[Declude.Virus]

http://danjacoby.de/modules/Search/life.html --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.

Re: [Declude.Virus] ClamAV

l need to change the location in the following three things (don't quote me on this) 1) clamav.reg 2) clamd.conf 3) The freshclam.exe --datadir argument Matt On 4/29/2010 4:14 PM, Michael Cummins wrote: The official download from Clam wouldn't install on my Windows 2003 box.

Re: [Declude.Virus] OT - looking for a command line email tool - with attachments

into Windows. Unlike CDONTS, CDOSYS can be pointed at your mail server with or without authentication and doesn't require MS SMTP to be installed or running on your box. Here's a link to some example code: http://www.w3schools.com/asp/asp_send_email.asp Matt Hirthe, Alexa

Re: [Declude.Virus] OT: Alligate as a gateway for providers ?

Alligate doesn't filter POP3. Is that what you wanted to know? Matt Uwe Degenhardt wrote: Hi list, we are a small provider doing some shop-hosting services. As a side-service we are running one eMail-server for 65 domains and approximately 270 user. We tried Alligate (trial) as a ga

Re: [Declude.Virus] F-PROT 6 vs ClamAV SOSDG

Kevin, Just to be more specific, if you use the HOLD action, those messages that are held will not be virus scanned. On our system, we use a combination of COPYFILE and ROUTETO, and they are in fact virus scanned when using AVAFTERJM. Matt Kevin Bilbee wrote: Be careful with this

Re: [Declude.Virus] RE: IMmail 2006.23 release notes

It's as easy as creating the spool files from scratch. Declude already does everything else that is necessary. There's no need for even something like BLAT. Matt Andy Schmidt wrote: >> it could generate bounces with a null sender, and that's long overdue. <<

Re: [Declude.Virus] RE: IMmail 2006.23 release notes

Some of us believe that it is the IMail1.exe executable that Declude uses and not the IMail.exe executable that is being discontinued. Regardless, if Declude stopped using IMail1.exe, it could generate bounces with a null sender, and that's long overdue. Matt Andy Schmidt wrote: Da

Re: [Declude.Virus] Outlook 'Blank Folding' Vulnerability

en by bad encoding, but that flaw was likely patched, or at least it has not been exploited in mass. Matt Mon Mariola - Rubén wrote: Matt, So far, the only case where I find this vulnerability is in the mail sent from the program Incredimail. If these lines are actually prohibited in RFC, it i

Re: [Declude.Virus] Outlook 'Blank Folding' Vulnerability

ILITYOLMIMESEGMIMEPRE ALLOWVULNERABILITYMIMESEGMIMEPOST ALLOWVULNERABILITYOLLONGFILENAME ALLOWVULNERABILITYOLBLANKFOLDING ALLOWVULNERABILITYOBJECTDATA ALLOWVULNERABILITYOLBOUNDARYSPACEGAP ALLOWVULNERABILITYOLMIMEHEADER ALLOWVULNERABILITYOLLONGBOUNDARY Matt

Re: [Declude.Virus] Partial Vulnerability test failures on legitmate email

virus scanners can detect a virus in a partial message and of course there is spam blocking so it wouldn't mean a complete lack of detection on the server side. Matt Andy Schmidt wrote: Hi,   Actually, the “Partial/Fragmented Vulnerability” is one that ideally should be le

Re: [Declude.Virus] exe in zip file why not blocked...

