processed messages/day. But in this case - if I have understand it right - it was very usefull to have viruscode 8 enabled. I've seen the first Unknown virus message this morning at 09:30 AM. F-prot has had updates ready 3 hours later. In the meantime there was an average of 10 Bagle.AP infected messages per minute - catched only with viruscode 8. Until I've discovered what's going on here (the unknown virus story) and adapted the virus.cfg file with appropriate BANNAME's there was a large number of messages that would be delivered without this setting. Imagine that the breakout happened at 09:30 GMT+1 So I was already at work. People in american timezones was at work when AV-companies has had updates but Mailservers are delivering messages also overnight... Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Spool Dir
I personally do not like installing anything on my Imail servers. That said I use a sinple dos batch file to delete everything that is X days old. I run it as a scheduled task daily. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Wednesday, October 13, 2004 1:15 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Spool Dir I was wondering what everyone does with the Imail\spool\virus directory. Do you delete all the files regularly? I've got 7000 files in there since I installed Declude (2 weeks ago). --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Spool Dir
FORFILES -pc:\foldername -s -m*.* -d-7 -cCMD /C del @FILE -p = path -s = include subdirs -m = match filetype -d = age in days (can also be set as an absolute date ie DDMM) note that - or + can be used here -c = command to execute -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Thursday, October 14, 2004 1:39 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Spool Dir Do you happen to have the batch? I've been writing some xcopy lines, but have had problems finding a simple date-specific delete statement. Thanks Douglas Cohn wrote: I personally do not like installing anything on my Imail servers. That said I use a sinple dos batch file to delete everything that is X days old. I run it as a scheduled task daily. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Wednesday, October 13, 2004 1:15 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Spool Dir I was wondering what everyone does with the Imail\spool\virus directory. Do you delete all the files regularly? I've got 7000 files in there since I installed Declude (2 weeks ago). --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] JS.Downloader.Trojan
I have F-prot marking my Thunderbird mail program files as JS.Downloader.Trojan. Symantec Corp 8.0 sees nothing suspicious about the files. Then today F-prot looked in some static Office 2000 files and determined that AGENTANM.DLL AGENTCTL.DLL AGENTDP2.DLL AGENTDPV.DLL AGENTMPX.DLL AGENTPSH.DLL AGENTSR.DLL All had the W32/[EMAIL PROTECTED] Again Symantec claims they are clean and they are flat storage and have not been accessed for over 18 months. I think F-prot is repotrted a little too many false positives lately. I will email them now. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, October 13, 2004 8:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] JS.Downloader.Trojan Now this morning, we get a W32.Netsky.P.dam virus via a data.zip file. I've submitted everything to F-Prot, but I'm surprised that it didn't catch these things. UGH! The .dam means damaged, another term for a corrupt, non-viable variant. Since these are harmless, many AV programs do not detect them (but some -- usually Norton -- do). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Deleting Vulnerability
You can run a scheduled task that deletes the contents of the virus folder every x minutes, hours, days. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Friday, October 01, 2004 11:02 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Deleting Vulnerability Now that 1.80 does not delete vulnerabilities even with DELETEVIRUSES ON, what is the best way of deleting them? Thanks, John --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Declude Release 1.81 - Error on Web Site
Title: Message I am sorry. I misunderstood Graphic/text. I now see the graphic is the ARROW which I never attempted to click at all. So when I said it works for me I was referring to the Text which for some dumb reason I took as graphic. (yes it's text). Both arrows definitely link to the full install. I knewshould have stopped after that third hit before BG. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy SchmidtSent: Friday, October 01, 2004 6:24 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.Virus] Declude Release 1.81 - Error on Web Site DC, may be my HTMLhas gotten a little rusty- but I think viewing the source will settle the argument: TR TD width=74A href="">http://www.declude.com/version/180/Declude_Setup.exe"STRONGIMG height=50 src=""https://www.declude.com/templates/60/images/orderreview/Icon_Download.gif">https://www.declude.com/templates/60/images/orderreview/Icon_Download.gif" width=50 border=0/STRONG/A/TD TD width=124A href="">Automatic'>http://www.declude.com/version/181/Declude_Setup.exe"STRONGAutomatic Install/STRONG/A/TD/TR TR TDSTRONGA href="">http://www.declude.com/version/180/Declude_Setup.exe"IMG height=50 src=""https://www.declude.com/templates/60/images/orderreview/Icon_Download.gif">https://www.declude.com/templates/60/images/orderreview/Icon_Download.gif" width=50 border=0/A/STRONG/TD TDSTRONGA href="">Manual'>http://www.declude.com/version/181/declude1.81.zip"Manual Install/A/STRONG/TD/TR/TBODY/TABLE/DIV Of course, you do realize that theymay have fixed this already (since I cc'ed support)? Best RegardsAndy SchmidtHM Systems Software, Inc.600 East Crescent Avenue, Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206http://www.HM-Software.com/ -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas CohnSent: Friday, October 01, 2004 06:16 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.Virus] Declude Release 1.81 - Error on Web Site Not true for me. Not even true of the link you have here in the email. You have some kind of caching going on locally it seems. DC From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy SchmidtSent: Friday, October 01, 2004 6:08 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.Virus] Declude Release 1.81 - Error on Web Site Hi, there is a slight error on the "download" page for your registered customers: Both "down" arrow buttons link to the "automatic install" executable. Only the "manual install" TEXT link actually downloads the zip file. Use of Version 1.81 requires a Valid Service AgreementDownload Now Automatic Install Manual Install Best RegardsAndy SchmidtHM Systems Software, Inc.600 East Crescent Avenue, Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206http://www.HM-Software.com/
RE: [Declude.Virus] Lines in the virus.cfg file
Now that 1.81 is released what is the recommendation by DECLUDE (SCOTT) regarding the config file.?? IE do we allow the AV software to scan jpegs by removing the line SKIPEXT JPG or do we allow Declude to take care of it completely . From what I understand (and I know ugotz) the infected jpegs are more likely to be in Web Pages then in emails. I am assuming from the threads here that people are catching infected jpegs. Or is it tests only?? DC From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg LittleSent: Thursday, September 30, 2004 12:30 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] Lines in the virus.cfg file I should eliminate (comment out) at least the JPG line right away.The new test (when it's fully ready) provides a great safty net to backup the AV programs. The new test will ignore these lines and bad JPEGs will be caught.The test is available by install a new interim version of Declude. (The test in the current intermin 1.80 has some problems so wait until they are resolved or check the other messages for details.)The best advice I've seen is to eliminate at least the JPG line, because these lines will prevent the AV programs from being called. Until last week, you could safely save some CPU time on your e-mail server by not scanning JPEGs.GregSharyn Schmidt wrote: I was looking through my virus.cfg and I noticed the following: # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG Should I now allow declude to scan jpg and gif files or is this totally different than the new jpeg vulnerability? Thanks, Sharyn --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus]
RE: [Declude.Virus] Release version
H I wasn't suggesting to unzip the contents of that zip file into the root of Imail I would assume anyone using the manual method would 1. Rename current declue.exe to declude.exe.178xxx 2. Copy new declude.exe into imail root 3. Stop start Imail smtp service You may want to try using the Winzip Classic interface to avoid the snafu you just mentioned. Either way unzip to a temp directory and move the file yourself. Or use Infozip at the command line G... Works fine by the way. Nothing blew up yet on my box DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Matuska Sent: Tuesday, September 28, 2004 2:30 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Release version Be careful if you don't uncheck the use directory option in winzip you will create a Files directory in the imail directory with the declude.exe file rather than overwriting the declude.exe file in the imail root directory when you unzip the file. Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: Douglas Cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 28, 2004 10:58 AM Subject: RE: [Declude.Virus] Release version Is it required we run the install program or can we just replace the declude.exe as in previous updates? Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, September 28, 2004 1:50 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Release version Scott, I just DLed the release and the declude -diag shows it at 1.75 Did you run the install program? Did you type \IMail\Declude -diag *EXACTLY* like that, with *NO* changes (not even changing the path)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] OT: F prot as a desktop scanner
I have used it on client machines for the past 6 months and also find it equal to Norton Corp except for one thing. It handles mail clients differently in that it does not scan email as they come in but instead seems to scan it only when you attempt to read it. Norton Corp seemed to catch the viruses as soon as the mail was popped and worked with exchange client very well also. Obviously the mail scanner should prevent viruses from passing through anyway. There is an obvious advantage to using a different product on the desktop versus the mail server in that if one product misses a virus the other should pick it up but I personally believe that the price difference between F-prot and Norton is not warranted. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Sunday, August 01, 2004 10:30 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] OT: F prot as a desktop scanner We've used it for a couple of years. Works as well as Symantec or McAfee as far as we can tell. Just make sure you set up updates and notifications properly and it works like a charm. Darin. - Original Message - From: marc catuogno [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 01, 2004 9:23 AM Subject: [Declude.Virus] OT: F prot as a desktop scanner I've been happy with F-prot on the mail server and since I know many people are using it on their servers as well, I was wondering if anyone has it deployed on their user's machines. If so I'd like to know, how well it does on regular windows XP machines. You can't beat the price Thanks - Marc --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] I do not think this should of failed.
