http://danjacoby.de/modules/Search/life.html
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
l need to change
the location in the following three things (don't quote me on this)
1) clamav.reg
2) clamd.conf
3) The freshclam.exe --datadir argument
Matt
On 4/29/2010 4:14 PM, Michael Cummins wrote:
The official download from Clam wouldn't install on my Windows 2003
box.
into Windows. Unlike CDONTS, CDOSYS
can be pointed at your mail server with or without authentication and
doesn't require MS SMTP to be installed or running on your box. Here's
a link to some example code:
http://www.w3schools.com/asp/asp_send_email.asp
Matt
Hirthe, Alexa
Alligate doesn't filter POP3.
Is that what you wanted to know?
Matt
Uwe Degenhardt wrote:
Hi list, we are a small provider doing some shop-hosting services.
As a side-service we are running one eMail-server for 65 domains and
approximately 270 user.
We tried Alligate (trial) as a ga
Kevin,
Just to be more specific, if you use the HOLD action, those messages
that are held will not be virus scanned.
On our system, we use a combination of COPYFILE and ROUTETO, and they
are in fact virus scanned when using AVAFTERJM.
Matt
Kevin Bilbee wrote:
Be careful with this
It's as easy as creating the spool files from scratch. Declude already
does everything else that is necessary. There's no need for even
something like BLAT.
Matt
Andy Schmidt wrote:
>> it could generate bounces with a null sender, and that's long
overdue. <<
Some of us believe that it is the IMail1.exe executable that Declude
uses and not the IMail.exe executable that is being discontinued.
Regardless, if Declude stopped using IMail1.exe, it could generate
bounces with a null sender, and that's long overdue.
Matt
Andy Schmidt wrote:
Da
en
by bad encoding, but that flaw was likely patched, or at least it has
not been exploited in mass.
Matt
Mon Mariola - Rubén wrote:
Matt,
So far, the only case where I find this vulnerability is in the mail
sent from the program Incredimail.
If these lines are actually prohibited in RFC, it i
ILITYOLMIMESEGMIMEPRE
ALLOWVULNERABILITYMIMESEGMIMEPOST
ALLOWVULNERABILITYOLLONGFILENAME
ALLOWVULNERABILITYOLBLANKFOLDING
ALLOWVULNERABILITYOBJECTDATA
ALLOWVULNERABILITYOLBOUNDARYSPACEGAP
ALLOWVULNERABILITYOLMIMEHEADER
ALLOWVULNERABILITYOLLONGBOUNDARY
Matt
virus scanners can detect a virus in a partial message
and of course there is spam blocking so it wouldn't mean a complete
lack of detection on the server side.
Matt
Andy Schmidt wrote:
Hi,
Actually, the
“Partial/Fragmented
Vulnerability” is one that ideally should be le
Dave,
His logs show however that the AV scanners were called, so this message
didn't hit HOLD or DELETE.
Matt
David Barker wrote:
AVAFTERJM ON means if the email reaches the JM either HOLD or DELETE
to not call the AV in the Declude code. Try switching this OFF to see
if it res
BANEXT RAR will block all RAR files, encrypted or not. That wasn't the
issue at hand here. It was related to BANEZIPEXTSON (in my case)
and possibly BANEZIPON.
Matt
Dan Shadix wrote:
BANEXT rar has been working great for me.
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROT
nt to block them when there is an executable inside to maintain
proper levels of protection.
Let me know if you would like some more feedback or information.
Thanks,
Matt
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PRO
all if not all were blocked as spam. Another saving grace
is the fact that it came out as an encrypted RAR which very few people
have support for.
Be absolutely certain that he will be back.
Matt
Gary Steiner wrote:
Basically that is what ClamAV is doing. It detects it as a phi
occasion. If it is only
loaded once when the service starts, then that's not such a big deal,
but it is definitely better to lose regex than it is to lose Declude as
these systems have to have high availability and should be designed that
way.
Thanks,
Matt
David Barker wrote:
The
Once you have the CODE in the Declude.cfg, make sure that you restart
the "decludeproc" service in order to enable it.
Matt
Bill Green dfn Systems wrote:
Is there an actual set of instructions for a Declude Upgrade for
IMail? The Declude site lists Installation Instructions, bu
The format is the same as before, but with a different code, i.e.:
CODE YOUR-CODE-GOES-HERE
Matt
Bill Green dfn Systems wrote:
I've just upgraded to the 4.x suite from 3.0. I'm getting the Invalid
Key message. According to the Archives, I need to put the Key in the
declud
I hate autoresponders...but people sometimes tell me that I am too
critical, so I guess I actually love them.