Dave, His logs show however that the AV scanners were called, so this message didn't hit HOLD or DELETE. Matt David Barker wrote: AVAFTERJM ON means if the email reaches the JM either HOLD or DELETE to not call the AV in the Declude code. Try switching this OFF to see if it res

Re: [Declude.Virus] More info about encrypted RAR virus and Declude failures

BANEXT RAR will block all RAR files, encrypted or not. That wasn't the issue at hand here. It was related to BANEZIPEXTSON (in my case) and possibly BANEZIPON. Matt Dan Shadix wrote: BANEXT rar has been working great for me. *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROT

[Declude.Virus] More info about encrypted RAR virus and Declude failures

nt to block them when there is an executable inside to maintain proper levels of protection. Let me know if you would like some more feedback or information. Thanks, Matt --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PRO

Re: [Declude.Virus] new virus with .rar attachment

all if not all were blocked as spam. Another saving grace is the fact that it came out as an encrypted RAR which very few people have support for. Be absolutely certain that he will be back. Matt Gary Steiner wrote: Basically that is what ClamAV is doing. It detects it as a phi

Re: [Declude.Virus] Declude 4.3.46 Release

occasion. If it is only loaded once when the service starts, then that's not such a big deal, but it is definitely better to lose regex than it is to lose Declude as these systems have to have high availability and should be designed that way. Thanks, Matt David Barker wrote: The

Re: [Declude.Virus] Declude Upgrade on IMail - Key Trouble

Once you have the CODE in the Declude.cfg, make sure that you restart the "decludeproc" service in order to enable it. Matt Bill Green dfn Systems wrote: Is there an actual set of instructions for a Declude Upgrade for IMail? The Declude site lists Installation Instructions, bu

Re: [Declude.Virus] Declude Upgrade on IMail - Key Trouble

The format is the same as before, but with a different code, i.e.: CODE YOUR-CODE-GOES-HERE Matt Bill Green dfn Systems wrote: I've just upgraded to the 4.x suite from 3.0. I'm getting the Invalid Key message. According to the Archives, I need to put the Key in the declud

Re: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t

I hate autoresponders...but people sometimes tell me that I am too critical, so I guess I actually love them. Matt Colbeck, Andrew wrote: I think I received 36 of them. Andrew. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Edmonds

Re: [Declude.Virus] Bug in mismatched extensions causes backscatter on spam

and this affects all Declude users that block EXE's and use bannotify.eml to bounce. Matt Colbeck, Andrew wrote: .. I hope that Declude will agree with Matt's point that backscatter must be avoided.  There is ample precedent, for example in that the BOUNCE action was renamed

Re: [Declude.Virus] Bug in mismatched extensions causes backscatter on spam

g using "SKIPIFEXT mismatched.exe" in my bannotify.eml to see if that helps, but this should not bounce such messages by default as if they were EXE's.  It makes sense to give it a unique extension for these conditions and let us determine what to do with them instead of lumping it to

[Declude.Virus] Bug in mismatched extensions causes backscatter on spam

e Declude Virus to handle "unknown" files in a different way.  We could choose for instance to block them, but not bounce them. Thanks, Matt ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.

Re: [Declude.Virus] Oversized.RAR FOUND in ClamAV

ability to function, typically by having many GB of data that decompresses from a zip/rar/etc. that is tiny in comparison. Matt Scott Fisher wrote: I think it is in their to defend against an "archive bomb". Archive bomb: This is a seemingly small archive file that is actually hi

Re: [Declude.Virus] Invalid file types triggering on an invalid file type

I am running 4.0.9.4 I will also not upgrade to a newer version due to unacceptable licensing enforcement issues. Thanks, Matt Darrell ([EMAIL PROTECTED]) wrote: What version are you running Matt in version 3.0.5.20 they fixed a ms-tnef issue with winmail.dat.   This

[Declude.Virus] Invalid file types triggering on an invalid file type

ED] To: [EMAIL PROTECTED] [outgoing from ##.##.48.210] 07/17/2006 06:32:41.269 q674000a2e465.smd Subject: FW: M341092022 / M341092023 Thanks, Matt ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscrib

Re: [Declude.Virus] 4.2 build 20 Released 6 July 2006

Thanks.  That does help. Matt David Barker wrote: ALLOWVULNERABILITY NONSTANDARDHDR David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Friday, July 07, 2006 11:08 AM To: declude.virus@declude.com Subject: Re

