[Declude.Virus] Time to line up
OK, everyone get out your wet noodles. Don't let Len know. :( John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Outlook-CR vulnerability
I will do - virtually *every* instance I've seen so far has been legitimate email. At 10:11 AM 4/16/2002, John Tolmachoff wrote: From what Scott Perry has said before is that he has not seen any legitimate e-mail with the CR vulnerability. If you do have evidence of legitimate e-mail that does have the CR vulnerability, you might want to forward those examples directly to him so he can review them. John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott MacLean Sent: Tuesday, April 16, 2002 5:11 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Outlook-CR vulnerability Might I make this suggestion for detecting the Outlook-CR vulnerability, to try to attempt to reduce the false positives (which seem to be close to 100% at this point): Whenever a CR without a LF is seen, check the message header to see if a BEGIN ... is actually enclosed within it, indicating that a payload actually exists. If not, perhaps a different notification could be made, so we can determine whether to simply warn, or quarantine based on the analysis. Right now, I've had to turn off the Outlook-CR check altogether, because of too many complaints from users who are getting virus warnings (as well as their senders) instead of their valid, non-infected, albeit header-munged messages. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
[Declude.Virus] f-prot question
upgrading to a new mailserver tonight i wonder what about f-prot for windows with command line is it working the same way with declude or is there anythig i should look up for ? Benny
RE: [Declude.Virus] f-Prot question
You should only be using the DOS version with Declude. Have you used F-Prot before? Have you used Declude Virus before? http://www.declude.com/virus/manual.htm Also, search the archives: http://www.mail-archive.com/declude.virus%40declude.com/ John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Visual Web Norge Sent: Tuesday, April 16, 2002 9:22 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] f-prot question upgrading to a new mailserver tonight i wonder what about f-prot for windows with command line is it working the same way with declude or is there anythig i should look up for ? Benny
Re: [Declude.Virus] f-Prot question
You caninstall the windows version. Declude uses the command line tools from it. Or you can use the dos version like John said. The command line switches are in the manual page that John sent. Dean Chan Operations Manager Entredea Inc. - Original Message - From: John Tolmachoff To: [EMAIL PROTECTED] Sent: Tuesday, April 16, 2002 1:29 PM Subject: RE: [Declude.Virus] f-Prot question You should only be using the DOS version with Declude. Have you used F-Prot before? Have you used Declude Virus before? http://www.declude.com/virus/manual.htm Also, search the archives: http://www.mail-archive.com/declude.virus%40declude.com/ John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Visual Web NorgeSent: Tuesday, April 16, 2002 9:22 AMTo: [EMAIL PROTECTED]Subject: [Declude.Virus] f-prot question upgrading to a new mailserver tonight i wonder what about f-prot for windows with command line is it working the same way with declude or is there anythig i should look up for ? Benny
Re: [Declude.Virus] f-Prot question
The f-prot for windows version works fine (unselect realtime scanning) just like the manual says. It includes an automatic updater for virus defs. - Original Message - From: John Tolmachoff To: [EMAIL PROTECTED] Sent: Tuesday, April 16, 2002 1:29 PM Subject: RE: [Declude.Virus] f-Prot question You should only be using the DOS version with Declude. Have you used F-Prot before? Have you used Declude Virus before? http://www.declude.com/virus/manual.htm Also, search the archives: http://www.mail-archive.com/declude.virus%40declude.com/ John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Visual Web NorgeSent: Tuesday, April 16, 2002 9:22 AMTo: [EMAIL PROTECTED]Subject: [Declude.Virus] f-prot question upgrading to a new mailserver tonight i wonder what about f-prot for windows with command line is it working the same way with declude or is there anythig i should look up for ? Benny
RE: [Declude.Virus] f-Prot question
yeah i akready have those was just curios about the windows updater would work -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dean ChanSent: 16. april 2002 19:39To: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] f-Prot question You caninstall the windows version. Declude uses the command line tools from it. Or you can use the dos version like John said. The command line switches are in the manual page that John sent. Dean Chan Operations Manager Entredea Inc. - Original Message - From: John Tolmachoff To: [EMAIL PROTECTED] Sent: Tuesday, April 16, 2002 1:29 PM Subject: RE: [Declude.Virus] f-Prot question You should only be using the DOS version with Declude. Have you used F-Prot before? Have you used Declude Virus before? http://www.declude.com/virus/manual.htm Also, search the archives: http://www.mail-archive.com/declude.virus%40declude.com/ John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Visual Web NorgeSent: Tuesday, April 16, 2002 9:22 AMTo: [EMAIL PROTECTED]Subject: [Declude.Virus] f-prot question upgrading to a new mailserver tonight i wonder what about f-prot for windows with command line is it working the same way with declude or is there anythig i should look up for ? Benny