It may be worth your time to contact Yahoo and alert them of this if it is really an issue. If they give a hoot (and they very well may) they will put some text on the page to use the Url and not the filename when sending links of maps in email. Doesn't Yahoo have a link for sending a map to somone directly on their site. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Thursday, July 15, 2004 10:48 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] I do not think this should of failed. The real issue is not one with our client base rather the other quarter of a million people who are not our clients but send email to our servers. When that email does not make it through it creates a problem for me. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Doug Anderson Sent: Wednesday, July 14, 2004 4:33 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] I do not think this should of failed. We have the same problem. DO NOT USE the email map link on the page Copy and paste the link/url into an email or email link directly from the browser to the user. The url contains all the info for creating the map. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 14, 2004 4:13 PM Subject: Re: [Declude.Virus] I do not think this should of failed. A soccer club sent an email regarding the location of soccer practice. Declude appeared to catch it because of a yahoo map link to the soccer fields. It would seem to be a common practice for someone to use a map link for directions. Copy of logfile below. How do we prevent this from happening in the future? I do not have any clout with Yahoo so I doubt I could get them to change their nomenclature. Unfortunately, filenames longer than 256 characters are very unsafe. If Yahoo chooses to use filenames greater than 256 characters, they need to understand that their E-mails are going to be blocked. It sounds like Yahoo just changed their file naming system. Note that it is fine for them to have a *link* that is longer than 256 characters, it is only the filename that has the problem. In this case, the filename was overviewmap_OVMAPDATA=Ypg91eR32XWTWSco9NwX6snk0KVRpsRh.tpax9mLk followed by at least 158 more characters. In general, if the average person isn't going to be able to type a filename without making a typo after a few tries, it shouldn't be used as a filename. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. *Scanned for viruses by Declude Virus* *Scanned for viruses by Declude Virus* --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Mcafee command line scanner
That is the correct price for that LICENSE LEVEL (L) VCLCAE-AA-LH But you must be GOVERNMENT and I believe that price is for 10,000+ copies. License Pricing IDIQ:Level L,Volume:,Government: McAfee VirusScan Command Line Scanner Standard - complete package Specifications General Compatibility PC: Operating System License qty 1 node License type Complete package Licensing program Network Associates TSP Licensing Program System Requirements Min operating system Microsoft DOS 6.22,Microsoft Windows XP,Microsoft Windows 95/98,Microsoft Windows NT 3.51,Microsoft Windows 2000 / NT4.0,Microsoft Windows Millennium Edition Software License Pricing IDIQ:Level L,Volume:,Government: Service / Support Service / Support Details Technical support -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Hobach Sent: Wednesday, July 07, 2004 12:48 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Mcafee command line scanner Which Mcafee product does everyone use then? Thanks, Adam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff Pereira Sent: Wednesday, July 07, 2004 11:31 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Mcafee command line scanner It will work, but you will most likely be violating their licensing agreement. - Original Message - From: Adam Hobach [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 07, 2004 12:31 PM Subject: [Declude.Virus] Mcafee command line scanner Is this a real price for the Mcafee command line scanner: http://www.macmall.com/macmall/shop/detail.asp?dpno=118250 Has anyone found this software this low?? This is what is needed to work with Declude? Thanks, Adam --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Version 3.15 w/Declude
I have not seen this problem through the couple of renditions of 3.14 and it is still working now at 3.14e even though 3.15_M is available . DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of serge Sent: Monday, July 05, 2004 6:55 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] F-Prot Version 3.15 w/Declude C:\Program Files\FSI\F-Prot\FP-Updater\Updater.exe /run /quit Problem wih above is that when there is a new fprot version, the virus def update will fail I use the batch upgrade as a backup for these situations. - Original Message - From: Douglas Cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, July 04, 2004 4:58 PM Subject: RE: [Declude.Virus] F-Prot Version 3.15 w/Declude This is the command we run from task manager and have for some time with no issues. C:\Program Files\FSI\F-Prot\FP-Updater\Updater.exe /run /quit DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hyslip Sent: Friday, July 02, 2004 6:30 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-Prot Version 3.15 w/Declude will it run through task manager if called? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J Porter Sent: Friday, July 02, 2004 4:19 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] F-Prot Version 3.15 w/Declude I don't log out of the email server. I simply lock the console. The Updater will still run and the system still requires a password to get back to the console. Is there a good reason not to do it this way?? ~Joe - Original Message - From: Douglas Cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 01, 2004 3:53 PM Subject: RE: [Declude.Virus] F-Prot Version 3.15 w/Declude I have been doing that exact thing for months now. The question is what does the new version do differently that may affect the way updates work, not so much how you go out and get them. Using the scheduler requires that you have the box logged in all the time which is clearly not an option for a mail server. --- [This E-mail scanned for viruses at HNB.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Version 3.15 w/Declude
Absolutely Locking the screen is far from the same as logging a machine out. Of course if the account logged in has no rights then it is not as bad but leaving a system logged in with an admin account is asking for trouble. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J Porter Sent: Friday, July 02, 2004 4:19 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] F-Prot Version 3.15 w/Declude I don't log out of the email server. I simply lock the console. The Updater will still run and the system still requires a password to get back to the console. Is there a good reason not to do it this way?? ~Joe - Original Message - From: Douglas Cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 01, 2004 3:53 PM Subject: RE: [Declude.Virus] F-Prot Version 3.15 w/Declude I have been doing that exact thing for months now. The question is what does the new version do differently that may affect the way updates work, not so much how you go out and get them. Using the scheduler requires that you have the box logged in all the time which is clearly not an option for a mail server. --- [This E-mail scanned for viruses at HNB.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Version 3.15 w/Declude
This is the command we run from task manager and have for some time with no issues. C:\Program Files\FSI\F-Prot\FP-Updater\Updater.exe /run /quit DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hyslip Sent: Friday, July 02, 2004 6:30 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-Prot Version 3.15 w/Declude will it run through task manager if called? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J Porter Sent: Friday, July 02, 2004 4:19 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] F-Prot Version 3.15 w/Declude I don't log out of the email server. I simply lock the console. The Updater will still run and the system still requires a password to get back to the console. Is there a good reason not to do it this way?? ~Joe - Original Message - From: Douglas Cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 01, 2004 3:53 PM Subject: RE: [Declude.Virus] F-Prot Version 3.15 w/Declude I have been doing that exact thing for months now. The question is what does the new version do differently that may affect the way updates work, not so much how you go out and get them. Using the scheduler requires that you have the box logged in all the time which is clearly not an option for a mail server. --- [This E-mail scanned for viruses at HNB.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] OT- Anyone know about this latest attack reported by CNN?
http://www.microsoft.com/security/incident/download_ject.mspx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, June 25, 2004 10:35 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] OT- Anyone know about this latest attack reported by CNN? OT- Anyone know about this latest attack reported by CNN?know about this latest attack reported by CNN? Here is what CNN says: http://www.cnn.com/2004/TECH/internet/06/24/internet.attack.a p/index.ht ml Sharyn I read somewhere that it only infects IIS 5 but I haven't heard much else. http://www.microsoft.com/security/incident/download_ject.mspx If the patch from MS04-011 is installed you should be safe. We've running several IIS5 Webservers an none was infected until now. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] OT- Anyone know about this latest attack reported by CNN?
UNTIL NOW?? You are infected now? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, June 25, 2004 10:35 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] OT- Anyone know about this latest attack reported by CNN? OT- Anyone know about this latest attack reported by CNN?know about this latest attack reported by CNN? Here is what CNN says: http://www.cnn.com/2004/TECH/internet/06/24/internet.attack.a p/index.ht ml Sharyn I read somewhere that it only infects IIS 5 but I haven't heard much else. http://www.microsoft.com/security/incident/download_ject.mspx If the patch from MS04-011 is installed you should be safe. We've running several IIS5 Webservers an none was infected until now. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] OT- Anyone know about this latest attack reported by CNN?
http://www.microsoft.com/security/incident/download_ject.mspx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, June 25, 2004 10:11 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] OT- Anyone know about this latest attack reported by CNN? OT- Anyone know about this latest attack reported by CNN?know about this latest attack reported by CNN? Here is what CNN says: http://www.cnn.com/2004/TECH/internet/06/24/internet.attack.ap/index.ht ml Sharyn I read somewhere that it only infects IIS 5 but I haven't heard much else. Gary --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Virus reports not showing virus
Thanks Had a feeling when I pasted it but it was too late already. Must have added it when I changed it to fpcmd. Thanks I removed it just now. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, June 24, 2004 8:02 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Virus reports not showing virus Here is a snippet of my logs. I also do not understand the missing files? The problem here is: SCANFILEC:\Progra~1\FSI\F-Prot\Fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /REPORT=report.txt) There should be no ) at the end of report.txt -- otherwise, F-Prot will try to save a file named report.txt), which Declude Virus won't be able to find, so Declude Virus won't be able to determine the virus name (although the viruses will still get caught). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Virus reports not showing virus