Re: [Declude.Virus] 4.2 build 20 Released 6 July 2006

David, In reference the the NONSTANDARDHDR vulnerability, did you include the ability to turn this off? Thanks, Matt David Barker wrote: EVA ADD New NONSTANDARDHDR vulnerability test. Messages found to have broken headers are moved to the \virus folder EVA FIX

Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus

g this stuff up, I just want you guys to get it. Pretend for a second that I am right, and then look back at what you are doing. Please. Matt David Barker wrote: Matt, The CRLF problem has more to do with the email server and not Declude, emails that are so badly broken should be either

Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus

n respond rapidly to such things not just now, but as they occur in the future. Thanks, Matt David Barker wrote: Matt, Headers not using proper CRLF line breaks is currently being tested using the new vulnerability NONSTANDARDCRLF test. As for these items they are on the list for engineers

Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus

e Virus to fail decoding, WHITELIST IP being applied before IPBYPASS, and the issue where Declude's headers are inserted at the bottom of the message when the headers don't use proper CRLF line breaks? Thanks, Matt David Barker wrote: I have added the request to the wish list. We ar

Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus

il it is clear that they are capable of handling the bugs. Sorry to make an example of you here; that's not the intention of course.  I just thought that it would be constructive to point this stuff out for the benefit of Declude and it's customers alike. Matt John T (Lists) w

Re: [Declude.Virus] the ebay spoof spam stuff

el hosting environment. Lots of luck, Matt Bob McGregor wrote: this is a bit off-topic but we had one of our servers last night have the ebay spoof page loaded on it. Anyone have info as to how this gets loaded and, more imporantly how to keep it from happening? The only things I found w

Re: [Declude.Virus] F-Prot Switches

are far more executables that could be legitimate and the extra heuristics might be unwanted. Matt marc wrote: really rare information about the /AI Switch... just found this about "Neural network": http://www.f-prot.com/support/windows/fpwin_faq/17.html We will not use i

Re: [Declude.Virus] Containing: Possibly a new variant of JS/ virus

by Declude users on the lists, though I am not sure what the manual might be listing at this time. Matt Mark Reimer wrote: Matt, My config is similar to yours except you have AI/Packed/SERVER. What are the additional benefits to using these switches?   Mark Reimer IT

Re: [Declude.Virus] Containing: Possibly a new variant of JS/ virus

hould stop your issues if you change to it:     C:\Progra~1\FSI\F-Prot\fpcmd.exe /AI /SILENT /NOBOOT /NOMEM /ARCHIVE=5 /PACKED /SERVER /DUMB /REPORT=report.txt I have no virus hits that match what you are showing for F-Prot using this config. Matt Kami Razvan wrote: Hi Matt..   th

Re: [Declude.Virus] Containing: Possibly a new variant of JS/ virus

Kami, You might want to post your full Declude Virus log snippet for one such message and identify both your Declude version and your virus scanners. Matt Kami Razvan wrote: Hi;   We are having a major problem.  A large number of emails are getting caught with the following

[Declude.Virus] New IE vulnerability, not patched yet

ity Advisory (917077) Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution http://www.microsoft.com/technet/security/advisory/917077.mspx Matt --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL

[Declude.Virus] PLEASE fix the issue with banned extension being detected when they shouldn't be

ghts on Declude.exe", and that would have been blocked if it was forwarded. I suppose that it is possible that one or both of these things could be exploited, but they aren't currently, they are unlikely to be, and there is a very real issue with blocking files that shouldn't be blocked.  I am afraid to say that extension blocking is not reliable.  It could e made reliable, and this issue has been know for a long time, but it's still here. Please, please, please fix this. Thanks, Matt

Re: [Declude.Virus] language specific messages

Canada...home of the ridiculously long disclaimers :) Matt Colbeck, Andrew wrote: Tu peut l'escrite en Francais et Espanol dans la meme recip.eml; je vu beaucoup de cette technique en Canada, mais c'est en Anglais et Francais. Andrew 8) -Original Message