RE: [Declude.Virus] f-Prot question
Trying her because the Imail people couldn't or wouldn't give me any answers I have an imail server with unlimited users and this looks like it has reached the limit. So firstI have upgraded to a faster server, but then I am not sure what to choose here, either a peeirng server based on Imails description or a backup mail spooler also based on there descpition. What i do want is the speed of receiving mail to the server increased but I don't want do loose the safety of using declude. In the last case using it as a backup spooler whould itthen be usefull with Imail or should i go for somethin else ? Benny -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Visual Web NorgeSent: 16. april 2002 19:50To: [EMAIL PROTECTED]Subject: RE: [Declude.Virus] f-Prot question yeah i akready have those was just curios about the windows updater would work -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dean ChanSent: 16. april 2002 19:39To: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] f-Prot question You caninstall the windows version. Declude uses the command line tools from it. Or you can use the dos version like John said. The command line switches are in the manual page that John sent. Dean Chan Operations Manager Entredea Inc. - Original Message - From: John Tolmachoff To: [EMAIL PROTECTED] Sent: Tuesday, April 16, 2002 1:29 PM Subject: RE: [Declude.Virus] f-Prot question You should only be using the DOS version with Declude. Have you used F-Prot before? Have you used Declude Virus before? http://www.declude.com/virus/manual.htm Also, search the archives: http://www.mail-archive.com/declude.virus%40declude.com/ John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Visual Web NorgeSent: Tuesday, April 16, 2002 9:22 AMTo: [EMAIL PROTECTED]Subject: [Declude.Virus] f-prot question upgrading to a new mailserver tonight i wonder what about f-prot for windows with command line is it working the same way with declude or is there anythig i should look up for ? Benny
RE: [Declude.Virus] f-Prot question
I have an imail server with unlimited users and this looks like it has reached the limit. So first I have upgraded to a faster server, but then I am not sure what to choose here, either a peeirng server based on Imails description or a backup mail spooler also based on there descpition. What i do want is the speed of receiving mail to the server increased but I don't want do loose the safety of using declude. In the last case using it as a backup spooler whould it then be usefull with Imail or should i go for somethin else ? Not many people use peering, because nobody really seems to be able to explain the benefits of it (although you split the load between two servers, you also double the load, as 1/2 of the E-mails go to the wrong server). Have a backup (gateway) mailserver would work fine, though. Your MX record would show the IP of the gateway server, which would receive the mail and scan it, and send it to the existing mailserver (which would no longer need to scan the E-mail). Offloading the virus scanning would reduce the CPU usage of the existing server. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] f-Prot question
http://www.ipswitch.com/support/IMail/guide/imailug7/config11.html#4382 will following this guide do what you tell me below, and then the stupid question where do place the Declude for scanning the mail ? what i have today is mailserveren.com with about 5000 virtual hosts all in this pop3.domain.no correct me if im wrong I put up a second mailserver according to the link above and a new mx record for the second host. But how does declude now what to scan and what to pass through ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: 16. april 2002 22:10 To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] f-Prot question I have an imail server with unlimited users and this looks like it has reached the limit. So first I have upgraded to a faster server, but then I am not sure what to choose here, either a peeirng server based on Imails description or a backup mail spooler also based on there descpition. What i do want is the speed of receiving mail to the server increased but I don't want do loose the safety of using declude. In the last case using it as a backup spooler whould it then be usefull with Imail or should i go for somethin else ? Not many people use peering, because nobody really seems to be able to explain the benefits of it (although you split the load between two servers, you also double the load, as 1/2 of the E-mails go to the wrong server). Have a backup (gateway) mailserver would work fine, though. Your MX record would show the IP of the gateway server, which would receive the mail and scan it, and send it to the existing mailserver (which would no longer need to scan the E-mail). Offloading the virus scanning would reduce the CPU usage of the existing server. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] f-Prot question