I am having some odd reports from Virusloganalyser lately. It no longer shows I have any viruses just Outlook Vulnerabilities.. Previously, I believe when I was running the 16 bit Fprot (now running 32 bit) it reported viruses. Here is a snippet of my logs. I also do not understand the missing files? Any ideas what is going on with my logs? I posted my config after the log snippet. Thanks much Doug 06/23/2004 00:24:11 Q05e79da60042f798 Scanned: CONTAINS A VIRUS [MIME: 2 22581] 06/23/2004 00:24:11 Q05e79da60042f798 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 203.148.249.232] 06/23/2004 00:24:11 Q05e79da60042f798 Subject: Hi 06/23/2004 00:24:30 Q05eb2fe4011e08de Could not find report file C:\IMail\spool\D05eb2fe4011e08de.vir\report.txt. 06/23/2004 00:24:30 Q05eb2fe4011e08de File(s) are INFECTED [: 3] 06/23/2004 00:24:30 Q05eb2fe4011e08de Scanned: CONTAINS A VIRUS [MIME: 2 29807] 06/23/2004 00:24:30 Q05eb2fe4011e08de From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 172.195.102.75] 06/23/2004 00:24:30 Q05eb2fe4011e08de Subject: Illegal Website 06/23/2004 00:24:48 Q060c2fe8011e891a Outlook 'MIME Header' Vulnerability: type=audio/x-wav, name=message.pif. 06/23/2004 00:24:49 Q060c2fe8011e891a Could not find report file C:\IMail\spool\D060c2fe8011e891a.vir\report.txt. 06/23/2004 00:24:49 Q060c2fe8011e891a File(s) are INFECTED [[Outlook 'MIME Header' Vulnerability]: 3] 06/23/2004 00:24:49 Q060c2fe8011e891a Scanned: CONTAINS A VIRUS [MIME: 3 29141] 06/23/2004 00:24:49 Q060c2fe8011e891a From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 203.157.253.196] 06/23/2004 00:24:49 Q060c2fe8011e891a Subject: Mail System ([EMAIL PROTECTED]) 06/23/2004 00:24:52 Q06119dae00429d6e Scanned: Virus Free [MIME: 1 1798] 06/23/2004 00:25:16 Q062b2fed011e0271 Scanned: Virus Free [MIME: 1 3621] 06/23/2004 00:25:24 Q06342ff1011e22bb Scanned: Virus Free [MIME: 1 7757] 06/23/2004 00:25:33 Q06399db400423921 Scanned: Virus Free [MIME: 1 306] 06/23/2004 00:25:57 Q06509db600429386 Could not find report file C:\IMail\spool\D06509db600429386.vir\report.txt. Config # The in the LOGFILE option automatically gets replaced with the month/date LOGFILE spool\vir.log LOGLEVELMID # # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. # SCANFILEC:\Progra~1\FSI\F-Prot\Fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /REPORT=report.txt) VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORTInfection: # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'spool\virus' (\IMail\spool\virus). VIRDIR spool\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. MAXATONCE 0 # # The following options allow you to limit scanning to only incoming or outgoing # E-mail. # INCOMINGON OUTGOINGON # # The ONACCESS option should be set to OFF unless you have an on-access virus scanner # that will be deleting attachments with viruses. It is recommended NOT to have an # on-access scanner interfering, and to leave this at OFF. # ONACCESSOFF # # The SCANNERTIMEOUT option lets you choose the number of seconds that Declude will # wait for the virus scanner to finish. The minimum value is 10 seconds. Most # scanners will not need to take that long. This option is mainly to prevent # defective scanners (that never finish) from interfering with your outgoing E-mail. # Raising this will NOT help if your virus scanner always times out. # SCANNERTIMEOUT 60 # # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG SKIPEXT PNG # # The BANEXT option will let you ban file extensions. E-mails containing attachments # with these file extensions will be quarantined, and if you have a BANnotify.EML file, # it will be sent out. This works in the Standard and Pro versions. # BANEXT ad BANEXT adp BANEXT asp BANEXT bas BANEXT bat BANEXT CEO BANEXT chm BANEXT cmd BANEXT com BANEXT cpl BANEXT crt BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT mdb BANEXT mde BANEXT msc BANEXT msi BANEXT msp BANEXT mst BANEXT pcd BANEXT pif BANEXT reg BANEXT scr BANEXT sct BANEXT shb BANEXT
RE: [Declude.Virus] F-Prot letting TROJ_REVOP.F thru
Have you sent those caught viruses to the declude or F-prot virus traps? They may be corrupted and not viable viruses any longer. Meaning they are no longer harmful (Possibly). F-prot would surely want to see this. Go to their website and submit the samples. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of M Pilletere Sent: Friday, June 18, 2004 11:53 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-Prot letting TROJ_REVOP.F thru Hi, I have just started using Declude with F-Prot as our virus scanner. Was using Trend Viruswall. Have noticed that F-Prot is letting thru viruses that Trend desktop scanners are catching. I have had 11 TROJ_REVOP.F get thru today alone. Is anyone else seeing this? Trying to use ClamAV as a second scanner but need to wait till I can reboot the mail server to get it functioning. Thanks Mike RSR Group,Inc. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BSOD and IMail-Server reboot
I was simply replying to a gentlemen's post John. Read the thread. HE asked if I found out whether Declude was the CAUSE of the problem or I switched to another AV product. Did you (or someone else) find a solution in the meantime, or did you just switch to another AV ? I said it was NOT Declude. Hence my post. He specifically mentioned Peter Verzoni. I worked on that specific system. Again my reply. There was no need for further banter. He wanted to know if it was resolved. I agree Imail does not cooperate well with Intel NICs at extreme traffic. Your answer was GET A SERVER NIC. That is not the solution. The solution is Imail should fix their bug or use a NON intel NIC. Better yet you must use 3Com Nics to be sure since that seems to be all Imail tests. A NIC that we have found is prone to many other issues and is no longer the market leader. Back in 98-99 when Imail started it was and we all used them. No longer true today as Dell, HP and most white box servers use Intel NICs. But all that is irrelevant. The only issue I complained about was you were rude. Don't accept it, fine. But enjoy the world you create with responses like that. You must live with it, we must only read your posts. Deny Deny Deny .. Be like Bush... To everyone else Again I apologize and promise I stop here no matter what the response (snappy or otherwise G)... Except Declude related... Regards Doug Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Saturday, June 12, 2004 6:05 PM To: [EMAIL PROTECTED] Subject: FW: [Declude.Virus] BSOD and IMail-Server reboot Just realized this was originally posted on the Declude virus list, even though it has nothing to do with Declude Virus, and the person should have posted on the Imail list, since it is an Imail issue and a search of the Imail list archives shows this has been discussed many times. The imail forum has not one post regarding an INTEL SERVER Board and on board NICs. I recall some conversations about desktop boards but none regarding SERVER BOARDs. I do not remember whether the board was a Server board or workstation board being part of the discussion on past problems. It was the Intel OB NIC that was discussed, and a search of the Imail archives shows 269 hits for Intel OB NIC. Furthermore what logic would you as a Networking Professional give to an SMTP server running on the same platform and pushing sustained traffic of three times that of the IMAIL server yet never causing any issues and certainly not creating a BSOD. This is something I am very interested in hearing. I am not an Ipswitch technician, so I have no idea of why this occurs, I just know from many others posting such that it does! I have been building systems and maintaining data centers now for 16 years. Goody for you. Now back to the issue at hand. I have brought this exact issue to Intel's and Microsoft's attention and neither see any reason for the NIC to be the root cause of the issue. Microsoft has read the BSOD dumps and reports IMAIL as the culprit. Then take the next step and share that information with Ipswitch. From all the posts about Intel OB NICs and Imail over the years, it is my opinion there is a real problem with Imail and Intel OB NICs. To date, most have fixed the problem by using a server grade 3Com NIC and disabling the Intel OB NIC. If you have the time and resources to further pursue this issue with Ipswitch, many Imail admins will thank you. This type of comment from you has little to no value. You act like you are participating in a forum but clearly you are using the forum simply for your own end. Sure it does. Just because you do not like the work around, and would rather spend time on finding the cause of the problem in hopes that Ipswitch will finally fix it, does not mean that my advice has no value. BTW, how does my posting advice on a subject that comes up again and again over time equal my using the forum for my own end? John Tolmachoff Engineer/Consultant/Owner eServices For You - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 11, 2004 3:11 PM Subject: RE: [Declude.Virus] BSOD and IMail-Server reboot There has been much discussion concerning Intel OB NICs and Imail. Search the archives. Bottom line, get a solid Server designated NIC. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Friday, June 11, 2004 11:32 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] BSOD and IMail-Server reboot This problem has not gone away. It occurs with very high traffic only and is not related to declude. That is we tested iot without declude and it still Blue Screens when there is extremely
RE: [Declude.Virus] BSOD and IMail-Server reboot
This is very negative post John. The SE7501WV2 is a $600.00 + Intel Dual Xeon SERVER Motherboard with a Dual Gigabit Server NICs. It is designed for server traffic. This is the same EXACT Onboard NIC in IBM X series and HP Proliant servers. Dell uses the lower cost Broadcom Gigabit NICs. The archives have no references to anything related to Server motherboards only desktop motherboards. It seems to me when people have nothing to say say nothing. In the future I will not reply to the list either and I apologize in advance for doing so. No one needs a post to tell them to do what will not change the situation anyway. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, June 11, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] BSOD and IMail-Server reboot There has been much discussion concerning Intel OB NICs and Imail. Search the archives. Bottom line, get a solid Server designated NIC. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Friday, June 11, 2004 11:32 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] BSOD and IMail-Server reboot This problem has not gone away. It occurs with very high traffic only and is not related to declude. That is we tested iot without declude and it still Blue Screens when there is extremely high traffic. Imail claims that when the server has extremely high traffic you need to use a SERVER NIC in the machine. One which does NOT offload processing to the server but has it's own processor onboard the NIC. This has some logic but if true why on servers running only SMTP passing double the amount of sustained traffic do we not also have the issue. Using Intel Based SE7501WV2 baseboards with on board nics on sevweral servers. Only Imail servers Blue Screen. We set them to auto reboot and it only happens in extremely high traffic times. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Uwe Degenhardt Sent: Thursday, June 10, 2004 5:05 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] BSOD and IMail-Server reboot Hi list and especially Peter Verzoni. Peter you mentioned a while ago the following problems you had on one of your servers: http://www.mail-archive.com/[EMAIL PROTECTED]/msg06418.html Did you (or someone else) find a solution in the meantime, or did you just switch to another AV ? Would be great to get the link where you posted the info to F-Prot as well. Thank you. Uwe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BSOD and IMail-Server reboot
This problem has not gone away. It occurs with very high traffic only and is not related to declude. That is we tested iot without declude and it still Blue Screens when there is extremely high traffic. Imail claims that when the server has extremely high traffic you need to use a SERVER NIC in the machine. One which does NOT offload processing to the server but has it's own processor onboard the NIC. This has some logic but if true why on servers running only SMTP passing double the amount of sustained traffic do we not also have the issue. Using Intel Based SE7501WV2 baseboards with on board nics on sevweral servers. Only Imail servers Blue Screen. We set them to auto reboot and it only happens in extremely high traffic times. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Uwe Degenhardt Sent: Thursday, June 10, 2004 5:05 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] BSOD and IMail-Server reboot Hi list and especially Peter Verzoni. Peter you mentioned a while ago the following problems you had on one of your servers: http://www.mail-archive.com/[EMAIL PROTECTED]/msg06418.html Did you (or someone else) find a solution in the meantime, or did you just switch to another AV ? Would be great to get the link where you posted the info to F-Prot as well. Thank you. Uwe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
Uuencode/Uudecode is what we used to use before the high speed world became a reality. You would type Uudecode and the file name and path. If I remember as long as all the parts where in the same directory it would reassemble it. There are plenty of mailers that will reassemble and I really thought all of them did it today. UUencode/UUdecode UUencode/UUdecode is a software utility that converts a binary file (often a photo or a graphic) to an ASCII (text) file so that it can be sent as an attachment to an e-mail message or downloaded from a newsgroup. Since e-mail messages must be text, not binary information, UUencode disguises non-text files as text so that they can be included in a mail message. When the message is received, the recipient, or their e-mail program, runs UUdecode to convert it to the original file. Easily available on the net via shareware. Google UUencode Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Loughlin Sent: Friday, June 04, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Was there ever a way to put these emails back together? I had some one send me pictures that got broken up by this, and was wondering if they could be re-assembled. Bruce -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 4:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Yes I looked again and you are right. So Declude would have to keep track of e-mail to e-mail and possible out of sequence and different clients marking the split stuff in different ways On/Off switch is the way to go (unfortunately) Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, June 03, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