Matt
Colbeck, Andrew wrote:
I think I received 36 of them.
Andrew.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Craig Edmonds
and this affects all Declude
users that block EXE's and use bannotify.eml to bounce.
Matt
Colbeck, Andrew wrote:
.. I hope that Declude will
agree with Matt's point that backscatter must be avoided. There is
ample precedent, for example in that the BOUNCE action was renamed
g using "SKIPIFEXT mismatched.exe"
in my bannotify.eml to see if that helps, but this should not bounce
such messages by default as if they were EXE's. It makes sense to give
it a unique extension for these conditions and let us determine what to
do with them instead of lumping it to
e Declude Virus to handle "unknown" files in a different way.
We could choose for instance to block them, but not bounce them.
Thanks,
Matt
---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
ability to function, typically by having
many GB of data that decompresses from a zip/rar/etc. that is tiny in
comparison.
Matt
Scott Fisher wrote:
I think it is in their to defend against an "archive bomb".
Archive bomb:
This is a seemingly small archive file that is actually hi
I am running 4.0.9.4
I will also not upgrade to a newer version due to unacceptable
licensing enforcement issues.
Thanks,
Matt
Darrell ([EMAIL PROTECTED]) wrote:
What version are you running Matt in
version 3.0.5.20 they fixed a ms-tnef issue with winmail.dat.
This
ED]
To: [EMAIL PROTECTED] [outgoing from ##.##.48.210]
07/17/2006 06:32:41.269 q674000a2e465.smd Subject: FW: M341092022 /
M341092023
Thanks,
Matt
---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscrib
Thanks. That does help.
Matt
David Barker wrote:
ALLOWVULNERABILITY NONSTANDARDHDR
David B
www.declude.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt
Sent: Friday, July 07, 2006 11:08 AM
To: declude.virus@declude.com
Subject: Re
David,
In reference the the NONSTANDARDHDR vulnerability, did you include the
ability to turn this off?
Thanks,
Matt
David Barker wrote:
EVA ADD New NONSTANDARDHDR vulnerability test. Messages found to
have broken headers are moved to the \virus folder
EVA FIX
g this stuff up, I just want you guys to
get it. Pretend for a second that I am right, and then look back at
what you are doing. Please.
Matt
David Barker wrote:
Matt,
The CRLF problem has more to do with the email server and not Declude,
emails that are so badly broken should be either
n respond rapidly to such things not
just now, but as they occur in the future.
Thanks,
Matt
David Barker wrote:
Matt,
Headers not using proper CRLF line breaks is currently being tested using
the new vulnerability NONSTANDARDCRLF test.
As for these items they are on the list for engineers
e Virus to fail decoding, WHITELIST IP being
applied before IPBYPASS, and the issue where Declude's headers are
inserted at the bottom of the message when the headers don't use proper
CRLF line breaks?
Thanks,
Matt
David Barker wrote:
I have added the request to the wish list. We ar
il it is
clear that they are capable of handling the bugs.
Sorry to make an example of you here; that's not the intention of
course. I just thought that it would be constructive to point this
stuff out for the benefit of Declude and it's customers alike.
Matt
John T (Lists) w
el hosting environment.
Lots of luck,
Matt
Bob McGregor wrote:
this is a bit off-topic but
we had one of our servers last night have the ebay spoof page loaded on it.
Anyone have info as to how this gets loaded and, more imporantly how to keep it
from happening?
The only things I found w
are far more executables that could be legitimate and the
extra heuristics might be unwanted.
Matt
marc wrote:
really rare information about the /AI Switch...
just found this about "Neural network":
http://www.f-prot.com/support/windows/fpwin_faq/17.html
We will not use i
by Declude users on the lists, though I am not sure what the manual
might be listing at this time.
Matt
Mark Reimer wrote:
Matt,
My config is similar to yours except you have AI/Packed/SERVER.
What are
the additional benefits to using these switches?
Mark Reimer
IT
hould stop your issues if
you change to it:
C:\Progra~1\FSI\F-Prot\fpcmd.exe /AI /SILENT /NOBOOT /NOMEM
/ARCHIVE=5 /PACKED /SERVER /DUMB /REPORT=report.txt
I have no virus hits that match what you are showing for F-Prot using
this config.
