Re: [Declude.Virus] Which scanner caught it??
When we are running two scanners, is there a way to know which one caught a particular virus? And if knowing that one caught more than the other, would there be an advantage of placing it first in the sequence? If you use LOGLEVEL MID, you'll see in the logs which scanner detected the virus. The order in which they are run shouldn't matter, as far as Declude Virus is concerned -- just so long as one or both catch the virus, the E-mail will be quarantined. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] change in logs info with 1.64
Scott, you'll have to start signing as J. Scott Perry to qualify in our new secret society. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Carter Sent: Friday, 06 December 2002 3:14 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] change in logs info with 1.64 Only as long as Scott is a member. John C John Tolmachoff wrote: It's getting very nearly time to start the declude.john list. LOL. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Update the Updater?
Declude Beta updated to Version 160 That's the email I just got from my declude updater. It was set to beta. Is there an update for the updater? Thanks, Doug --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Which scanner caught it??
Duh. I see now. Interesting - in this one (below) Scanner 1 (F-Prot) reported Lentin and Scanner 2 (McAfee) says Yaha. I see what you mean now about no advantage of order of scanner. I was kinda wondering if scanner 1 found something, whether it invoked the second scanner or just went ahead and handled the virus processing. Would that speed things up any (skipping #2 if #1 found a virus)? TGIF Thanks, John 12/06/2002 11:11:03 Qda0e4a6301ee7871 Outlook 'MIME Header' Vulnerability: type=audio/x-wav, name=friendscr.scr. 12/06/2002 11:11:04 Qda0e4a6301ee7871 Scanner 1: Virus=: W32/Lentin.F@mm Attachment=friendscr.scr [1] I 12/06/2002 11:11:04 Qda0e4a6301ee7871 Scanner 2: Virus= the W32/Yaha.g@MM virus !!! Attachment=friendscr.scr [1] I 12/06/2002 11:11:04 Qda0e4a6301ee7871 File(s) are INFECTED [13] 12/06/2002 11:11:04 Qda0e4a6301ee7871 Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 2 29617] 12/06/2002 11:11:04 Qda0e4a6301ee7871 From: [EMAIL PROTECTED] To: ***@jcjc.edu 12/06/2002 11:11:04 Qda0e4a6301ee7871 Subject: Fw: Wonderfool stuff to ur friends R. Scott Perry wrote: When we are running two scanners, is there a way to know which one caught a particular virus? And if knowing that one caught more than the other, would there be an advantage of placing it first in the sequence? If you use LOGLEVEL MID, you'll see in the logs which scanner detected the virus. The order in which they are run shouldn't matter, as far as Declude Virus is concerned -- just so long as one or both catch the virus, the E-mail will be quarantined. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Which scanner caught it??
Duh. I see now. Interesting - in this one (below) Scanner 1 (F-Prot) reported Lentin and Scanner 2 (McAfee) says Yaha. I see what you mean now about no advantage of order of scanner. I was kinda wondering if scanner 1 found something, whether it invoked the second scanner or just went ahead and handled the virus processing. Would that speed things up any (skipping #2 if #1 found a virus)? There would be a very slight increase in processing speed. However, since all legitimate E-mails are scanned twice, scanning an E-mail with a virus twice doesn't add any unexpected load. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Virus Scanning Question
Title: Virus Scanning Question According to the Virus Manual (Declude) it lists the following: (for outgoing web messaging E-mails, you can have an on-access scanner scanning only the \IMail\spool\ directory). I was wondering how others were handling your users Outgoing email sent our your Server (scanning wise). Thanks for the aid... ___ Keith Johnson, MCP Network Engineer Network Advocates, Inc. Tel: 502.412.1050 Fax: 502.412.1058 Email: [EMAIL PROTECTED] Good pings come in small packets
RE: [Declude.Virus] Virus Scanning Question
I was wondering how others were handling your users Outgoing email sent our your Server (scanning wise). Being that to send a virus through web messaging, a user would have to manually add an infected file. The likely hood of that happening is pretty slim. So I don't worry about it. It is much riskier to have a virus scanner scanning the spool file than worry about a user manually attaching an infected file. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Is this safely ignored...
Title: Is this safely ignored... In the virxxx.log, I found this error. Can this be safely ignored? Warning: EOF in middle of MIME segment [] [--- ___ Keith Johnson, MCP Network Engineer Network Advocates, Inc. Tel: 502.412.1050 Fax: 502.412.1058 Email: [EMAIL PROTECTED] Good pings come in small packets