Re: [Declude.Virus] Running declude 4.x

n the meantime I would suggest downgrading to 3.0.5.23 or below since this appears to have popped up after that. Matt Kevin Bilbee wrote: I guess Declude needs to standup and answer this thread. It is there software. I can repeate the issue by sending a message from our Copier. With th

Re: [Declude.Virus] Running declude 4.x

ar to be from different causes. Matt Kaj Søndergaard Laursen wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Bilbee Sent: 19. februar 2006 08:33 To: Declude.Virus@declude.com Subject: [Declude.Virus] Running declude 4.x

Re: [Declude.Virus] ClamAV Footer ...

has a free app that allows for inserting footers into messages, but I don't believe it supports dynamic content. Look at the footer of one of Sandy's posts for a link. Matt Andrew Peskin wrote: Hello all ... I am trying to do the following: On each message scanned by Declude

Re: [Declude.Virus] Encoded viruses...worried

I would prefer that Declude decoded them before scanning. Matt Mark Reimer wrote: I'm curious. Are people banning BHX, HQX, UUE, UU, and MIM since the Kapser/Blackmal.E/MyWife.d virus hit? If so have you seen any negative effects from doing this. I'm thinking of blo

Re: [Declude.Virus] AVAFTERJM

Thanks for the clarificaiton. Matt David Franco-Rocha [ Declude ] wrote: When scanning for viruses after JunkMail through use of the above directive, the following rule applies: All email will continue to be scanned for viruses EXCEPT those emails having a final JunkMail action of

Re: [Declude.Virus] Encoded viruses...worried

't practical to search through all of them. Matt Colbeck, Andrew wrote: On the plus side, there are mitigating circumstances...   First, let me point out that although the antivirus companies will lag behind the virus authors, the antivirus guys aren't sleeping.  

[Declude.Virus] Encoded viruses...worried

icular virus is so destructive that a single copy could cause severe damage to one's enterprise.  I cross my fingers hoping that none of this would be necessary, but that's not enough to be safe. Matt

Re: [Declude.Virus] F-prot exit code 8 and body content

would be wise so long as you had two virus scanners running. Note that I'm not dismissing your primary intention of pointing out the FP issue with virus scanning and a way to deal with it. Matt Markus Gufler wrote: Today I've had a message hold as false positive ("unknown vi

Re: [Declude.Virus] Blank folding vulnerablity help

your DNS to another provider.  When I ran into this a year ago it was an older version of BIND that was causing issues, but I have heard that old Cisco and SonicWall software can also block these packets. Matt Matt wrote: Marc, One other off-topic thing.  For some reason, none of my Windows

Re: [Declude.Virus] Blank folding vulnerablity help

is blocking or otherwise selectively not responding to queries made from Windows 2003 DNS (including nslookup running on those boxes).  You might want to check into this because this is probably widespread. Matt Marc Catuogno wrote: Matt – thanks again.  I can’t get a download off

Re: [Declude.Virus] Blank folding vulnerablity help

apture accounts (unless you want to click back for every message).  Maybe they will change to a framed format in 3.0, but until they do, I have no choice but to keep IMail. I'm sure that clears a lot of things up :) Matt Marc Catuogno wrote: Matt – thanks again.  I can’

Re: [Declude.Virus] Blank folding vulnerablity help

immediate use, and I am willing to wait a bit longer so that a period of stability can be established before I make the jump. Matt Marc Catuogno wrote: So since I am running 1.82 I can either allow all vulnerabilities or not… I have been putting off upgrading till IMAIL a

Re: [Declude.Virus] Blank folding vulnerablity help

ALLOWVULNERABILITIESFROM came in 2.0.  They never documented ALLOWVULNERABILITY in the release notes, but I know it works in 2.0.6.14 and higher.  I think it came along somewhere after 2.0.6.0 Matt Marc Catuogno wrote: Matt thank you – What version of Declude is needed for

