Re: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax
I received one today. the email had NAV32.zip and in the zip file was NAV32.exe it was NOT detected as a virus by EITHER F-Prot or AVG it was however cought as spam by CBL, FIVETEN-SPAM, SPAMCOP the header of the email was Received: from c-67-164-195-92.client.comcast.net [67.164.195.92] by phcc.org (SMTPD32-8.03) id AE4F17E00F8; Tue, 07 Oct 2003 07:06:55 -0400 Message-ID: <[EMAIL PROTECTED]> Date: Tue, 7 Oct 2003 04:10:24 -0700 From: <[EMAIL PROTECTED]> Subject: ** 22. CBL, FIVETEN-SPAM, SPAMCOP, WEIGHT-F, WEIGHT20, WEIGHT202 ** Last Update. To: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--9D16FAF1684605E" X-RBL-Warning: CBL: Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=67.164.195.92 X-RBL-Warning: FIVETEN-SPAM: 92.195.164.67.blackholes.five-ten-sg.com. X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?67.164.195.92 X-Declude-Sender: [EMAIL PROTECTED] [67.164.195.92] X-Declude-Spoolname: D9e4f017e00f890ba.SMD X-In-Date: 10/07/2003 Time: 07:07:23 -0500 ET. X-Country-Chain: UNITED STATES->destination X-In-Note: This E-mail was comming into phcc.org Declude ver.1.76i5. X-In-Spam-Tests-Failed: CBL, FIVETEN-SPAM, SPAMCOP, WEIGHT-F, WEIGHT20, WEIGHT202 Total Weight= 22 x-In-Organization: DcMetroNet.com is the ISP for phcc.org X-In-Abuse: Please send abuse reports to [EMAIL PROTECTED] X-In-Note: This E-mail was sent from ([EMAIL PROTECTED]) c-67-164-195-92.client.comcast.net ([67.164.195.92]). X-In-Recips: [EMAIL PROTECTED] really [EMAIL PROTECTED] X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 349908174 Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - - Original Message - From: "Bill Naber" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 07, 2003 7:55 AM Subject: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax I just received an Email from "[EMAIL PROTECTED]" with the subject "Last Update.". The message warns of the [EMAIL PROTECTED] worm, but a search on the Symantec site shows nothing of the kind. The message has a Nav32.zip attachment that doesn't fail on either F-Prot or NAV. The message appears to have originated via an ameritech.net dsl connection and it has some grammatical errors, so I'm not doubting that it is bogus. I've only received one of these messages, but I am curious if I'm on the leading edge or if this is a very random incident. In the short run, I've put in a filter on messages from [EMAIL PROTECTED], but I'm concerned that it will use other return addresses. I've included the text from the message body and the headers below. Thanks, -Bill Naber Kitchin Hospitality, LLC === Message Body October 06, 2003 Intruder Alert 4.1 W32_Webb_Worm Policy This policy detects the propagation of the W32.SobigF.Worm through changes in the registry. [EMAIL PROTECTED] is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in various files. The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code. In attachment you can find program that update your Norton Antivirus to Norton Antivirus 2004. Message Header == Received: from horace.mail.atl.earthlink.net [207.69.200.41] by mail.jamesoninns.com with ESMTP (SMTPD32-7.15) id A328716014C; Tue, 07 Oct 2003 07:27:36 -0400 Received: from samuel.mail.atl.earthlink.net ([207.69.200.65]) by horace.mail.atl.earthlink.net with smtp (Exim 3.33 #1) id 1A6q0J-0005vx-00 for [EMAIL PROTECTED]; Tue, 07 Oct 2003 07:27:47 -0400 X-MindSpring-Loop: [EMAIL PROTECTED] Received: from adsl-68-77-24-119.dsl.emhril.ameritech.net ([68.77.24.119]) by samuel.mail.atl.earthlink.net (Earthlink Mail Service) with SMTP id 1a6Q0f2aB3Nl3pv0 for <[EMAIL PROTECTED]>; Tue, 7 Oct 2003 07:27:42 -0400 (EDT) Message-ID: <[EMAIL PROTECTED]> Date: Tue, 7 Oct 2003 04:32:14 -0700 From: <[EMAIL PROTECTED]> Subject: Last Update. To: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--9D16FAF1684605E" X-CYBERsitter-SpamManager-In: Passed - Adult: 0 (Req: 50) Spam: 12 (Req: 18) Tot: 10 (Req: 20) X-CYBERsitter-SpoolFile: Da3280716014c8c2a.SMD X-Declude-Sender: [EMAIL PROTECTED] [207.69.200.41] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: None X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 324037781 === End === --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail
RE: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax
Does anyone know if Symantec actually uses this email: [EMAIL PROTECTED] Perhaps we should block that email at Imail level for now until the patches catch up. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Baumbach Sent: Tuesday, October 07, 2003 11:41 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax I received one today. the email had NAV32.zip and in the zip file was NAV32.exe it was NOT detected as a virus by EITHER F-Prot or AVG it was however cought as spam by CBL, FIVETEN-SPAM, SPAMCOP the header of the email was Received: from c-67-164-195-92.client.comcast.net [67.164.195.92] by phcc.org (SMTPD32-8.03) id AE4F17E00F8; Tue, 07 Oct 2003 07:06:55 -0400 Message-ID: <[EMAIL PROTECTED]> Date: Tue, 7 Oct 2003 04:10:24 -0700 From: <[EMAIL PROTECTED]> Subject: ** 22. CBL, FIVETEN-SPAM, SPAMCOP, WEIGHT-F, WEIGHT20, WEIGHT202 ** Last Update. To: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--9D16FAF1684605E" X-RBL-Warning: CBL: Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=67.164.195.92 X-RBL-Warning: FIVETEN-SPAM: 92.195.164.67.blackholes.five-ten-sg.com. X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?67.164.195.92 X-Declude-Sender: [EMAIL PROTECTED] [67.164.195.92] X-Declude-Spoolname: D9e4f017e00f890ba.SMD X-In-Date: 10/07/2003 Time: 07:07:23 -0500 ET. X-Country-Chain: UNITED STATES->destination X-In-Note: This E-mail was comming into phcc.org Declude ver.1.76i5. X-In-Spam-Tests-Failed: CBL, FIVETEN-SPAM, SPAMCOP, WEIGHT-F, WEIGHT20, WEIGHT202 Total Weight= 22 x-In-Organization: DcMetroNet.com is the ISP for phcc.org X-In-Abuse: Please send abuse reports to [EMAIL PROTECTED] X-In-Note: This E-mail was sent from ([EMAIL PROTECTED]) c-67-164-195-92.client.comcast.net ([67.164.195.92]). X-In-Recips: [EMAIL PROTECTED] really [EMAIL PROTECTED] X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 349908174 Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - - Original Message - From: "Bill Naber" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 07, 2003 7:55 AM Subject: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax I just received an Email from "[EMAIL PROTECTED]" with the subject "Last Update.". The message warns of the [EMAIL PROTECTED] worm, but a search on the Symantec site shows nothing of the kind. The message has a Nav32.zip attachment that doesn't fail on either F-Prot or NAV. The message appears to have originated via an ameritech.net dsl connection and it has some grammatical errors, so I'm not doubting that it is bogus. I've only received one of these messages, but I am curious if I'm on the leading edge or if this is a very random incident. In the short run, I've put in a filter on messages from [EMAIL PROTECTED], but I'm concerned that it will use other return addresses. I've included the text from the message body and the headers below. Thanks, -Bill Naber Kitchin Hospitality, LLC === Message Body October 06, 2003 Intruder Alert 4.1 W32_Webb_Worm Policy This policy detects the propagation of the W32.SobigF.Worm through changes in the registry. [EMAIL PROTECTED] is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in various files. The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code. In attachment you can find program that update your Norton