Actually why couldn't Declude run uudecode and reassemble the file before hand, then have it scanned and determine if it is harmful or not?? DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Saturday, June 05, 2004 5:41 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Uuencode/Uudecode is what we used to use before the high speed world became a reality. You would type Uudecode and the file name and path. If I remember as long as all the parts where in the same directory it would reassemble it. There are plenty of mailers that will reassemble and I really thought all of them did it today. UUencode/UUdecode UUencode/UUdecode is a software utility that converts a binary file (often a photo or a graphic) to an ASCII (text) file so that it can be sent as an attachment to an e-mail message or downloaded from a newsgroup. Since e-mail messages must be text, not binary information, UUencode disguises non-text files as text so that they can be included in a mail message. When the message is received, the recipient, or their e-mail program, runs UUdecode to convert it to the original file. Easily available on the net via shareware. Google UUencode Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Loughlin Sent: Friday, June 04, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Was there ever a way to put these emails back together? I had some one send me pictures that got broken up by this, and was wondering if they could be re-assembled. Bruce -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 4:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Yes I looked again and you are right. So Declude would have to keep track of e-mail to e-mail and possible out of sequence and different clients marking the split stuff in different ways On/Off switch is the way to go (unfortunately) Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, June 03, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered
RE: [Declude.Virus] Notification for forwarded messages
Remember this link is included in the recipients email. http://serverwithvirus.com:port/declude.asp?msgid=%QUEUENAME% We use Port 81. We also remove almost all access to IIS and use IIS lockdown to tighten all the way down. The way that we do this is we include the link to the infected file in the alert email. You want the Virus here it is. We explain how dangerous it is to request such a file but if the client determines that the message is urgent they have the opportunity to click once and be done. No going to other pages and pasting anything. Obviously there is the danger involved but these are grown people and the danger is to themselves. The script works as I posted. If you know Javascript you can modify it. Being used for well over a year by the original author and I have used it for months with never an issue. The obvious issue is allowing people to access infected files. That is your call whether they paste into another page and you keep track of their name or they simply click a link and get the virus sent to them. The problems can occur on their end in both cases. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, May 28, 2004 1:06 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Notification for forwarded messages Doug How do you deal with IIS and IMail web servers both running on the same box and both wanting port 80? I have broken up iissocketpooling in the past but it requires 2 IP addresses to work. Is that what you have done or are you running one on a non standard port? Thanx -Original Message- From: Douglas Cohn [EMAIL PROTECTED] Date: Fri, 28 May 2004 12:28:22 To:[EMAIL PROTECTED] Subject: RE: [Declude.Virus] Notification for forwarded messages We do this as well using Vbscript only. It does exactly what you do. Anytime a virus is quarantined an email with a link to the file is sent to the recepient with a warning of the dangers involved in retrieving the files. We then delete everything over 5 days old to avoid getting too many files in the virus dir. We also require IIS to be running. It was written by an ISP that uses it on his shared IMAIL server. He deletes them in 2 days. = You add this to the recip.eml = If you would like a copy of the infected email please follow the link below AT YOUR OWN RISK!!! http://serverwithvirus.com:port/declude.asp?msgid=%QUEUENAME% REMEMBER IT IS AN INFECTED EMAIL. The email will be deleted in 5 days. The declude.asp file [EMAIL PROTECTED] % var virusdir=c:\\imail\\spool\\virus\\; var spooldir=c:\\imail\\spool\\; var file=+Request.QueryString(msgid); file=file.substr(1); fso = new ActiveXObject (Scripting.FileSystemObject); if (fso.FileExists(virusdir+D+file)) { fso.MoveFile(virusdir+D+file, spooldir+D+file); fso.MoveFile(virusdir+Q+file, spooldir+Q+file); Response.Write(Please check your e-mail in a few minutes for the virus infected message you requested.); } % Very simple as well. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson Sent: Friday, May 28, 2004 11:01 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Notification for forwarded messages I have written a simple app using ASP and PERL that will move the quarantined file from the virus directory back to the spool for delivery. It requires IIS to run on the same box as Imail, I run gateway servers so it is a bit easier for me. I include the spool name and a link to the gateway server that held the file in the BanNotify message, the user copies the file name and pastes it to text box on the ASP page, clicking submit sends it to the PERL script which moves the file back to the spool. I then intercept all notifications for banned files that I dont want them retreiving such as mpegs and mp3s Works great I dont mind sharing the code if anyone wants it Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Hermann Strassner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 28, 2004 6:39 AM Subject: [Declude.Virus] Notification for forwarded messages Hello! We block ZIPs and some executable extensions and want to leave it this way. Because some folks need to send them, we have to check the quarantined files (for viruses) and forward the mails without viruses manually. Is there a way to inform the user that his mail is now forwarded? Alternatively, is it possible for the user to answer to the automatic generated mail and forward the mail by himself? Is it possible somehow? I think of it as follows: User sends email with ZIP, gets a notification, answers to the notification with YES or something like that, Declude sees it and forwards this email. I think this is enough to make sure the user sends the email intentionally. Hermann --- [This E-mail
RE: [Declude.Virus] Notification for forwarded messages
We do this as well using Vbscript only. It does exactly what you do. Anytime a virus is quarantined an email with a link to the file is sent to the recepient with a warning of the dangers involved in retrieving the files. We then delete everything over 5 days old to avoid getting too many files in the virus dir. We also require IIS to be running. It was written by an ISP that uses it on his shared IMAIL server. He deletes them in 2 days. = You add this to the recip.eml = If you would like a copy of the infected email please follow the link below AT YOUR OWN RISK!!! http://serverwithvirus.com:port/declude.asp?msgid=%QUEUENAME% REMEMBER IT IS AN INFECTED EMAIL. The email will be deleted in 5 days. The declude.asp file [EMAIL PROTECTED] % var virusdir=c:\\imail\\spool\\virus\\; var spooldir=c:\\imail\\spool\\; var file=+Request.QueryString(msgid); file=file.substr(1); fso = new ActiveXObject (Scripting.FileSystemObject); if (fso.FileExists(virusdir+D+file)) { fso.MoveFile(virusdir+D+file, spooldir+D+file); fso.MoveFile(virusdir+Q+file, spooldir+Q+file); Response.Write(Please check your e-mail in a few minutes for the virus infected message you requested.); } % Very simple as well. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson Sent: Friday, May 28, 2004 11:01 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Notification for forwarded messages I have written a simple app using ASP and PERL that will move the quarantined file from the virus directory back to the spool for delivery. It requires IIS to run on the same box as Imail, I run gateway servers so it is a bit easier for me. I include the spool name and a link to the gateway server that held the file in the BanNotify message, the user copies the file name and pastes it to text box on the ASP page, clicking submit sends it to the PERL script which moves the file back to the spool. I then intercept all notifications for banned files that I dont want them retreiving such as mpegs and mp3s Works great I dont mind sharing the code if anyone wants it Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Hermann Strassner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 28, 2004 6:39 AM Subject: [Declude.Virus] Notification for forwarded messages Hello! We block ZIPs and some executable extensions and want to leave it this way. Because some folks need to send them, we have to check the quarantined files (for viruses) and forward the mails without viruses manually. Is there a way to inform the user that his mail is now forwarded? Alternatively, is it possible for the user to answer to the automatic generated mail and forward the mail by himself? Is it possible somehow? I think of it as follows: User sends email with ZIP, gets a notification, answers to the notification with YES or something like that, Declude sees it and forwards this email. I think this is enough to make sure the user sends the email intentionally. Hermann --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Good list of SKIPIFVIRUSNAMEHAS
What is the link to the manual again. I misplaced it. And what is the most current Beta and where can I obtain. Most current interim? Sorry bout this -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, May 25, 2004 9:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Good list of SKIPIFVIRUSNAMEHAS Can I still send out notifications for the Vulnerability? It would be possible, but strongly discouraged, as you'll end up becoming a spammer by doing so. The only notifications that I would be sending out would be to the recipient and not to the sender or the postmaster of the sending domain. I think it is a waste of bandwidth. If the user gets a notification that the file contained a virus and if the user really wants the file then the user will notify the sender and get it fixed. IMHO Ah, that makes sense. In that case, you can copy the \IMail\Declude\recip.eml file to \IMail\Declude\recip-vulnerability.eml (or whatever name you want), and use a line ONLYSENDIFVIRUSNAMEHAS Vulnerability (without any SKIPIFVIRUSNAMEHAS or SKIPIFFORGING lines). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Good list of SKIPIFVIRUSNAMEHAS
I found the manual sorry again. But where are the interim releases. I also see this in the manual. Page Last Updated: 02 Mar 2004. Latest Version: 1.75/1.78 (Release/Beta) It is 1.79 that is the current BETA yes? DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Wednesday, May 26, 2004 12:02 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Good list of SKIPIFVIRUSNAMEHAS What is the link to the manual again. I misplaced it. And what is the most current Beta and where can I obtain. Most current interim? Sorry bout this -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, May 25, 2004 9:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Good list of SKIPIFVIRUSNAMEHAS Can I still send out notifications for the Vulnerability? It would be possible, but strongly discouraged, as you'll end up becoming a spammer by doing so. The only notifications that I would be sending out would be to the recipient and not to the sender or the postmaster of the sending domain. I think it is a waste of bandwidth. If the user gets a notification that the file contained a virus and if the user really wants the file then the user will notify the sender and get it fixed. IMHO Ah, that makes sense. In that case, you can copy the \IMail\Declude\recip.eml file to \IMail\Declude\recip-vulnerability.eml (or whatever name you want), and use a line ONLYSENDIFVIRUSNAMEHAS Vulnerability (without any SKIPIFVIRUSNAMEHAS or SKIPIFFORGING lines). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: Possible Spam: [Declude.Virus] OT - Need IP from MAC address