Re: [Declude.Virus] Blank folding vulnerablity help

ingle address using the following line in your Virus.cfg: ALLOWVULNERABILITIESFROM   [EMAIL PROTECTED] Matt Marc Catuogno wrote: Somebody is sending e-mail that must get through (of course) and it is failing the blank folding Vulnerability test.  What can I tell this person they s

Re: [Declude.Virus] Feature request: DELETEVIRUSNAME

f the modified one to be used with COPYFILE, please voice your opinions.  I can't understand how the modified Q file is useful at all, so I believe the behavior should be changed entirely instead of adding a switch and further complicating the code.  This essentially would make it just like HOLD, but n

Re: [Declude.Virus] Feature request: DELETEVIRUSNAME

Sorry.  If you add the following directive to your Global.cfg it will:     COPYFILEACTIONWITHHEADERS    ON This was introduced somewhere in the 2.x series.  It's a very useful tweak for me. Matt Scott Fisher wrote: COPYFILE does not add any Declude he

Re: [Declude.Virus] Feature request: DELETEVIRUSNAME

Correction.  COPYFILE wouldn't work with HOLD, so you would need to ROUTETO null. Matt Matt wrote: Dan, You might try COPYFILE which is essentially HOLD, but it adds the Declude headers to the messages.  COPYFILE won't block the E-mail however, so you might want to eith

Re: [Declude.Virus] Feature request: DELETEVIRUSNAME

ether or not the COPYFILE action happens before or after virus scanning with AVAFTERJM    ON, so that would need to be verified, but it might be a good workaround if this is a problem. Matt Dan Horne wrote: IIRC, the HOLD action was where the risk came in. Messages that are held by Declude

Re: [Declude.Virus] Feature request: DELETEVIRUSNAME

tance, one could use the HEADER action or WARN action to tag the headers and then use IMail rules to move these messages into a special folder or delete them from the spam capture accounts if that was preferred. Would people agree that this is accurate? Matt Darrell ([EMAIL PROTECTED]) wrote:

Re: [Declude.Virus] Feature request: DELETEVIRUSNAME automagic

I thought that AV false positives can occur with definitions for known virus names.  In other words, if a message gets tagged as Bagle, it might be legit 0.1% of the time.  So would this really be a complete solution? Matt Colbeck, Andrew wrote: Markus would find this handy (as

Re: [Declude.Virus] Feature request: DELETEVIRUSNAME

messages, ROUTETO about 10%, and deliver about 20%.  I would like to save on scanning what I would otherwise be deleting with JunkMail. Matt Keith Johnson wrote: Markus, However, Darrell mentioned that the AV scanner still runs once action is taking agains the SPAM message (i.e. routeto

Re: [Declude.Virus] AVAFTERJM -> was Feature request: DELETEVIRUSNAME

on servers thus far and it is dragging out my growth.  The savings for me would be huge. If I am wrong about the behavior of AVAFTERJM, please point out my mistakes. Matt Colbeck, Andrew wrote: Do you mean this script on my disk who creates one hour each day with 100% CPU usage?

Re: [Declude.Virus] New Virus?

l are sent to local accounts, you can't make a good argument for changes there. Matt Colbeck, Andrew wrote: I agree completely.   I use the postmaster notification only, so only internal notifications happen.  I use the FORGINGVIRUS statements to limit what we have to see.  

Re: [Declude.Virus] New Virus?

tifying them for fear of creating backscatter. Matt Colbeck, Andrew wrote: A kapser was detected on my F-Prot based system today. I'm attaching the output of the scan from virustotal.com for your interest. I also scanned it with my TrendMicro which detects it by a different name: http://

Re: [Declude.Virus] Sober.z

.  Another good reason for using two scanners. Matt Colbeck, Andrew wrote: Easy way to check if your Declude Junkamil is catching your viruses. Check for the subject lines and see if you held those messages (or whatever you do with your spam). I just sorted out the subject lines for the sober.