Matt
Kami Razvan wrote:
Hi Matt..
th
Kami,
You might want to post your full Declude Virus log snippet for one such
message and identify both your Declude version and your virus scanners.
Matt
Kami Razvan wrote:
Hi;
We
are having a major problem. A large number of emails are getting
caught with the following
ity Advisory (917077)
Vulnerability in the way HTML Objects Handle Unexpected Method Calls
Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/917077.mspx
Matt
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL
ghts on
Declude.exe", and that would have been blocked if it was forwarded.
I suppose that it is possible that one or both of these things could be
exploited, but they aren't currently, they are unlikely to be, and
there is a very real issue with blocking files that shouldn't be
blocked. I am afraid to say that extension blocking is not reliable.
It could e made reliable, and this issue has been know for a long time,
but it's still here.
Please, please, please fix this.
Thanks,
Matt
Canada...home of the ridiculously long disclaimers :)
Matt
Colbeck, Andrew wrote:
Tu peut l'escrite en Francais et Espanol dans la meme recip.eml; je vu
beaucoup de cette technique en Canada, mais c'est en Anglais et
Francais.
Andrew 8)
-Original Message
n the meantime I
would suggest downgrading to 3.0.5.23 or below since this appears to
have popped up after that.
Matt
Kevin Bilbee wrote:
I guess Declude needs to standup and answer this
thread. It is there software. I can repeate the issue by sending a
message from our Copier. With th
ar to be from different causes.
Matt
Kaj Søndergaard Laursen wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Bilbee
Sent: 19. februar 2006 08:33
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Running declude 4.x
has a free app that allows for inserting footers into messages,
but I don't believe it supports dynamic content. Look at the footer of
one of Sandy's posts for a link.
Matt
Andrew Peskin wrote:
Hello all ... I am trying to do the following: On each message
scanned by Declude
I would prefer that Declude decoded them before scanning.
Matt
Mark Reimer wrote:
I'm curious. Are people banning BHX, HQX, UUE,
UU, and MIM since the Kapser/Blackmal.E/MyWife.d virus hit? If so have
you seen any negative effects from doing this. I'm thinking of blo
Thanks for the clarificaiton.
Matt
David Franco-Rocha [ Declude ] wrote:
When scanning for viruses after JunkMail through use of the above
directive, the following rule applies:
All email will continue to be scanned for viruses EXCEPT those emails
having a final JunkMail action of
't
practical to search through all of them.
Matt
Colbeck, Andrew wrote:
On the plus side, there are
mitigating circumstances...
First, let me point out that
although the antivirus companies will lag behind the virus authors, the
antivirus guys aren't sleeping.
icular virus is so destructive that a
single copy could cause severe damage to one's enterprise. I cross my
fingers hoping that none of this would be necessary, but that's not
enough to be safe.
Matt
would be wise so long as you had two
virus scanners running.
Note that I'm not dismissing your primary intention of pointing out the
FP issue with virus scanning and a way to deal with it.
Matt
Markus Gufler wrote:
Today I've had a message hold as false positive ("unknown vi
your DNS to another provider. When I ran
into this a year ago it was an older version of BIND that was causing
issues, but I have heard that old Cisco and SonicWall software can also
block these packets.
Matt
Matt wrote:
Marc,
One other off-topic thing. For some reason, none of my Windows
is blocking or otherwise selectively not responding to
queries made from Windows 2003 DNS (including nslookup running on those
boxes). You might want to check into this because this is probably
widespread.
Matt
Marc Catuogno wrote:
Matt –
thanks again. I can’t
get a download off
apture accounts (unless you want to click back
for every message). Maybe they will change to a framed format in 3.0,
but until they do, I have no choice but to keep IMail.
I'm sure that clears a lot of things up :)
Matt
Marc Catuogno wrote:
Matt –
thanks again. I can’
immediate use, and I am willing to wait a bit longer
so that a period of stability can be established before I make the jump.
Matt
Marc Catuogno wrote:
So since I
am running 1.82 I can either
allow all vulnerabilities or not…
I have been
putting off upgrading till
IMAIL a
ALLOWVULNERABILITIESFROM came in 2.0. They never documented ALLOWVULNERABILITY in the release notes, but
I know it works in 2.0.6.14 and higher. I think it came along
somewhere after 2.0.6.0
Matt
Marc Catuogno wrote:
Matt thank
you – What version of
Declude is needed for
ingle
address using the following line in your Virus.cfg:
ALLOWVULNERABILITIESFROM [EMAIL PROTECTED]
Matt
Marc Catuogno wrote:
Somebody is
sending e-mail that must get
through (of course) and it is failing the blank folding Vulnerability
test.