Why do you want to know the IP? Do you have a router on the network? Or a switch that you can manage. If you have any Cisco hardware on the network you can easily determine the IP from an arp address. If it is a small network just show ip arp Or show ip arp xxx.xxx.xxx.xxx Will give all stats from that IP. Here are some tools to LEAD you to know which device it is (MAYBE) http://www.coe.uky.edu/~stu/nic/nic.cfm If it is a printer assuming it's a jetdirect you can do arp -s ip address mac address where ip address is a spare IP address on your local subnet and mac address is the mac of the printer. Next telnet ip address and you get the menu of the jetdirect and can read what it's stored IP address is. Then delete the static arp entry and print a help please phone IT and tell me where this printer is message to it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Pereira Sent: Sunday, May 23, 2004 3:35 PM To: [EMAIL PROTECTED] Subject: Re: Possible Spam: [Declude.Virus] OT - Need IP from MAC address Thanks for the reply, but I think you misunderstood I know the IP of my computer, I don't know the IP of a piece of equipment that I have, but I do know what the MAC address is. jeff - Original Message - From: Don Brown [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, May 23, 2004 2:40 PM Subject: Re: Possible Spam: [Declude.Virus] OT - Need IP from MAC address Get a command prompt and type ipconfig (without the quotes) and a carriage return. To get a command prompt, Select Start/Run and type CMD (without the quotes) in the box and click the ok button. If you need to change the IP address, then Select Start/Settings/Network Connections. Select something other than make a new network connection. Next, click properties, choose Internet Protocol (TCP/IP) and click Properties. You should be able to find your way around from there. HTH Thanks, Sunday, May 23, 2004, 12:05:12 PM, Jeff Pereira [EMAIL PROTECTED] wrote: JP Windows..sorry I left that out. JP JP jeff JP - Original Message - JP From: Rich JP To:[EMAIL PROTECTED] JP Sent: Sunday, May 23, 2004 11:57 AM JP Subject: Re: Possible Spam: [Declude.Virus] OT - Need IP from MAC address JP What OS? JP - Original Message - JP From: Jeff Pereira JP To:[EMAIL PROTECTED] JP Sent: Sunday, May 23, 2004 8:22 AM JP Subject: Possible Spam: [Declude.Virus] OT - Need IP from MAC address JP Sorry for the OT post, but I am in need of help. JP JP I have a piece of equipment that I inherited that was JP assigned a fixed IP address, but I do not know what it is. JP JP I am pretty sure that there is a way to determine the IP JP by way of the MAC address, but I am unable to figure out how. JP JP Any help will be appreciated. JP JP jeff JP Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] TOT TCP/IP Protocol driver service
The great feature of this product is that you can specifically add it to all users or specific users desktops. So you can see in within TS. Yes it is great for that exact reason. We used to create custom backgrounds when we sold servers to ISP clients so they could immediately see where they are. Saved us from doing that work G... DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, May 21, 2004 8:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service I use the BGINFO on all the servers I support. It is absolutely great especially since I terminal server into many at a time and it very clearly tells me what server I am on. Also tells the less sophisticated network admins which server they are on when using the KVM switch. Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Friday, May 21, 2004 1:39 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service I also have the 2002 Admin pack. Back then we paid $999 for it. I have saved several shared servers with it more than covering the $999 but now it is closer to $5000 I believe. It may be worth it as well. All their products are great. Go to the freeware site sysinternals.com and get all their tools. Even the simple Bginfo screen background is the handiest utility. It builds a very simply BMP that has all your system info and becoms the desktop background. Nothing fancy just the info. You can run it on boot up or schedule it to update every few hours if needed. Great on desktops and servers. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, May 20, 2004 12:14 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service ERD commander is an awesome tool, helps change service/device startup values, registry, connect through the network to other machines, chkdsk, etc etc... Might take a look at that, helps me a TON. I was going to recommend that, as I have the 2002 version, but their new licensing terms has priced the newer version completely out of reach for the average small business. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] TOT TCP/IP Protocol driver service
I also have the 2002 Admin pack. Back then we paid $999 for it. I have saved several shared servers with it more than covering the $999 but now it is closer to $5000 I believe. It may be worth it as well. All their products are great. Go to the freeware site sysinternals.com and get all their tools. Even the simple Bginfo screen background is the handiest utility. It builds a very simply BMP that has all your system info and becoms the desktop background. Nothing fancy just the info. You can run it on boot up or schedule it to update every few hours if needed. Great on desktops and servers. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, May 20, 2004 12:14 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service ERD commander is an awesome tool, helps change service/device startup values, registry, connect through the network to other machines, chkdsk, etc etc... Might take a look at that, helps me a TON. I was going to recommend that, as I have the 2002 version, but their new licensing terms has priced the newer version completely out of reach for the average small business. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] RE Mass mailing maybe new virus
Thanks I was thinking about adding the rule as well but also assumed that any legit mail to yahoo would be blocked and stopped myself. Too bad the powers that be here are not buying JUNK Mail. DC From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Tuesday, May 11, 2004 4:57 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] RE Mass mailing maybe new virus This is likely just spam. The technique with the URL is someone exploiting Yahoo's redirection scheme to land you on another site. They do this to hide from URL parsers that don't recognize the exploit.It is possible that the site tries to install an exploit such as Java Byte Verify, which can be used to place just about anything on your computer, but typically just drops browser helper objects (adware/spyware) onto your system. Norton stops this stuff cold, and it's been around for a while. Note that I didn't bother with the payload link.Anyway, it just looks like it's forging spam to me.Your block of that address also isn't very wise because it is a legitimate link that could stop valid E-mail from Yahoo and their partners from getting through. If you are running JunkMail Pro, there is a filter for this technique listed on my site (link in the sig) called !YDIRECTED.Matt-- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =Email Admin wrote: Hello Our Mail server recevied a mass mailing earlier today.The email is address to [EMAIL PROTECTED] and is coming from[EMAIL PROTECTED]Copy of headers:Received: from mail.citravel.com [10.215.43.52] by citravel.com (SMTPD32-8.11) id A06E595011C; Tue, 11 May 2004 11:25:34 -0400From: mail.citravel.com[EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: RE:X-Mailer: Microsoft OutlookMime-Version: 1.0Content-Type: text/html; charset=us-asciiMessage-Id: [EMAIL PROTECTED]X-Declude-Sender: [EMAIL PROTECTED] [10.215.43.52]X-Declude-Spoolname: Df06e0595011c829f.SMDX-Note: This message was scanned for SpamX-RBL-Warning: Total weight value: 0X-Spam-Tests-Failed: Whitelisted [0]X-Note: Recipient Host: citravel.comX-Note: Sender Address: [EMAIL PROTECTED]X-Note: Sender Host Name: (Private IP) X-Note: Sender IP Address: 10.215.43.52X-Note: Sender Country ID: X-Note: This E-mail was sent from (Private IP) ([10.215.43.52])Precedence: bulkSender: [EMAIL PROTECTED]Date: Tue, 11 May 2004 11:32:11 X-RCPT-TO: citravel.comStatus: UX-UIDL: 384277933This person's email client does not show they sent this message but the IPof the sending host is the senders system.I have scanned this system and it is showing virus free. Using SOPHOS latetest defs as of 2pm est 5/11/2004 I am also sniffing the network now looking for other SMTP Traffic.User who receive the email which has a link of h t t p:// d r s . y a h o o . com / citravel.com/newsGet sent to a pornography site. After they close this site there systemkeeps having pop ups appearing regularly. this link redirects toh t t p:// d r s . y a h o o . com / citravel.com/news*http://www.security-warning.biz/personal6/maljo24/www.yahoo.com/#http://drs.yahoo.com/citravel.com/news I am not so much worried about the email but as to how it was sent. This is where I think it might be a virus. Currently I have a filter stopping emails with d r s . y a h o o . c o m(space added)I am seeing several hundred an hour being stopped. Any help ideas thouhgt? Or should I just go golfing and forget about it??? :) ~Paul~
RE: [Declude.Virus] RE Mass mailing maybe new virus
I love decludeJunkmail as I have it on my personal domain on a sharedmail serverthat an ISP friend/client allows me to use. I must now use a local spam product on my personal mail and everyone else fends for themselves on the company domain which works for some but it is still local meaning everything already made it through the network. So you lost half the battle before you start basically. Eventually I am hoping to convince them to go withdeclude but they are pestering me for an Exchange 2003 server. I was thinking of Using GFI for that unless Declude releases something for Exchange by then... Anything in the works Scott. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Tuesday, May 11, 2004 5:43 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] RE Mass mailing maybe new virus Take note that there was a virus payload at the link as Greg pointed out, but it appears that Terra-Lycos has killed the domain in question.It is too bad that the power that be aren't buying JunkMail. I find it to be a very effective last line of protection for viruses, as virtually everything that slips through before definitions are updates, ends up getting caught by a good JunkMail config. It can be very time consuming though, especially if you enjoy it too much :)MattDouglas Cohn wrote: Thanks I was thinking about adding the rule as well but also assumed that any legit mail to yahoo would be blocked and stopped myself. Too bad the powers that be here are not buying JUNK Mail. DC From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of MattSent: Tuesday, May 11, 2004 4:57 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] RE Mass mailing maybe new virusThis is likely just spam. The technique with the URL is someone exploiting Yahoo's redirection scheme to land you on another site. They do this to hide from URL parsers that don't recognize the exploit.It is possible that the site tries to install an exploit such as Java Byte Verify, which can be used to place just about anything on your computer, but typically just drops browser helper objects (adware/spyware) onto your system. Norton stops this stuff cold, and it's been around for a while. Note that I didn't bother with the payload link.Anyway, it just looks like it's forging spam to me.Your block of that address also isn't very wise because it is a legitimate link that could stop valid E-mail from Yahoo and their partners from getting through. If you are running JunkMail Pro, there is a filter for this technique listed on my site (link in the sig) called !YDIRECTED.Matt-- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =Email Admin wrote: Hello Our Mail server recevied a mass mailing earlier today.The email is address to [EMAIL PROTECTED] and is coming from[EMAIL PROTECTED]Copy of headers:Received: from mail.citravel.com [10.215.43.52] by citravel.com (SMTPD32-8.11) id A06E595011C; Tue, 11 May 2004 11:25:34 -0400From: mail.citravel.com[EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: RE:X-Mailer: Microsoft OutlookMime-Version: 1.0Content-Type: text/html; charset=us-asciiMessage-Id: [EMAIL PROTECTED]X-Declude-Sender: [EMAIL PROTECTED] [10.215.43.52]X-Declude-Spoolname: Df06e0595011c829f.SMDX-Note: This message was scanned for SpamX-RBL-Warning: Total weight value: 0X-Spam-Tests-Failed: Whitelisted [0]X-Note: Recipient Host: citravel.comX-Note: Sender Address: [EMAIL PROTECTED]X-Note: Sender Host Name: (Private IP) X-Note: Sender IP Address: 10.215.43.52X-Note: Sender Country ID: X-Note: This E-mail was sent from (Private IP) ([10.215.43.52])Precedence: bulkSender: [EMAIL PROTECTED]Date: Tue, 11 May 2004 11:32:11 X-RCPT-TO: citravel.comStatus: UX-UIDL: 384277933This person's email client does not show they sent this message but the IPof the sending host is the senders system.I have scanned this system and it is showing virus free. Using SOPHOS latetest defs as of 2pm est 5/11/2004 I am also sniffing the network now looking for other SMTP Traffic.User who receive the email which has a link of h t t p:// d r s . y a h o o . com / citravel.com/newsGet sent to a pornography site. After they close this site there systemkeeps having pop ups appearing regularly. this link redirects toh t t p:// d r s . y a h o o . com / citravel.com/news*http://www.security-warning.biz/personal6/maljo24/www.yahoo.com/#http://drs.yahoo.com/citravel.com/news I am not so much worried about the email but as to how it was sent. This is where I think it might be a virus. Currently I have a filter stopping emails with d r s . y a h o o .