Re: [Declude.Virus] AVG

and price. Matt Dean Lawrence wrote: Thanks Matt,   I'm in a similar situation where this server is not part of my internal network so the only people who would connect to it would be myself and a couple of clients via FTP. I do have a couple of web apps for recruiting clients where t

Re: [Declude.Virus] AVG

nd clients.  Symantec Corporate is a killer desktop solution because of the manageability, and if you go that direction, I would put a different vendor on the servers just so you have the protection of two completely separate solutions. Matt Dean Lawrence wrote: Thanks Scott,   So the Symant

Re: [Declude.Virus] Stranger... about imail1.exe be hijacked.

are seeing is about. I'm thinking that it might be inaccurate. I don't know though, but the best solution if you are concerned about security is to install a hardware based firewall which could be a device that calls itself a firewall or just a router that can block ports as described

Re: [Declude.Virus] Stranger... about imail1.exe be hijacked.

. It's just not worth it. At the same time, you might want to check what the current recommended command line should be for your virus scanner(s) since there have been some changes in the last year that could result in missed viruses if you haven't updated your command line

Re: [Declude.Virus] Stranger... about imail1.exe be hijacked.

y get hacked again. Matt Crejob.com wrote: Actually imail1.exe created several blank account in my system, like t, te, tech, etc. these accounts show up in registry and webmail admin page, but in Imail admin and real users folder, there is no such accounts. In the registry, these forged account

Re: [Declude.Virus] New Virus Strain Pounding my systems

McAfee is detecting this currently as W32/[EMAIL PROTECTED] F-Prot is still missing it. My first hit was at 2:08 p.m. EST, just 40 minutes ago and McAfee seems to have had this one tagged prior to the outbreak starting since none have slipped through yet. Matt Rick Davidson wrote: heads

Re: [Declude.Virus] Second scanner

that thread where Clam-AV in daemon mode was tested and found to be a very close second to F-Prot. Matt John Carter wrote: This raises a question(s): Has anyone done any real testing of which AVs (in relation to Declude) perform the best, use the least resources, what is the best scanning order

Re: [Declude.Virus] Second scanner

tilization went up by almost 50%, so this isn't recommended unless you have plenty of head room. For details of my tests on the scanners:     http://www.mail-archive.com/declude.virus@declude.com/msg09001.html Matt John Carter wrote: This raises a question(s): Has anyone done any real t

Re: [Declude.Virus] Update your f-prot definition files now!

Our system shows the first of these new Bagel varients hit us at 6:11 a.m. EST and the last to come through without being blocked by the virus scanner was at 9:12 a.m.  The volume was rather heavy. Matt Panda Consulting S.A. Luis Alberto Arango wrote: There is a new virus I received

Re: [Declude.Virus] Blast of zips coming in

that these are mostly clean IP's and they come from all over the place. Matt John Carter wrote: We are currently getting hit with a blast of emails with ZIP attachments. They are showing clean, at least with F-Prot and ClamAV under Declude, plus a manual scan by Trend Micro. They fak

Re: [Declude.Virus] 3.0.5.10

Since this appears to be the beginnings of a "me too" thread...me too! Matt Scott Fisher wrote: I would consider 3.0.5.10/11 interim releases... Scott would never have documented them. I too would like to see the release notes updated with each and every version... but it

Re: [Declude.Virus] New variant as of 15 minutes ago

exploitable as a relay (plenty of others like Yahoo and HotMail also should share some blame for lax procedures). I have one thing to add however.  This one came from gmx.net as well as gmx.de. Matt John T (Lists) wrote: Matt, what is the payload inside the zip?   John T

[Declude.Virus] New variant as of 15 minutes ago

Same servers, but this time it has a Regis.info.zip attachment and the subject is "Registration Confirmation". Basically I converted to blocking any zips below 200 KB that come from these providers with some filtering and it seems to be working. Matt

Re: [Declude.Virus] Possible new virus

s the cake.  This virus was designed to not only get past virus scanners, but also spam blocking.  I haven't seen any other viruses that have done anything to mask their true source like this one does. Matt Darin Cox wrote: We're seeing a lot of emails with pword_change.zip

Re: [Declude.Virus] AVAFTERJM ?

ode a custom filter that whitelists with a HEADERS WHITELIST STARTSWITH X-Reprocess: Reprocessed Matt David Sullivan wrote: Matt, Is it possible to call declude.exe with the path to another folder containing the Q/D? M> The one issue with calling declude.exe directly is that y

Re: [Declude.Virus] AVAFTERJM ?

