RE: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS Fizzer
I knew I should have done that. Also, I just realized that this is the wrong forum for Declude Virus. My bad. Oh, well. I'm sure others are anxiously anticipaing the outcome of this issue at this point. ;) Everything in the file looks fine. Are you sure that it is this file (sender.eml, with the subject "WARNING: YOU MAY HAVE A VIRUS") that is being sent out, as opposed to the otherpostmaster.eml or one of the other files? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS Fizzer
>Open your sender.eml with notepad, then copy and paste into a new text >document. >Outlook treats this as an attached e-mail and messes with it. >John Tolmachoff MCSE CSSA I knew I should have done that. Also, I just realized that this is the wrong forum for Declude Virus. My bad. Oh, well. I'm sure others are anxiously anticipaing the outcome of this issue at this point. ;) Here's the text file. SKIPIFVIRUSNAMEHAS Fizzer SKIPIFVIRUSNAMEHAS Yaha SKIPIFVIRUSNAMEHAS Lentin SKIPIFVIRUSNAMEHAS Magistr SKIPIFVIRUSNAMEHAS Klez SKIPIFVIRUSNAMEHAS Vulnerability SKIPIFVIRUSNAMEHAS Bugbear SKIPIFVIRUSNAMEHAS Bridex SKIPIFVIRUSNAMEHAS Braid SKIPIFVIRUSNAMEHAS Sobig SKIPIFVIRUSNAMEHAS Palyh From: [EMAIL PROTECTED] To: %MAILFROM% Subject: WARNING: YOU MAY HAVE A VIRUS The Declude Virus software on %LOCALHOST% has reported that you sent an E-mail to %ALLRECIPS%, containing the %VIRUSNAME% virus in the %VIRUSFILE% attachment. The subject of the E-mail was "%SUBJECT%". The E-mail containing the virus has been quarantined to prevent further damage. NOTE: Sender information is easily forged, so while the email containing the virus purportedly was sent by you, it may not actually have come from you, in which case we apologize for this notification. Headers Follow: %HEADERS%
RE: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS Fizzer
Open your sender.eml with notepad, then copy and paste into a new text document. Outlook treats this as an attached e-mail and messes with it. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Mike Gable > Sent: Monday, September 15, 2003 6:02 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS Fizzer > > I know those rules, but I don't percieve it to be the case. I've enclosed > the sender.eml, if you would please take a look at it. > > Thanks. > > -Mike > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry > Sent: Monday, September 15, 2003 10:17 AM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS Fizzer > > > > >I have this line in my sender.eml file: > > > >SKIPIFVIRUSNAMEHAS Fizzer > > > >However, The sender notice is still being sent and starts off like this: > > This would be more appropriate in the Declude Virus list. > > In this case, the problem is most likely that either [1] There is more than > one space or tab on the line, or [2] There is a blank line between that > line and the body of the E-mail. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask about our free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS Fizzer
I know those rules, but I don't percieve it to be the case. I've enclosed the sender.eml, if you would please take a look at it. Thanks. -Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, September 15, 2003 10:17 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS Fizzer >I have this line in my sender.eml file: > >SKIPIFVIRUSNAMEHAS Fizzer > >However, The sender notice is still being sent and starts off like this: This would be more appropriate in the Declude Virus list. In this case, the problem is most likely that either [1] There is more than one space or tab on the line, or [2] There is a blank line between that line and the body of the E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- Begin Message --- The Declude Virus software on %LOCALHOST% has reported that you sent an E-mail to %ALLRECIPS%, containing the %VIRUSNAME% virus in the %VIRUSFILE% attachment. The subject of the E-mail was "%SUBJECT%". The E-mail containing the virus has been quarantined to prevent further damage. NOTE: Sender information is easily forged, so while the email containing the virus purportedly was sent by you, it may not actually have come from you, in which case we apologize for this notification. Headers Follow: %HEADERS% --- End Message ---
Re: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS Fizzer
I have this line in my sender.eml file: SKIPIFVIRUSNAMEHAS Fizzer However, The sender notice is still being sent and starts off like this: This would be more appropriate in the Declude Virus list. In this case, the problem is most likely that either [1] There is more than one space or tab on the line, or [2] There is a blank line between that line and the body of the E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS
> I decided against notifying the recipient for Vulnerabilities. Apparently, > vulnerabilities are essentially spam - and notifying the recipient would > mean that they end up getting an unwanted message after all. In my experience, that is true 98% of the time. That 2% percent though can cause problems. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS
> I decided against notifying the recipient for > Vulnerabilities. Apparently, vulnerabilities are essentially > spam - and notifying the recipient would mean that they end > up getting an unwanted message after all. Yes. We've had this also until setting the AVAFTERJM option in the global.cfg file. Now we have to double check any FP before we requeue it, but this is not a real problem, because usually we've one single fp/day and if there is no file attached... Would be nice to have something to guarantee that a requeued fp-spam-message will be scanned for viruses. Something like a special /spamrequeue-folder So declude could check if there is something to requeue when it's called the next and scan it for viruses. This will also fasten up the delivery of the requeued message (depending on Imail's queue-time settings) Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS
I decided against notifying the recipient for Vulnerabilities. Apparently, vulnerabilities are essentially spam - and notifying the recipient would mean that they end up getting an unwanted message after all. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Saturday, June 14, 2003 03:33 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS > I have seen it discussed as something some wanted, but I never saw anything > talking about being able to use a vulnerability.eml file in a release > of Declude. I tried searching the archives but "vulnerability.eml" > actually shows every email with "vulnerability" in it which is a lot > of mail. Also I > didn't see anything on declude.com/Virus/manual.htm about it. > > Is this in 1.70beta ? Is it new? It is not new, but included as of about 1.65 I think. I use it quite successfully. Here is my vulnerability.eml file: ___ SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability From: [EMAIL PROTECTED] To: %ALLRECIPS%,[EMAIL PROTECTED] Subject: We blocked an e-mail sent to you! Delivery blocked: %ALLRECIPS% The mail server for %LOCALHOST% scans each e-mail for Viruses, SPAM (Junk Mail) and e-mail vulnerabilities. We caught an e-mail addressed to you that is formatted with %VIRUSNAME%, and have quarantined it for your protection. If you recognize the below information as a valid e-mail that you want or should have received, please let us know. Otherwise, the e-mail will be deleted after 3 days. FROM: %MAILFROM% TO: %ALLRECIPS% SUBJECT: %SUBJECT% Remote IP: %REMOTEIP% DATE: %DATE% @ %TIME% SPOOL FILE: %QUEUENAME% Headers of the e-mail in question: %HEADERS% ___ John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS
> I have seen it discussed as something some wanted, but I never saw anything > talking about being able to use a vulnerability.eml file in a release of > Declude. I tried searching the archives but "vulnerability.eml" actually > shows every email with "vulnerability" in it which is a lot of mail. Also I > didn't see anything on declude.com/Virus/manual.htm about it. > > Is this in 1.70beta ? Is it new? It is not new, but included as of about 1.65 I think. I use it quite successfully. Here is my vulnerability.eml file: ___ SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability From: [EMAIL PROTECTED] To: %ALLRECIPS%,[EMAIL PROTECTED] Subject: We blocked an e-mail sent to you! Delivery blocked: %ALLRECIPS% The mail server for %LOCALHOST% scans each e-mail for Viruses, SPAM (Junk Mail) and e-mail vulnerabilities. We caught an e-mail addressed to you that is formatted with %VIRUSNAME%, and have quarantined it for your protection. If you recognize the below information as a valid e-mail that you want or should have received, please let us know. Otherwise, the e-mail will be deleted after 3 days. FROM: %MAILFROM% TO: %ALLRECIPS% SUBJECT: %SUBJECT% Remote IP: %REMOTEIP% DATE: %DATE% @ %TIME% SPOOL FILE: %QUEUENAME% Headers of the e-mail in question: %HEADERS% ___ John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS
>> At the moment I can't find any other virusname to skip. >> >> For the recip.eml I've set >> SKIPIFVIRUSNAMEHAS Vulnerability >> >> And I've creted a new vulnerability.eml with >> SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability >> >> So I can send out two different warnings for a real virus and a >> vulnerability warning. I have seen it discussed as something some wanted, but I never saw anything talking about being able to use a vulnerability.eml file in a release of Declude. I tried searching the archives but "vulnerability.eml" actually shows every email with "vulnerability" in it which is a lot of mail. Also I didn't see anything on declude.com/Virus/manual.htm about it. Is this in 1.70beta ? Is it new? -Josh --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS
> At the moment I can't find any other virusname to skip. > > For the recip.eml I've set > SKIPIFVIRUSNAMEHAS Vulnerability > > And I've creted a new vulnerability.eml with > SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability > > So I can send out two different warnings for a real virus and a > vulnerability warning. Same here. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SKIPIFVIRUSNAMEHAS
> And I have nothing for the recip.eml file, so I would like > suggestions on that one as well. (I screwed up earlier in the > week and deleted them all... I should know better than to do > work when I have the flu...). At the moment I can't find any other virusname to skip. For the recip.eml I've set SKIPIFVIRUSNAMEHAS Vulnerability And I've creted a new vulnerability.eml with SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability So I can send out two different warnings for a real virus and a vulnerability warning. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