RE: [Declude.Virus] problems with the F-Prot updater
I have seen this as well. You could write a batch file that tests for the website first and if it resolves correctly runs the updater. If not it loops through and delays 10 minutes and then tries again. I have been planning to do just that myself. I run the updates every hour so I am more likely to see this issue than someone that runs it daily at 3AM. Good luck DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hermann Strassner Sent: Thursday, May 06, 2004 4:42 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] problems with the F-Prot updater Is any one else having problems getting updates from the f-prot site? I get a runtime error from the updater program, and when I go to the website to download the updates, I get a page can not be found. I can`t reach the website and i got an runtime error 1 time. Half an hour later everything worked fine again. I think the website was down or there was too much traffic. Hermann --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] blocking auto reply messages
Help me out please. Why are we looking for the beginning of an IP address? Also my understanding of these filters is to eliminate sending emails to users that were not the original senders because of a forged virus. Is that correct??? If so wouldn't adding the Virus name to the declude forged tag solve that?? I am asking here so please do not assume I know much G... bracketfl - returned messages should have the original headers so I'm looking for the beginning of an IP address -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of System Administrator Sent: Thursday, May 06, 2004 8:46 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] blocking auto reply messages on 4/30/04 12:41 PM, Jeffrey Di Gregorio wrote: Does anyone have a suggestion on what to do about the growing number of auto reply messages being received by clients because of the current amount of forging viruses. I am getting daily complaints from clients who say they never sent anything to someone but are receiving multiple auto response messages (user unknown, mailbox full, virus warnings, etc.) I am at a loss on what to do about this. I was having the same problem as you and I came up with these filters that seem to work for me. UNKNOWNUSERF filter e:\imail\declude\unknownuserf.txt x 0 0 BRACKETFLfilter e:\imail\declude\bracketfl.txt x 0 0 BRACKETFRfilter e:\imail\declude\bracketfr.txt x 0 0 ACSMAILF filter e:\imail\declude\acsmailf.txt x 0 0 NEVERSENTF filter e:\imail\declude\neversentf.txt x 0 0 unknownuserf - SKIPIFWEIGHT 50 BODY 0 CONTAINS unknown user BODY 0 CONTAINS user unknown bracketfl - returned messages should have the original headers so I'm looking for the beginning of an IP address SKIPIFWEIGHT 50 BODY 0 CONTAINS [1 BODY 0 CONTAINS [2 BODY 0 CONTAINS [3 BODY 0 CONTAINS [4 BODY 0 CONTAINS [5 BODY 0 CONTAINS [6 BODY 0 CONTAINS [7 BODY 0 CONTAINS [8 BODY 0 CONTAINS [9 bracketfr - looking for the end of an IP address SKIPIFWEIGHT 50 BODY 0 CONTAINS 0] BODY 0 CONTAINS 1] BODY 0 CONTAINS 2] BODY 0 CONTAINS 3] BODY 0 CONTAINS 4] BODY 0 CONTAINS 5] BODY 0 CONTAINS 6] BODY 0 CONTAINS 7] BODY 0 CONTAINS 8] BODY 0 CONTAINS 9] acsmailf - contains the IP and name of my outgoing mail server (obviously substitute yours), if the message contains one of these values it is possible the message did originate here. SKIPIFWEIGHT 50 BODY 0 CONTAINS 12.4.184.4 BODY 0 CONTAINS mail.acsworld.com neversentf - if the message was about an unknown user and had header records, but they were not from my mail server, then it didn't come from my mail server so we add 40 to the weight. We delete on 40 weight. SKIPIFWEIGHT 50 TESTSFAILED END CONTAINS acsmailf TESTSFAILED 40 CONTAINS unknownuserf bracketfl bracketfr If anyone is interested, our newest nigerian filter is available for download at http://www.acsworld.net/declude/nigerianf.zip . It's a work in progress but it seems to catch some scam messages everyday. Later, Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: CBL:RE: [Declude.Virus] .CPL file blocked
HUH??? The latest released version is 1.75; the latest beta is 1.75. You meant Beta is 1.79 correct??? Also what happened to that emergency list you created. I joined it or tried to but was never confirmed. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, April 28, 2004 2:47 PM To: [EMAIL PROTECTED] Subject: Re: CBL:RE: [Declude.Virus] .CPL file blocked Is the latest version of Declude 1.78i28? No. The latest released version is 1.75; the latest beta is 1.75. You are running an interim release -- and as such, you really, REALLY should know that it cannot be the latest release. Whenever running an interim release, you should always upgrade to the next beta or released version. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] .CPL file blocked
I have told my users that they should zip everything up. But obviously no one listens. Therefore they need to transfer word, excel docs so I did not block it (actually I removed them after hearing complaints enough times). Additionally we send out notifications to the recipient with a link that enables them to download the suspect email at their own risk. So blocking is not the end all here. The outbound mail was the issue with xls and doc. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Olden Sent: Wednesday, April 28, 2004 1:47 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] .CPL file blocked Douglas, Can I ask why you block MS Access files (MDB) and not other Office products that can contain macros? John Olden - Systems Administrator Champaign Park District - Original Message - From: Douglas Cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 3:34 PM Subject: RE: [Declude.Virus] .CPL file blocked This is the most recent list I was given. (from this list). It has a few more than Johns. BANEXT ad BANEXT adp BANEXT asp BANEXT bas BANEXT bat BANEXT CEO BANEXT chm BANEXT cmd BANEXT com BANEXT cpl BANEXT crt BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT mdb BANEXT mde BANEXT msc BANEXT msi BANEXT msp BANEXT mst BANEXT pcd BANEXT pif BANEXT reg BANEXT scr BANEXT sct BANEXT shb BANEXT shs BANEXT url BANEXT vb BANEXT vbe BANEXT vbs BANEXT vsd BANEXT vss BANEXT vst BANEXT vsw BANEXT ws BANEXT wsc BANEXT wsf BANEXT wsh BANEXT EZIP -- Original Message -- From: John Tolmachoff \(Lists\) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 27 Apr 2004 11:12:07 -0700 Here is my published policy, just revised yesterday: http://www.eservicesforyou.com/documents/emailattachments.pdf John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Sent: Tuesday, April 27, 2004 9:19 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] .CPL file blocked Is this the list that everyone else is using? BANEXTBAS BANEXTBAT BANEXTCMD BANEXTCOM BANEXTCPL BANEXTHTA BANEXTEXE BANEXTMSI BANEXTMSP BANEXTMST BANEXTPIF BANEXTREG BANEXTSCR BANEXTSCT BANEXTVB BANEXTVBE BANEXTVBS BANEXTWSC BANEXTWSF BANEXTWSH BANEXTEZIP BANZIPEXTS ON BANEZIPEXTS ON -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Little Sent: Tuesday, April 27, 2004 9:17 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] .CPL file blocked Reminder If your not yet blocking CPL, your over due. (Also HTA, VBS, exe, scr and com) Greg From http://vil.nai.com/vil/content/v_122415.htm Attachment: May be one of the follwing: * Script dropper - using one of the following file extensions: * HTA * VBS * Password-protected ZIP archive (detected as W32/Bagle.gen!pwdzip) * Executable, using one of the following file extensions: * exe * scr * com * cpl * Executable dropper, CPL file with .CPL file extension. The executable uses the following icon: The CPL file uses the following icon: Don Hickey wrote: Here ya go - New Description http://us.mcafee.com/virusInfo/default.asp?id=description http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=1224 15 virus_k=122415 Don --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Mcafee NetShield Problems
Contact Microsoft. They can analyze the dumps for you. 64K dumps should be fine. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Hahn Sent: Wednesday, April 28, 2004 3:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Mcafee NetShield Problems John- Thanks for the response. We are taking small memory dumps as we cannot afford to have it down in time for a full 4 GB mem dump. I do have 189 Minni 64 KB dump files. How can I analyze those? I also opened drwatsn32. It is enabled and noticed a error I N ldap Application exception occurred: App: f:\imail\OpenLDAP\bin\slapd.exe (pid=1940) When: 4/24/2004 @ 07:24:33.281 Exception number: c005 (access violation) I have 1 power supply I have latest BIOS Raid adapter was current until 4/23 when a new firmware was released. We will be upgrading that tonight. Any thoughts. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, April 28, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Mcafee NetShield Problems Any memory dumps being created? Is DrWatson Running? Do you have 2 power supplies running, and are they both in use? What is the firmware on the raid controller? (There was a critical update on this about 5 months ago.) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Hahn Sent: Wednesday, April 28, 2004 9:23 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Mcafee NetShield Problems We are having problems with a brand new dell poweredge 2650 that is crashing 5-10 times per day: Windows 2003 Latest patches Imail 8.1 latest Declude Junk Virus Netshield 4.5 We have worked this with dell and they have run Hardware Diagnostics and they Do not see a problem My question: Is anyone else having problems using Netshield 4.5.1 on windows 2003 ? Is anyone using Virus scan enterprise 7 on windows 2003 with declude? Thanks all --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Mcafee NetShield Problems
Why the interest in the second power supply??? Is it used or just laying in wait for the first one to die as in 99% of the RDP systems currently in production? Don't get me wrong. You should always have at least one spare power supply handy and if money is not an issue or the server is critical (mail) then install them both but this is the first I ever heard anyone say you need the second power supply to avoid daily crashes. Is it a DELL thing? DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, April 28, 2004 5:23 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Mcafee NetShield Problems I agree with Scott's response about LDAP. The raid controller firmware I am not concerned with, although I did not know they had a new one. I will have to check on my clients 2650 for that. While apparently not the root of the problem, I would highly suggest getting the second PS for that unit and installing it. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Hahn Sent: Wednesday, April 28, 2004 12:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Mcafee NetShield Problems John- Thanks for the response. We are taking small memory dumps as we cannot afford to have it down in time for a full 4 GB mem dump. I do have 189 Minni 64 KB dump files. How can I analyze those? I also opened drwatsn32. It is enabled and noticed a error I N ldap Application exception occurred: App: f:\imail\OpenLDAP\bin\slapd.exe (pid=1940) When: 4/24/2004 @ 07:24:33.281 Exception number: c005 (access violation) I have 1 power supply I have latest BIOS Raid adapter was current until 4/23 when a new firmware was released. We will be upgrading that tonight. Any thoughts. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, April 28, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Mcafee NetShield Problems Any memory dumps being created? Is DrWatson Running? Do you have 2 power supplies running, and are they both in use? What is the firmware on the raid controller? (There was a critical update on this about 5 months ago.) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Hahn Sent: Wednesday, April 28, 2004 9:23 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Mcafee NetShield Problems We are having problems with a brand new dell poweredge 2650 that is crashing 5-10 times per day: Windows 2003 Latest patches Imail 8.1 latest Declude Junk Virus Netshield 4.5 We have worked this with dell and they have run Hardware Diagnostics and they Do not see a problem My question: Is anyone else having problems using Netshield 4.5.1 on windows 2003 ? Is anyone using Virus scan enterprise 7 on windows 2003 with declude? Thanks all --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] .CPL file blocked
This is the most recent list I was given. (from this list). It has a few more than Johns. BANEXT ad BANEXT adp BANEXT asp BANEXT bas BANEXT bat BANEXT CEO BANEXT chm BANEXT cmd BANEXT com BANEXT cpl BANEXT crt BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT mdb BANEXT mde BANEXT msc BANEXT msi BANEXT msp BANEXT mst BANEXT pcd BANEXT pif BANEXT reg BANEXT scr BANEXT sct BANEXT shb BANEXT shs BANEXT url BANEXT vb BANEXT vbe BANEXT vbs BANEXT vsd BANEXT vss BANEXT vst BANEXT vsw BANEXT ws BANEXT wsc BANEXT wsf BANEXT wsh BANEXT EZIP -- Original Message -- From: John Tolmachoff \(Lists\) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 27 Apr 2004 11:12:07 -0700 Here is my published policy, just revised yesterday: http://www.eservicesforyou.com/documents/emailattachments.pdf John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Sent: Tuesday, April 27, 2004 9:19 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] .CPL file blocked Is this the list that everyone else is using? BANEXTBAS BANEXTBAT BANEXTCMD BANEXTCOM BANEXTCPL BANEXTHTA BANEXTEXE BANEXTMSI BANEXTMSP BANEXTMST BANEXTPIF BANEXTREG BANEXTSCR BANEXTSCT BANEXTVB BANEXTVBE BANEXTVBS BANEXTWSC BANEXTWSF BANEXTWSH BANEXTEZIP BANZIPEXTS ON BANEZIPEXTS ON -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Little Sent: Tuesday, April 27, 2004 9:17 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] .CPL file blocked Reminder If your not yet blocking CPL, your over due. (Also HTA, VBS, exe, scr and com) Greg From http://vil.nai.com/vil/content/v_122415.htm Attachment: May be one of the follwing: * Script dropper - using one of the following file extensions: * HTA * VBS * Password-protected ZIP archive (detected as W32/Bagle.gen!pwdzip) * Executable, using one of the following file extensions: * exe * scr * com * cpl * Executable dropper, CPL file with .CPL file extension. The executable uses the following icon: The CPL file uses the following icon: Don Hickey wrote: Here ya go - New Description http://us.mcafee.com/virusInfo/default.asp?id=description http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=122415 virus_k=122415 Don --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] [OT} Anti-Virus - Client Side Suggestion
We have also used Norton Corporate for at least 3 - 4 years now with no problems. I remember a few years back when we had a mess in our network (In 1999 fast growing pains) and a dedicated customer installed Norton and we had installed it for our shared. We saw his Norton in the Server MMC Manager screens and he saw ours. What a Nightmare that was. We had a /19 with no subnets. One FLAT Network. Fast but very sloppy and full of nightmares. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Monday, April 26, 2004 12:00 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] [OT} Anti-Virus - Client Side Suggestion McAfee, Norton, or others? Which do you think provides the quickest updates and the best support.. Just was curious.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MAXATONCE Switch
Yes . I only removed /nofloppy Thanks very much. The performance is where it should be. I was wondering why mail was so slow BG DUH. DC From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Saturday, April 17, 2004 12:50 AMTo: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] MAXATONCE Switch Doug,I'm not sure about the NOMEM option, but I verified several months ago that while NOBOOT isn't listed, fpcmd.exe will scan the boot sectors unless you use that switch. You should definitely use both of these switches.MattDouglas Cohn wrote: First of all I am a putz cause I completely ignored the first line since my path was more like the second G. But if you type fpcmd /? It does not show the NOMEM or NOBOOT options. Weird. I will switch it now. DAMN Now I know why my mail was so slow. What a moron I yam.. Thanks DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Hyslip Sent: Friday, April 16, 2004 11:45 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MAXATONCE Switch As listed at http://www.declude.com/virus/manual.htm F-Prot - SCANFILE C:\Progra~1\Comman~1\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt (or SCANFILE C:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt) VIRUSCODE 3 VIRUSCODE 6 REPORTInfection: Definitely works a lot better than the 16-bit version :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Douglas Cohn Sent: Friday, April 16, 2004 11:36 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MAXATONCE Switch Scott Why does your sample F-prot command line use the 16 bit scanner instead of the 32 bit one? Do you have a recommended command line for FPcmd and do you recommend that we always use it instead of F-prot.exe. I have not patched my Imail server with the current Microsft patches because I am concerned as well. I have seen some odd behavior on other systems with those updates. I see /noboot /nofloppy and others are not available under fpcmd. TIA Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Friday, April 16, 2004 10:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MAXATONCE Switch Your recommendation is MAXATONCE O allows unlimited processes to run at the same time. Correct. Setting the switch to 8 or 10 will make SMTP hangs or become slower? It is unlikely to make much of a difference, because [1] SMTP hangs should not be related to the resources used by the virus scanner, and [2] it is unlikely that you will have 8-10 virus scanners processes running at the same time. The MAXATONCE option was originally designed for people who have licensing arrangements where they can only have a certain number of copies of the virus scanner running simultaneously. Is you recommendation to set it to unlimited? Yes. SMTP is now very slow after applying MSFT patches (apr 14). Sometimes smtp service just hangs. For some reason, some servers have a horrible time handling too many 16-bit processes, and end up causing serious delays in TCP/IP connections like you describe. Are you using a 16-bit virus scanner (such as F-Prot.exe) with Declude Virus? If so, I would recommend switching to a 32-bit scanner (such as F-Prot's fpcmd.exe), which will likely help alleviate the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus]
RE: [Declude.Virus] MAXATONCE Switch
I am also using /SERVER and /ARCHIVE=5 I have no idea if it is doing anything worthwhile but it has not created any false positives so I leave it in. I actually got the config from users on this list. I am being cautious regarding Viruscode 8 and excel and word files. So far so good. SCANFILE C:\Progra~1\FSI\F-Prot\Fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /SERVER /REPORT=report.txt) VIRUSCODE 3VIRUSCODE 6VIRUSCODE 8REPORT Infection: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto ArangoSent: Saturday, April 17, 2004 12:38 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] MAXATONCE Switch The switch you should remove is /NOFLOPPY if you are using fpcmd.exe. Otherwise an error in the virus log will show up like this 1 [1 of 2 not deleted] files were deleted here is my new configuration with fprot 32 bits. And it works fine. SCANFILE [PATH]fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt [PATH]=where ever you fpcmd.exe is in your server. In one post in the list a while ago, Scott suggested to remove the /NOBOOT switch along with /NOFLOPPY. But in the declude manual the /NOBOOT option is there, so I keep it in my scanfile line. As I say it works very well now, and faster than ever. We also have the new MSFT patches installed. -Luis Arango -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Friday, April 16, 2004 11:50 PMTo: [EMAIL PROTECTED]Subject: X-SPAM-Phrase Re: [Declude.Virus] MAXATONCE Switch Doug,I'm not sure about the NOMEM option, but I verified several months ago that while NOBOOT isn't listed, fpcmd.exe will scan the boot sectors unless you use that switch. You should definitely use both of these switches.MattDouglas Cohn wrote:First of all I am a putz cause I completely ignored the first line since mypath was more like the second G.But if you type fpcmd /? It does not show the NOMEM or NOBOOT options.Weird.I will switch it now.DAMN Now I know why my mail was so slow. What a moron Iyam..ThanksDC -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Mike HyslipSent: Friday, April 16, 2004 11:45 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.Virus] MAXATONCE SwitchAs listed at http://www.declude.com/virus/manual.htmF-Prot -SCANFILE C:\Progra~1\Comman~1\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE/NOBOOT /DUMB /REPORT=report.txt (or SCANFILEC:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY/NOBOOT /DUMB /REPORT=report.txt)VIRUSCODE 3VIRUSCODE 6REPORT Infection:Definitely works a lot better than the 16-bit version :)-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Douglas CohnSent: Friday, April 16, 2004 11:36 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.Virus] MAXATONCE SwitchScottWhy does your sample F-prot command line use the 16 bit scanner instead ofthe 32 bit one?Do you have a recommended command line for FPcmd and do you recommend thatwe always use it instead of F-prot.exe. I have not patched my Imail serverwith the current Microsft patches because I am concerned as well. I haveseen some odd behavior on other systems with those updates.I see /noboot /nofloppy and others are not available under fpcmd.TIADoug -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott PerrySent: Friday, April 16, 2004 10:48 AMTo: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] MAXATONCE Switch Your recommendation is MAXATONCE O allows unlimited processes to run at the same time. Correct. Setting the switch to 8 or 10 will make SMTP hangs or become slower? It is unlikely to make much of a difference, because [1] SMTP hangs shouldnot be related to the resources used by the virus scanner, and [2] it isunlikely that you will have 8-10 virus scanners processes running at thesame time.The MAXATONCE option was originally designed for people who have licensingarrangements where they can only have a certain number of copies of thevirus scanner running simultaneously. Is you recommendation to set it to unlimited? Yes. SMTP is now very slow after applying MSFT patches (apr 14). Sometimes smtp service just hangs. For some reason, some servers have a horrible time handling too many 16-bitprocesses, and end up causing serious delays in TCP/IP connections like youdescribe.Are you using a 16-bit virus scanner (such as F-Prot.exe) with DecludeVirus? If so, I would recommend switching to a 32-bit scanner (such asF-Prot's fpcmd.exe), which will likely help alleviate the problem. -Scott---Declude JunkMail: The advanced anti-spam solution for IMail mailserverssince 2000.Declude Virus: Ultra reliable virus detection and the leader in mailservervulnerability detection.Find out what you've been missing: Ask for a free 30-day evaluation.---[This E-mail was scanned for viruses by Declude
RE: [Declude.Virus] MAXATONCE Switch
Scott Why does your sample F-prot command line use the 16 bit scanner instead of the 32 bit one? Do you have a recommended command line for FPcmd and do you recommend that we always use it instead of F-prot.exe. I have not patched my Imail server with the current Microsft patches because I am concerned as well. I have seen some odd behavior on other systems with those updates. I see /noboot /nofloppy and others are not available under fpcmd. TIA Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 16, 2004 10:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MAXATONCE Switch Your recommendation is MAXATONCE O allows unlimited processes to run at the same time. Correct. Setting the switch to 8 or 10 will make SMTP hangs or become slower? It is unlikely to make much of a difference, because [1] SMTP hangs should not be related to the resources used by the virus scanner, and [2] it is unlikely that you will have 8-10 virus scanners processes running at the same time. The MAXATONCE option was originally designed for people who have licensing arrangements where they can only have a certain number of copies of the virus scanner running simultaneously. Is you recommendation to set it to unlimited? Yes. SMTP is now very slow after applying MSFT patches (apr 14). Sometimes smtp service just hangs. For some reason, some servers have a horrible time handling too many 16-bit processes, and end up causing serious delays in TCP/IP connections like you describe. Are you using a 16-bit virus scanner (such as F-Prot.exe) with Declude Virus? If so, I would recommend switching to a 32-bit scanner (such as F-Prot's fpcmd.exe), which will likely help alleviate the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MAXATONCE Switch
First of all I am a putz cause I completely ignored the first line since my path was more like the second G. But if you type fpcmd /? It does not show the NOMEM or NOBOOT options. Weird. I will switch it now. DAMN Now I know why my mail was so slow. What a moron I yam.. Thanks DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hyslip Sent: Friday, April 16, 2004 11:45 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MAXATONCE Switch As listed at http://www.declude.com/virus/manual.htm F-Prot - SCANFILE C:\Progra~1\Comman~1\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt (or SCANFILE C:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt) VIRUSCODE 3 VIRUSCODE 6 REPORTInfection: Definitely works a lot better than the 16-bit version :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Friday, April 16, 2004 11:36 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MAXATONCE Switch Scott Why does your sample F-prot command line use the 16 bit scanner instead of the 32 bit one? Do you have a recommended command line for FPcmd and do you recommend that we always use it instead of F-prot.exe. I have not patched my Imail server with the current Microsft patches because I am concerned as well. I have seen some odd behavior on other systems with those updates. I see /noboot /nofloppy and others are not available under fpcmd. TIA Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 16, 2004 10:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MAXATONCE Switch Your recommendation is MAXATONCE O allows unlimited processes to run at the same time. Correct. Setting the switch to 8 or 10 will make SMTP hangs or become slower? It is unlikely to make much of a difference, because [1] SMTP hangs should not be related to the resources used by the virus scanner, and [2] it is unlikely that you will have 8-10 virus scanners processes running at the same time. The MAXATONCE option was originally designed for people who have licensing arrangements where they can only have a certain number of copies of the virus scanner running simultaneously. Is you recommendation to set it to unlimited? Yes. SMTP is now very slow after applying MSFT patches (apr 14). Sometimes smtp service just hangs. For some reason, some servers have a horrible time handling too many 16-bit processes, and end up causing serious delays in TCP/IP connections like you describe. Are you using a 16-bit virus scanner (such as F-Prot.exe) with Declude Virus? If so, I would recommend switching to a 32-bit scanner (such as F-Prot's fpcmd.exe), which will likely help alleviate the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] getting this in my logfile
On this same subject. If you are using Fprot and have configured it exactly as you recommend on the WEBSITE will an Excel file with a dangerous Macro be detected? IE is there a middle ground with FPROT? I currently have /SERVER in my commandline and Viruscode 8 in my config (see below) because I did not want infected Excel files passing. But I do not want to block every Excel/Word file just because it has a macro. Alternatively if an Excel file that is NOT infected but contains a macro is enclosed within a ZIP file with these same settings (that I am using) will it also block it? TIA Doug Snippet of my Virus.cfg-- SCANFILEC:\Program Files\FSI\f-prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOBOOT /DUMB /SERVER /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORTInfection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, April 13, 2004 8:00 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] getting this in my logfile 04/13/2004 11:21:23 Qb1072b82012a066d Could not find parse string Infection in report.txt 04/13/2004 11:21:23 Qb1072b82012a066d Error 8 in virus scanner 1. 04/13/2004 11:21:23 Qb1072b82012a066d Scanned: Error in virus scanner. [MIME: 2 270831] the mail with attachment are being hold Its a mail with an excel document with macro's but no virus Running the latest f-prot, and a the latest interim relase, anyone having any idea why or what happens It sounds like you set up F-Prot to detect suspicious files -- which will block most files with macros in them. You need to switch back to the default settings (unless you are OK blocking files with macros in them). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] netsky p ?
Is there any thought about changing this? IE removing the attachment and passing the email through. Or is the case I gave very rare?? IE a legitimate email with the Quarantined Attachment.txt. And if not blocked it will come through, I am aware as I do not block them. Why add Quarantined Attachment.txt to the list of banned names? Who cares if it gets through? It is not a virus anymore, and if it is it will be detected. Basically I am asking if anyone knows whether the percentage of the emails that have been cleaned and replaced with this ridiculous text file, viruses or just attachments that are not allowed. Thanks guys Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, March 25, 2004 9:11 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] netsky p ? So again the question is does banname block the attachment or the email and the attachement??? It should treat the E-mail the same way as a banned file extension, sending out the \IMail\Declude\bannotify.eml file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Could not find parse string Infection: in report.txt
Can anyone tell me what this means. I included the later lines as well. Running Declude standard Diagnostics ON (Declude v1.78i27). Fprot 3.14e with this command line SCANFILEC:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOFLOPPY /NOBOOT /DUMB /SERVER /REPORT=report.txt) VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORTInfection: 03/19/2004 03:01:17 Qa8cb020101122357 Could not find parse string Infection: in report.txt 03/19/2004 03:01:17 Qa8cb020101122357 File(s) are INFECTED [: 8] 03/19/2004 03:01:17 Qa8cb020101122357 Scanned: CONTAINS A VIRUS [MIME: 3 25487] 03/19/2004 03:01:17 Qa8cb020101122357 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 80.65.93.134] 03/19/2004 03:01:17 Qa8cb020101122357 Subject: Re: Thank you! --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Could not find parse string Infection: in report.txt
Thanks for the immediate reply G Will it treat the message like a virus. IE not forward it to the recipient? Love your company and product. You should start a consulting company and teach corporations how to treat customers. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Saturday, March 20, 2004 1:40 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Could not find parse string Infection: in report.txt Can anyone tell me what this means. I included the later lines as well. 03/19/2004 03:01:17 Qa8cb020101122357 Could not find parse string Infection: in report.txt That means that F-Prot detected a suspicious file, but not a virus. When it does that, it can't know the virus name, so it cannot report the virus name in the report.txt file. Since Declude Virus expects a virus name to be present, that warning is logged. In this case, you will see the name of the virus appear as [Unknown Virus]. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] whitelisting?
I agree with your customer. Why do you ban all zip files? How are they expected to conduct business if their business requires transferring files? My customers required that I create a way for them to retrieve the infected files for them. You could simply do that. Allow the customer to retrieve the infected files if desired by creating a link and script to copy them into the spool dir. Blocking encrypted zips is one thing but why all zip files? Doug -- Original Message -- From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 19 Mar 2004 12:44:15 -0500 Hi, I have a customer that is insisting I let .zip files through (I have them banned right now). Is there any way to allow email to a single address to go through? If I do a whitelist entry for this one email address in the global.cfg, will that work? Thanks, andy thumpernet --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] More details on Virus.cfg and F-prot 3.14E
I have been following the recent threads but I have not seen a definitive answer. Most likely because it is still so new (F-prot 3.14E). Some help would be greatly appreciated. What about the /SERVER setting? Any advantage to using it. I am also a bit confused about the Viruscode settings. I am using the defaults that you recommend VIRUSCODE 3 VIRUSCODE 6 REPORTInfection: But I see others are adding VIRUSCODE 8 OKCODE2 5 What value do they have if any? I assume they must have some value or they would not be using them (I Hope g). Lastly where can I verify and find future info on which Viruses forge headers. This list was nicely supplied to me from someone on this list and I have added it to my cfg. FORGINGVIRUSKlez FORGINGVIRUSBagle FORGINGVIRUSBraid FORGINGVIRUSBridex FORGINGVIRUSBugbear FORGINGVIRUSDumaru FORGINGVIRUSFizzer FORGINGVIRUSHybris FORGINGVIRUSKlez FORGINGVIRUSLentin FORGINGVIRUSMagistr FORGINGVIRUSMydoom FORGINGVIRUSMimail FORGINGVIRUSPalyh FORGINGVIRUSSober FORGINGVIRUSSobig FORGINGVIRUSVulnerability FORGINGVIRUSYaha Thanks Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, March 18, 2004 1:13 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Log error with latest interim release Scott, your thoughts? From what I have seen, AV heuristics just don't do a good enough job to be useful. Specifically, they seem to catch legitimate E-mails regularly (typically .doc/.xls files). However, depending on your needs, it may be worthwhile to use the heuristics, if the occasional false positive is acceptable. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-prot 3.14e
Thanks. The mail server is W2K server. Appreciate the input. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Tuesday, March 16, 2004 11:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e If you run W2K professional usually f-prot asks you to reboot after the upgrade. Running W2K Server it shouldn't ask you for any reboot at all... at least that has been my experience. So.. you don't have to worry about rebooting. Regards Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Tuesday, March 16, 2004 8:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e Being new to Declude/F-prot I was testing an install. Running W2K I updated F-Prot from 3.14C to 3.14E and restarted everything without rebooting. Seems to be working fine on my desktop. Is this safe on my mail server as well? I am not very comfortable rebooting that often. Thanks DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, March 16, 2004 5:32 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e I didn't have 3.14d loaded in production long enough to form an opinion, but 3.14e seems to be working perfectly. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, March 16, 2004 12:12 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-prot 3.14e Appears to be out today. -- John Shacklett [EMAIL PROTECTED] [EMAIL PROTECTED] www.continentaloffice.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-prot 3.14e
I am running it locally on W2K Pro without rebooting and did get some error recently but was with the On demand Scanner which is not used. But it clearly stated reboot required. I will test on W2K Server and will soon know. The real issue is if it saus reboot do I need to. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Wednesday, March 17, 2004 8:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e We always thought that it depended on whether Real-Time protector and/or Scheduler was updated. Guess some more experimentation is called for, although we're scanning on an NT4 server. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Tuesday, March 16, 2004 11:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e If you run W2K professional usually f-prot asks you to reboot after the upgrade. Running W2K Server it shouldn't ask you for any reboot at all... at least that has been my experience. So.. you don't have to worry about rebooting. Regards Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Tuesday, March 16, 2004 8:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e Being new to Declude/F-prot I was testing an install. Running W2K I updated F-Prot from 3.14C to 3.14E and restarted everything without rebooting. Seems to be working fine on my desktop. Is this safe on my mail server as well? I am not very comfortable rebooting that often. Thanks DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, March 16, 2004 5:32 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e I didn't have 3.14d loaded in production long enough to form an opinion, but 3.14e seems to be working perfectly. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, March 16, 2004 12:12 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-prot 3.14e Appears to be out today. -- John Shacklett [EMAIL PROTECTED] [EMAIL PROTECTED] www.continentaloffice.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-prot 3.14e
Being new to Declude/F-prot I was testing an install. Running W2K I updated F-Prot from 3.14C to 3.14E and restarted everything without rebooting. Seems to be working fine on my desktop. Is this safe on my mail server as well? I am not very comfortable rebooting that often. Thanks DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, March 16, 2004 5:32 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e I didn't have 3.14d loaded in production long enough to form an opinion, but 3.14e seems to be working perfectly. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, March 16, 2004 12:12 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-prot 3.14e Appears to be out today. -- John Shacklett [EMAIL PROTECTED] [EMAIL PROTECTED] www.continentaloffice.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] sample configs
Are there any sample configs around to get some ideas on what works well. I just setup Declude AV and it worked right out of the box. Nice feeling. Thanks for the great product. Doug --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Encrypted password
I read that there are two products capable of this. Aladdin and Network Box or something like that. http://www.ealaddin.com/news/2004/esafe/Bagel_virus.asp and another http://www.tmcnet.com/usubmit/2004/Mar/1024780.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Saturday, March 13, 2004 12:45 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Encrypted password not directly relevent to declude scott had mentioned that certains gateway scanners parse the message body looking for the password, use that password to open the zip file and scan it now they can do that anymore it would be intersting to see if these gateway products will catch this type of message - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 13, 2004 5:15 PM Subject: RE: [Declude.Virus] Encrypted password Hi Serge: Could you please elaborate on this? I am confused.. The virus is password protected zip file? If so then we are covered with BANEXT EZIP Or is this different? Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Saturday, March 13, 2004 12:11 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Encrypted password Now they have it in a BMP file so antivirus programs wont be able to find it: Note: Use password img src=cid:wjqkastket.bmp; to open archive --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.