*.smd file back into the spool and then calling the Q*.smd file from where ever you were storing it (using the COPYFILE operative I presume). Matt David Sullivan wrote: Friday, September 23, 2005, 12:17:32 PM, you wrote: M> You could write something to the message that Declude JunkMail

Re: [Declude.Virus] Admin - Please unsubscribe me

Don and Jim, I believe this is an issue with IMail's listserv functionality.  I believe that it desires a plain text response.  Try sending the commands in a plain text message. Matt Don Duffy wrote: Jim, If you figure how to get off of this list, please let me know. I must

Re: [Declude.Virus] AVAFTERJM ?

, however it would be whitelisted in JunkMail if you followed that procedure. Matt David Sullivan wrote: Thursday, September 22, 2005, 9:01:37 AM, you wrote: Dsic> "AVAFTERJM ON" goes in the virus.cfg file and it makes AV run after JM as Dsic> you suspected. Several of us run t

Re: [Declude.Virus] Seemingly bad virus this morning

Oops, McAfee just slipped.  Since 1:09 p.m. EST on my system we received 52 undetected zips (just over an hour).  We caught these all with a custom filter. Matt Colbeck, Andrew wrote: FYI, Kaspersky reports that they're now up to something like 20 new variants of Bagle be

Re: [Declude.Virus] Seemingly bad virus this morning

I can confirm that F-Prot was again missing the Bagle zips this morning, however McAfee seems to have caught every one of them with a generic Bagle definition unlike yesterday.  As of 2 p.m., F-Prot was still missing these Bagles. Matt Colbeck, Andrew wrote: FYI, Kaspersky reports

Re: [Declude.Virus] blocking eml and msg attachments

only slightly faster as far as the stats go, but I don't think that makes a difference.  Maybe the newer versions do things differently.  I would doubt that the developers would accept a noticeable slowdown in a final version. Matt Darin Cox wrote: According to the Thunderbird we

Re: [Declude.Virus] blocking eml and msg attachments

llowing an initial setup?  Maybe you could be more specific about the speed issues. Matt Darin Cox wrote: Just loaded it (1.5.1 beta).  Seems to be almost identical to OE for the way I use it...except slower.  Speed is one of the reasons I use OE instead of Outlook. :

Re: [Declude.Virus] blocking eml and msg attachments

, and there's none of that magic stuff that hides important things from you the way that Outlook does.  And of course hardly any known vulnerabilities for auto-execution. Matt Darin Cox wrote: Plain text would be my preference as well, to see headers and message at once.

Re: [Declude.Virus] blocking eml and msg attachments

whether or not is is better to see the plain text source or the rendered message.  I guess I am used to seeing the plain text and it is easier for me to figure out what the rule matched that way without a Ctrl+U to view the source (shortcut in Thunderbird/Netscape). Matt Darin Cox wrote: Yep.

Re: [Declude.Virus] blocking eml and msg attachemtns

2KpUL1RB0HvAwHkjnWBxSjktz5AAx9+FI0pt2FCYVCyxgqPwuQgRDvin+9z0HIrTTxghW65eDDJIBe1hVdTpXjPtmzx10flMzfpx QXybsZCfrZjl0VjVItdi+wflODDvEBIwXsI0c4OxQRiKEsAY/MQXHuRnIeExqF8NZUWFIjkO+S3TDjEMLpDBx+KEZie4IihtKBBGpVha7xVZwGGhhlOwlOhw4Jg+VwGa2ig Matt Darin Cox wrote: With Declude 1.82, we haven't had any troubl