http://www.ipswitch.com/support/IMail/guide/imailug7/config11.html#4382 will following this guide do what you tell me below, Yes. Following that setup, the server will act as a gateway (which is almost identical to acting as a backup server). and then the stupid question where do place the Declude for scanning the mail ? You would switch Declude to the gateway server (the new one). mailserveren.com with about 5000 virtual hosts all in this pop3.domain.no correct me if im wrong I put up a second mailserver according to the link above and a new mx record for the second host. But how does declude now what to scan and what to pass through ? Declude will work the same as it does now on the existing server, scanning all E-mail by default. The only difference is that with the gateway server, Declude will see all the mail as outgoing (since none of it is stored on the gateway server). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] f-Prot question
But if my my primary mailserver are up and responding it will never reach the second ? or are there something here i don't see -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: 16. april 2002 22:27 To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] f-Prot question http://www.ipswitch.com/support/IMail/guide/imailug7/config11.html#4382 will following this guide do what you tell me below, Yes. Following that setup, the server will act as a gateway (which is almost identical to acting as a backup server). and then the stupid question where do place the Declude for scanning the mail ? You would switch Declude to the gateway server (the new one). mailserveren.com with about 5000 virtual hosts all in this pop3.domain.no correct me if im wrong I put up a second mailserver according to the link above and a new mx record for the second host. But how does declude now what to scan and what to pass through ? Declude will work the same as it does now on the existing server, scanning all E-mail by default. The only difference is that with the gateway server, Declude will see all the mail as outgoing (since none of it is stored on the gateway server). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] f-Prot question
But if my my primary mailserver are up and responding it will never reach the second ? or are there something here i don't see What you do is you have the DNS set up so that the MX record points to the new gateway server, instead of the existing server. For example, if you now have: example.com.MX 10 mail.example.com. mail.example.com. A 127.0.0.2 You would change it to: example.com.MX 10 gateway.example.com. mail.example.com. A 127.0.0.2 gateway.example.com A 127.0.0.3 That way, all mail will go to the gateway server. The gateway server then scans the mail, and sends it to the existing mailserver. By keeping the existing mail.example.com A record, people with mail clients set to connect to mail.example.com will still connect to the existing mailserver, so they can get their mail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] f-Prot question
in this exampel will all outgoing mail allso be scanned ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: 16. april 2002 22:27 To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] f-Prot question http://www.ipswitch.com/support/IMail/guide/imailug7/config11.html#4382 will following this guide do what you tell me below, Yes. Following that setup, the server will act as a gateway (which is almost identical to acting as a backup server). and then the stupid question where do place the Declude for scanning the mail ? You would switch Declude to the gateway server (the new one). mailserveren.com with about 5000 virtual hosts all in this pop3.domain.no correct me if im wrong I put up a second mailserver according to the link above and a new mx record for the second host. But how does declude now what to scan and what to pass through ? Declude will work the same as it does now on the existing server, scanning all E-mail by default. The only difference is that with the gateway server, Declude will see all the mail as outgoing (since none of it is stored on the gateway server). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] f-Prot question
ok -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: 16. april 2002 23:01 To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] f-Prot question in this exampel will all outgoing mail allso be scanned ? When you run a gateway, all mail will be scanned by default. All the E-mail will be treated as outgoing mail, which would mean that you could not use the settings to scan just incoming or just outgoing mail. By default, all E-mail will be scanned. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .