[Declude.Virus] Declude v1.48 (beta) released
We have just released Declude Virus v1.48 ( http://www.declude.com/virus/manual.htm ), a beta version. The noticeable changes include: o Detection of the Outlook Blank Folding vulnerability o An issue with ONACCESS ON setting fixed -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Declude v1.48 (beta) released
on 4/23/02 1:48 PM, R. Scott Perry wrote: We have just released Declude Virus v1.48 Scott, 1. What is the Outlook Blank Folding Vulnerability? I just saw it in my log file. 2. Does the order of SKIPVIRUSNAMEHAS and ONLYSENDIFLOCALSENDER matter in the .eml files? 3. Are there any other recent viruses, beside Klez, that arrive with a false from address that I may want to stop the virus notifications for? Thanks, Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Declude v1.48 (beta) released
1. What is the Outlook Blank Folding Vulnerability? I just saw it in my log file. That occurs when an E-mail header consists of just a single tab character, followed by a carriage return and linefeed. Outlook treats this the same as a blank line, and starts processing the headers immediately following as the message body, allowing attachments within the headers. 2. Does the order of SKIPVIRUSNAMEHAS and ONLYSENDIFLOCALSENDER matter in the .eml files? No, it does not. They should appear before the other headers (To:, From:, Subject:). 3. Are there any other recent viruses, beside Klez, that arrive with a false from address that I may want to stop the virus notifications for? I believe the Snow White virus used a return address of [EMAIL PROTECTED]; I'm not sure about others. We will try to keep a list as we hear of new ones. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Huge amount of Klez going around?
Anyone been seeing a huge amount of the Klez virus messages going around? We are a fairly small hosting company and we have had over 100 today. Usually just see around half dozen viruses a day. Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Virus sent to one user alot
I have one user who has been sent a virus about 15 times today she is getting tired of the auto coming to her. What would be the best solution be. Ban the incoming IP with Imail rules? Oh the other postmaster for the address is not responding. It is the KLEZ.H so I know it is spoofing the Address so I can't really blame him. Can I? ~Paul~ --- [This E-mail scanned for viruses by Declude Virus/McAfee] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Huge amount of Klez going around?
I just ran VirusLog Analyzer this is what I have gotten today. We have around 300 users that's it. I looked at the last 7 days and each has been pretty heavy. Scott you are DMAN! Thanks for a great product Count= 72 Virus Name= the W32/Klez.h@MM virus !!! Count= 50 Virus Name= W32/Klez.H@mm Count= 21 Virus Name= the W32/Klez.gen@MM virus !!! Count= 2Virus Name= the W32/Magistr.b@MM virus !!! Count= 2Virus Name= W32/Magistr.32768@mm Count= 1Virus Name= W32/Klez.E@mm Count= 1Virus Name= the W32/Klez.e@MM virus !!! Count= 1Virus Name= the W32/Magistr.a@MM virus !!! Count= 1Virus Name= W32/Magistr.28672@mm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Grant Griffith Sent: Tuesday, April 23, 2002 3:38 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Huge amount of Klez going around? Anyone been seeing a huge amount of the Klez virus messages going around? We are a fairly small hosting company and we have had over 100 today. Usually just see around half dozen viruses a day. Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail scanned for viruses by Declude Virus/McAfee] --- [This E-mail scanned for viruses by Declude Virus/McAfee] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Huge amount of Klez going around?
Klez seems to be HUGE today (it's been ramping up the last few days). - Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Grant Griffith Sent: Tuesday, April 23, 2002 3:38 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Huge amount of Klez going around? Anyone been seeing a huge amount of the Klez virus messages going around? We are a fairly small hosting company and we have had over 100 today. Usually just see around half dozen viruses a day. Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by http://www.intouchmi.com] --- [This E-mail was scanned for viruses by http://www.intouchmi.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Virus sent to one user allot
We don't send a message to the recipient, therefore don't have this problem. We just send a notification to the sender, which I know sometimes is spoofed, but have not had time to implement the newer features yet. :) Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul Ingram Sent: Tuesday, April 23, 2002 3:15 PM To: Declude. Virus Subject: [Declude.Virus] Virus sent to one user alot I have one user who has been sent a virus about 15 times today she is getting tired of the auto coming to her. What would be the best solution be. Ban the incoming IP with Imail rules? Oh the other postmaster for the address is not responding. It is the KLEZ.H so I know it is spoofing the Address so I can't really blame him. Can I? ~Paul~ --- [This E-mail scanned for viruses by Declude Virus/McAfee] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Huge amount of Klez.H going around?
We normally see around a dozen per day, but starting last Wednesday, it jumped to about 75-100 per day with all of the Klez.H. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Grant Griffith Sent: Tuesday, April 23, 2002 12:38 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Huge amount of Klez going around? Anyone been seeing a huge amount of the Klez virus messages going around? We are a fairly small hosting company and we have had over 100 today. Usually just see around half dozen viruses a day. Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Virus sent to one user alot
Oh the other postmaster for the address is not responding. It is the KLEZ.H so I know it is spoofing the Address so I can't really blame him. Can I? With 1.47, you can add SKIPIFVIRUSNAMEHAS Klez to the otherpostmaster.eml file, and the notification won't go to the other postmaster. As for the virus being sent to the user, you could try tracking it down. Look at the \IMail\spool\virus directory for one of the virus E-mails, and check the IP address it came from. Then, you can check your SMTP logs to see what other mail came in from that IP -- if you're lucky, you'll find the sender of the virus. Or, you could ask the customer to search through her mail for that IP (after all, it's probably someone she knows with the virus). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Huge amount of Klez going around?
Just found it myself. Just goto www.declude.com and goto the Free Web Tools. It is out there. Not sure who built it, but appears to work well. We did not have our log level set to Mid, therefore can't see anything right now, but will be able to from now on. Nice Tool! Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dustin Freeman Sent: Tuesday, April 23, 2002 3:34 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.Virus] Huge amount of Klez going around? is this part of Declude? if so how did you run that report that would be great for us! I work for an ISP around 3900 customers. I have been looking for some sort of totals for the viruses that come throuhg here Thanks Dustin -Original Message- From: Paul Ingram [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 4:11 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Huge amount of Klez going around? I just ran VirusLog Analyzer this is what I have gotten today. We have around 300 users that's it. I looked at the last 7 days and each has been pretty heavy. Scott you are DMAN! Thanks for a great product Count= 72 Virus Name= the W32/Klez.h@MM virus !!! Count= 50 Virus Name= W32/Klez.H@mm Count= 21 Virus Name= the W32/Klez.gen@MM virus !!! Count= 2Virus Name= the W32/Magistr.b@MM virus !!! Count= 2Virus Name= W32/Magistr.32768@mm Count= 1Virus Name= W32/Klez.E@mm Count= 1Virus Name= the W32/Klez.e@MM virus !!! Count= 1Virus Name= the W32/Magistr.a@MM virus !!! Count= 1Virus Name= W32/Magistr.28672@mm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Grant Griffith Sent: Tuesday, April 23, 2002 3:38 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Huge amount of Klez going around? Anyone been seeing a huge amount of the Klez virus messages going around? We are a fairly small hosting company and we have had over 100 today. Usually just see around half dozen viruses a day. Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail scanned for viruses by Declude Virus/McAfee] --- [This E-mail scanned for viruses by Declude Virus/McAfee] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