Re: [Declude.Virus] Seemingly bad virus this morning

Makes sense. Matt Colbeck, Andrew wrote: A very basic:   wget -N http://download.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip   was not working when Scott (and then I) tried it.  But it does now, including with the -O parameter.  I'd hazard a

Re: [Declude.Virus] Seemingly bad virus this morning

): C:\Progra~1\wget\wget --limit-rate=1000k --progress=dot -t 3 -N -P C:\Progra~1\McAfee\update\ http://download.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip Matt Scott Fisher wrote: -Matt,   Does the wget -N command work for you with Mcafee. I also use the -

Re: [Declude.Virus] Seemingly bad virus this morning

d.nai.com/products/mcafee-avert/beta_packages/win_netware_betadat.zip 2>&1 | find "100%%" IF ERRORLEVEL 1 GOTO END C:\Progra~1\WinZip\wzunzip -ybc C:\Progra~1\McAfee\update\win_netware_betadat.zip C:\Progra~1\McAfee\   :END ENDLOCAL Matt Markus Gufler wrote: attached

Re: [Declude.Virus] McAfee DailyDAT download location change.

u have to weigh that against the possibility of losing E-mail. I would recommend the HTTP link that Scott provided unless the beta DAT's are available over FTP. Matt William Stillwell wrote: The Proper method to update the dat would be to pull the "ini" file   http://dow

Re: [Declude.Virus] McAfee DailyDAT download location change.

ripts linked to or contained on the Declude site for McAfee updates.  You will want to change those before anyone new adds it in to their system. Thanks, Matt David Barker wrote: I have been monitoring everything that has been said and I agree -  there is a place I had setup on the front

Re: [Declude.Virus] McAfee DailyDAT download location change.

you provided and it does in fact work just great...so far :) Thanks, Matt Scott Fisher wrote: Great catch Matt. Mine's gone too since August 2 Thank you Declude for multiple virus scanner option.   Try: http://download.nai.com/products/mcafee-avert/beta_pac

Re: [Declude.Virus] Seemingly bad virus this morning

i.com/products/mcafee-avert/daily_dats/DailyDAT.zip. Thanks, Matt John Tolmachoff (Lists) wrote: OK, so it is cpl file, which we should all have in our list of banned extensions including banned if within a zip file, so we should all be safe, correct? John T eServices Fo

[Declude.Virus] Seemingly bad virus this morning

Here's a quick filter that I had put together for it: HEADERSENDNOTCONTAINSboundary=" BODYENDNOTCONTAINSattachment; filename=" BODYENDNOTCONTAINS.zip" Content-Transfer-Encoding BODY15CONTAINS price Matt

Re: [Declude.Virus] Sudden Internet Slowdown

That's just the Windows version :) Matt Darin Cox wrote: I thought it was rebooted every night around 3 am ET... Darin. - Original Message - From: "Scott Fisher" <[EMAIL PROTECTED]> To: Sent: Friday, September 09, 2005 12:01 PM Subject: Re: [Declude.V

Re: [Declude.Virus] Sudden Internet Slowdown

Maybe someone should reboot the Internet. Matt Keith Johnson wrote: I am seeing this as we attempting to get to certain websites and they can't be displayed. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rodney Bertsch Sent: F

Re: [Declude.Virus] OT - Server Room Temperature

maybe not.  Ever wonder why good backup software costs more than the OS? Matt Doug Traylor wrote: I agree that the room should be much cooler, I hate coming in on the weekends here, but the management has an "if it ain't broke don't fix it" attitude and point out t

Re: [Declude.Virus] OT - Server Room Temperature

temp that I would want to see.  If my colo was over 75F, I would definitely complain.  The guy next to me with 25 TB's of 15,000 RPM SCSI drives would probably complain louder :) Matt Doug Traylor wrote: We just looked at the operating spec of our servers from the Manufacturer

  1   2   3   4   >