What can I tell this person they s
f the modified one to be used with COPYFILE, please voice your
opinions. I can't understand how the modified Q file is useful at all,
so I believe the behavior should be changed entirely instead of adding
a switch and further complicating the code. This essentially would
make it just like HOLD, but n
Sorry. If you add the following directive to your Global.cfg it will:
COPYFILEACTIONWITHHEADERS ON
This was introduced somewhere in the 2.x series. It's a very useful
tweak for me.
Matt
Scott Fisher wrote:
COPYFILE does not add any Declude
he
Correction. COPYFILE wouldn't work with HOLD, so you would need to
ROUTETO null.
Matt
Matt wrote:
Dan,
You might try COPYFILE which is essentially HOLD, but it adds the
Declude headers to the messages. COPYFILE won't block the E-mail
however, so you might want to eith
ether or not the COPYFILE action happens before or
after virus scanning with AVAFTERJM ON, so that would need to be
verified, but it might be a good workaround if this is a problem.
Matt
Dan Horne wrote:
IIRC, the HOLD action was where the risk came in. Messages that are
held by Declude
tance, one could use the HEADER action or WARN action to tag the
headers and then use IMail rules to move these messages into a special
folder or delete them from the spam capture accounts if that was
preferred.
Would people agree that this is accurate?
Matt
Darrell ([EMAIL PROTECTED]) wrote:
I thought that AV false positives can occur with definitions for known
virus names. In other words, if a message gets tagged as Bagle, it
might be legit 0.1% of the time. So would this really be a
complete solution?
Matt
Colbeck, Andrew wrote:
Markus would find this handy (as
messages, ROUTETO about 10%, and
deliver about 20%. I would like to save on scanning what I would
otherwise be deleting with JunkMail.
Matt
Keith Johnson wrote:
Markus,
However, Darrell mentioned that the AV scanner still runs once
action is taking agains the SPAM message (i.e. routeto
on servers thus far and it is
dragging out my growth. The savings for me would be huge.
If I am wrong about the behavior of AVAFTERJM, please point out my
mistakes.
Matt
Colbeck, Andrew wrote:
Do you mean this script on my disk who creates one hour each
day with 100% CPU usage?
l are sent to local accounts, you can't make a good
argument for changes there.
Matt
Colbeck, Andrew wrote:
I agree completely.
I use the postmaster
notification only, so only internal notifications happen. I use the
FORGINGVIRUS statements to limit what we have to see.
tifying them for fear of creating
backscatter.
Matt
Colbeck, Andrew wrote:
A kapser was detected on my F-Prot based system today.
I'm attaching the output of the scan from virustotal.com for your
interest.
I also scanned it with my TrendMicro which detects it by a different
name:
http://
. Another good reason for using
two scanners.
Matt
Colbeck, Andrew wrote:
Easy way to check if your Declude Junkamil is catching your viruses.
Check for the subject lines and see if you held those messages (or
whatever you do with your spam).
I just sorted out the subject lines for the sober.
and price.
Matt
Dean Lawrence wrote:
Thanks Matt,
I'm in a similar situation where this server is not part of my
internal network so the only people who would connect to it would be
myself and a couple of clients via FTP. I do have a couple of web apps
for recruiting clients where t
nd
clients. Symantec Corporate is a killer desktop solution because of
the manageability, and if you go that direction, I would put a
different vendor on the servers just so you have the protection of two
completely separate solutions.
Matt
Dean Lawrence wrote:
Thanks Scott,
So the Symant
are seeing is about. I'm thinking that it might be inaccurate. I don't
know though, but the best solution if you are concerned about security
is to install a hardware based firewall which could be a device that
calls itself a firewall or just a router that can block ports as
described
. It's just not worth it.
At the same time, you might want to check what the current recommended
command line should be for your virus scanner(s) since there have been
some changes in the last year that could result in missed viruses if you
haven't updated your command line
y get hacked again.
Matt
Crejob.com wrote:
Actually imail1.exe created several blank account in my system,
like t, te, tech, etc. these accounts show up in registry and
webmail admin page, but in Imail admin and real users folder,
there is no such accounts.
In the registry, these forged account
McAfee is detecting this currently as W32/[EMAIL PROTECTED] F-Prot is still
missing it. My first hit was at 2:08 p.m. EST, just 40 minutes ago and
McAfee seems to have had this one tagged prior to the outbreak starting
since none have slipped through yet.
Matt
Rick Davidson wrote:
heads
that thread where Clam-AV in daemon mode was tested and
found to be a very close second to F-Prot.
Matt
John Carter wrote:
This raises a question(s): Has anyone done any real testing of which AVs
(in relation to Declude) perform the best, use the least resources, what is
the best scanning order
tilization went up
by almost 50%, so this isn't recommended unless you have plenty of head
room.
For details of my tests on the scanners:
http://www.mail-archive.com/declude.virus@declude.com/msg09001.html
Matt
John Carter wrote:
This raises a question(s): Has anyone done any real t
Our system shows the first of these new Bagel varients hit us at 6:11
a.m. EST and the last to come through without being blocked by the
virus scanner was at 9:12 a.m. The volume was rather heavy.
Matt
Panda Consulting S.A. Luis Alberto Arango wrote:
There is a new virus I received
that these are mostly clean IP's and they come from all over
the place.
Matt
John Carter wrote:
We are currently getting hit with a blast of emails with ZIP attachments.
They are showing clean, at least with F-Prot and ClamAV under Declude, plus
a manual scan by Trend Micro. They fak
Since this appears to be the beginnings of a "me too" thread...me too!
Matt
Scott Fisher wrote:
I would consider 3.0.5.10/11 interim releases... Scott would never
have documented them.
I too would like to see the release notes updated with each and every
version...
but it
exploitable as a relay (plenty of others like Yahoo and HotMail also
should share some blame for lax procedures).
I have one thing to add however. This one came from gmx.net as well as
gmx.de.
Matt
John T (Lists) wrote:
Matt, what
is the payload inside the
zip?
John T
Same servers, but this time it has a Regis.info.zip
attachment and the subject is "Registration Confirmation".
Basically I converted to blocking any zips below 200 KB that come from
these providers with some filtering and it seems to be working.
Matt
s the cake. This virus was designed to not only get past
virus scanners, but also spam blocking. I haven't seen any other
viruses that have done anything to mask their true source like this one
does.
Matt
Darin Cox wrote:
We're seeing a lot of emails with
pword_change.zip
ode a custom
filter that whitelists with a HEADERS WHITELIST STARTSWITH
X-Reprocess: Reprocessed
Matt
David Sullivan wrote:
Matt,
Is it possible to call declude.exe with the path to another folder
containing the Q/D?
M> The one issue with calling declude.exe directly is that y
*.smd file
back into the spool and then calling the Q*.smd file from where ever you
were storing it (using the COPYFILE operative I presume).
Matt
David Sullivan wrote:
Friday, September 23, 2005, 12:17:32 PM, you wrote:
M> You could write something to the message that Declude JunkMail
Don and Jim,
I believe this is an issue with IMail's listserv functionality. I
believe that it desires a plain text response. Try sending the
commands in a plain text message.
Matt
Don Duffy wrote:
Jim,
If you figure how to get off of this list, please let me know. I must
,
however it would be whitelisted in JunkMail if you followed that procedure.
Matt
David Sullivan wrote:
Thursday, September 22, 2005, 9:01:37 AM, you wrote:
Dsic> "AVAFTERJM ON" goes in the virus.cfg file and it makes AV run after JM as
Dsic> you suspected. Several of us run t
Oops, McAfee just slipped. Since 1:09 p.m. EST on my system we
received 52 undetected zips (just over an hour). We caught these all
with a custom filter.
Matt
Colbeck, Andrew wrote:
FYI, Kaspersky reports that
they're now up to something like 20 new variants of Bagle be
I can confirm that F-Prot was again missing the Bagle zips this
morning, however McAfee seems to have caught every one of them with a
generic Bagle definition unlike yesterday. As of 2 p.m., F-Prot was
still missing these Bagles.
Matt
Colbeck, Andrew wrote:
FYI, Kaspersky reports
only slightly faster as far as the stats go, but I
don't think that makes a difference. Maybe the newer versions do
things differently. I would doubt that the developers would accept a
noticeable slowdown in a final version.
Matt
Darin Cox wrote:
According to the Thunderbird we
llowing an
initial setup? Maybe you could be more specific about the speed issues.
Matt
Darin Cox wrote:
Just loaded it (1.5.1 beta). Seems
to be almost identical to OE for the way I use it...except slower.
Speed is one of the reasons I use OE instead of Outlook. :
, and there's none of that magic stuff that hides
important things from you the way that Outlook does. And of course
hardly any known vulnerabilities for auto-execution.
Matt
Darin Cox wrote:
Plain
text would be my preference as well, to see headers and message at once.
whether
or not is is better to see the plain text source or the rendered
message. I guess I am used to seeing the plain text and it is easier
for me to figure out what the rule matched that way without a Ctrl+U to
view the source (shortcut in Thunderbird/Netscape).
Matt
Darin Cox wrote:
Yep.
2KpUL1RB0HvAwHkjnWBxSjktz5AAx9+FI0pt2FCYVCyxgqPwuQgRDvin+9z0HIrTTxghW65eDDJIBe1hVdTpXjPtmzx10flMzfpx
QXybsZCfrZjl0VjVItdi+wflODDvEBIwXsI0c4OxQRiKEsAY/MQXHuRnIeExqF8NZUWFIjkO+S3TDjEMLpDBx+KEZie4IihtKBBGpVha7xVZwGGhhlOwlOhw4Jg+VwGa2ig
Matt
Darin Cox wrote:
With Declude 1.82, we haven't had any troubl
Makes sense.
Matt
Colbeck, Andrew wrote:
A very basic:
wget -N http://download.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip
was not working when
Scott (and then I) tried it. But it does now, including with
the -O parameter. I'd hazard a
):
C:\Progra~1\wget\wget --limit-rate=1000k --progress=dot -t 3 -N -P
C:\Progra~1\McAfee\update\
http://download.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip
Matt
Scott Fisher wrote:
-Matt,
Does the wget -N command work for
you with Mcafee.
I also use the -
d.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip
2>&1 | find "100%%"
IF ERRORLEVEL 1 GOTO END
C:\Progra~1\WinZip\wzunzip -ybc
C:\Progra~1\McAfee\update\win_netware_betadat.zip C:\Progra~1\McAfee\
:END
ENDLOCAL
Matt
Markus Gufler wrote:
attached
u have to weigh
that against the possibility of losing E-mail.
I would recommend the HTTP link that Scott provided unless the beta
DAT's are available over FTP.
Matt
William Stillwell wrote:
The
Proper method to update the dat would be to pull the "ini" file
http://dow
ripts linked to or contained on the
Declude site for McAfee updates. You will want to change those before
anyone new adds it in to their system.
Thanks,
Matt
David Barker wrote:
I have been monitoring
everything that has been said and I agree - there is a place I had
setup on the front
you provided and it does in
fact work just great...so far :)
Thanks,
Matt
Scott Fisher wrote:
Great catch Matt.
Mine's gone too since August 2
Thank you Declude for multiple virus
scanner option.
Try:
http://download.nai.com/products/mcafee-avert/beta_pac
i.com/products/mcafee-avert/daily_dats/DailyDAT.zip.
Thanks,
Matt
John Tolmachoff (Lists) wrote:
OK, so it is cpl file, which we should all have in our list of banned
extensions including banned if within a zip file, so we should all be safe,
correct?
John T
eServices Fo
Here's a quick filter that I had put together for it:
HEADERSENDNOTCONTAINSboundary="
BODYENDNOTCONTAINSattachment; filename="
BODYENDNOTCONTAINS.zip" Content-Transfer-Encoding
BODY15CONTAINS price
Matt
That's just the Windows version :)
Matt
Darin Cox wrote:
I thought it was rebooted every night around 3 am ET...
Darin.
- Original Message -
From: "Scott Fisher" <[EMAIL PROTECTED]>
To:
Sent: Friday, September 09, 2005 12:01 PM
Subject: Re: [Declude.V
Maybe someone should reboot the Internet.
Matt
Keith Johnson wrote:
I am seeing this as we attempting to get to certain websites and they
can't be displayed.
Keith
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rodney Bertsch
Sent: F
maybe not. Ever wonder why good backup software costs more
than the OS?
Matt
Doug Traylor wrote:
I agree that the room should be much
cooler, I hate coming in on the weekends here, but the management has
an "if it ain't broke don't fix it" attitude and point out t
temp that I would
want to see. If my colo was over 75F, I would definitely complain.
The guy next to me with 25 TB's of 15,000 RPM SCSI drives would
probably complain louder :)
Matt
Doug Traylor wrote:
We just looked at the operating spec
of our servers from the Manufacturer
1 - 100 of 332 matches
Mail list logo