Antivirus to Norton Antivirus 2004. Message Header == Received: from horace.mail.atl.earthlink.net [207.69.200.41] by mail.jamesoninns.com with ESMTP (SMTPD32-7.15) id A328716014C; Tue, 07 Oct 2003 07:27:36 -0400 Received: from samuel.mail.atl.earthlink.net ([207.69.200.65]) by horace.mail.atl.earthlink.net with smtp (Exim 3.33 #1) id 1A6q0J-0005vx-00 for [EMAIL PROTECTED]; Tue, 07 Oct 2003 07:27:47 -0400 X-MindSpring-Loop: [EMAIL PROTECTED] Received: from adsl-68-77-24-119.dsl.emhril.ameritech.net ([68.77.24.119]) by samuel.mail.atl.earthlink.net (Earthlink Mail Service) with SMTP id 1a6Q0f2aB3Nl3pv0 for <[EMAIL PROTECTED]>; Tue, 7 Oct 2003 07:27:42 -0400 (EDT) Message-ID: <[EMAIL PROTECTED]> Date: Tue, 7 Oct 2003 04:32:14 -0700 From: <[EMAIL PROTECTED]> Subject: Last Update. To: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--9D16FAF1684605E" X-CYBERsitter-SpamManager-In: Passed - Adult: 0 (Req: 50) Spam: 12 (Req: 18) Tot: 10 (Req: 20) X-CYBERsitter-SpoolFile: Da3280716014c8c2a.SMD X-Declude-Sender: [EMAIL PROTECTED] [207.69.200.41] X-Note: Th
Re: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax
At 10:40 AM 10/7/2003, William Baumbach wrote: I received one today. the email had NAV32.zip and in the zip file was NAV32.exe it was NOT detected as a virus by EITHER F-Prot or AVG I can't believe this wouldn't be caught... gez... Looks like Declude to the rescue... BANNAME NAV32.zip. As a side note, the first one I detected was at 6:30 EST and McAfee did detect it. -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax
I already did ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kami Razvan Sent: Tuesday, October 07, 2003 11:55 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax Does anyone know if Symantec actually uses this email: [EMAIL PROTECTED] Perhaps we should block that email at Imail level for now until the patches catch up. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Baumbach Sent: Tuesday, October 07, 2003 11:41 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax I received one today. the email had NAV32.zip and in the zip file was NAV32.exe it was NOT detected as a virus by EITHER F-Prot or AVG it was however cought as spam by CBL, FIVETEN-SPAM, SPAMCOP the header of the email was Received: from c-67-164-195-92.client.comcast.net [67.164.195.92] by phcc.org (SMTPD32-8.03) id AE4F17E00F8; Tue, 07 Oct 2003 07:06:55 -0400 Message-ID: <[EMAIL PROTECTED]> Date: Tue, 7 Oct 2003 04:10:24 -0700 From: <[EMAIL PROTECTED]> Subject: ** 22. CBL, FIVETEN-SPAM, SPAMCOP, WEIGHT-F, WEIGHT20, WEIGHT202 ** Last Update. To: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--9D16FAF1684605E" X-RBL-Warning: CBL: Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=67.164.195.92 X-RBL-Warning: FIVETEN-SPAM: 92.195.164.67.blackholes.five-ten-sg.com. X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?67.164.195.92 X-Declude-Sender: [EMAIL PROTECTED] [67.164.195.92] X-Declude-Spoolname: D9e4f017e00f890ba.SMD X-In-Date: 10/07/2003 Time: 07:07:23 -0500 ET. X-Country-Chain: UNITED STATES->destination X-In-Note: This E-mail was comming into phcc.org Declude ver.1.76i5. X-In-Spam-Tests-Failed: CBL, FIVETEN-SPAM, SPAMCOP, WEIGHT-F, WEIGHT20, WEIGHT202 Total Weight= 22 x-In-Organization: DcMetroNet.com is the ISP for phcc.org X-In-Abuse: Please send abuse reports to [EMAIL PROTECTED] X-In-Note: This E-mail was sent from ([EMAIL PROTECTED]) c-67-164-195-92.client.comcast.net ([67.164.195.92]). X-In-Recips: [EMAIL PROTECTED] really [EMAIL PROTECTED] X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 349908174 Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - - Original Message - From: "Bill Naber" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 07, 2003 7:55 AM Subject: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax I just received an Email from "[EMAIL PROTECTED]" with the subject "Last Update.". The message warns of the [EMAIL PROTECTED] worm, but a search on the Symantec site shows nothing of the kind. The message has a Nav32.zip attachment that doesn't fail on either F-Prot or NAV. The message appears to have originated via an ameritech.net dsl connection and it has some grammatical errors, so I'm not doubting that it is bogus. I've only received one of these messages, but I am curious if I'm on the leading edge or if this is a very random incident. In the short run, I've put in a filter on messages from [EMAIL PROTECTED], but I'm concerned that it will use other return addresses. I've included the text from the message body and the headers below. Thanks, -Bill Naber Kitchin Hospitality, LLC === Message Body October 06, 2003 Intruder Alert 4.1 W32_Webb_Worm Policy This policy detects the propagation of the W32.SobigF.Worm through changes in the registry. [EMAIL PROTECTED] is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in various files. The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code. In attachment you can find program that update your Norton Antivirus to Norton Antivirus 2004. Message Header == Received: from horace.mail.atl.earthlink.net [207.69.200.41] by mail.jamesoninns.com with ESMTP (SMTPD32-7.15) id A328716014C; Tue, 07 Oct 2003 07:27:36 -0400 Received: from samuel.mail.atl.earthlink.net ([207.69.200.65]) by horace.mail.atl.earthlink.net with smtp (Exim 3.33 #1) id 1A6q0J-0005vx-00 for [EMAIL PROTECTED]; Tue, 07 Oct 2003 07:27:47 -0400 X-MindSpring-Loop: [EMAIL PROTECTED] Received: from adsl-68-77-24-119.dsl.emhril.ameritech.net ([68.77.24.119]) by samuel.mail.atl.earthlink.net (Earthlink Mail Service) with SMTP id 1a6Q0f2aB3Nl3pv0 for <[EMAIL PROTECTED]>; Tue, 7 Oct 2003 07:27:42 -0400 (EDT) Message-ID: <[EMAIL PROTECTED]> Date: Tue, 7 Oct 2003 04:32:14 -0700 From: <[EMAIL PROTECTED]> Subject: Last Update. To: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: mult
RE: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax
How do you ban a file by name? The manual only shows how to ban by extension. Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Russ Uhte (Lists) Sent: Tuesday, October 07, 2003 12:00 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax At 10:40 AM 10/7/2003, William Baumbach wrote: >I received one today. the email had NAV32.zip and in the zip file was >NAV32.exe > >it was NOT detected as a virus by EITHER F-Prot or AVG I can't believe this wouldn't be caught... gez... Looks like Declude to the rescue... BANNAME NAV32.zip. As a side note, the first one I detected was at 6:30 EST and McAfee did detect it. -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32_Webb_Worm Policy - Is this a new hoax
At 11:07 AM 10/7/2003, Greg Foulks wrote: How do you ban a file by name? The manual only shows how to ban by extension. I believe it's only available in the Beta version. Here is the Release Notes that introduced it. http://www.declude.com/relnotes.htm. Thanks, Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot Hangs Queue Manager in IMail?
I have this happen about every 10 days or so. Ipswitch tech support claim it is a bug in declude. They could not however prove it to me. So for what it's worth? On 10/6/03 7:16 PM, "Bill Landry" <[EMAIL PROTECTED]> wrote: > Could be that it is attempting to upgrade F-Prot to the latest version that > was released today, which will upgrade the Windows F-Prot program and engine > to: > > Program version: 3.14b > Engine version: 3.14.7 > > Bill > - Original Message - > From: "ITG Lists" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, October 06, 2003 2:19 PM > Subject: [Declude.Virus] F-Prot Hangs Queue Manager in IMail? > > >> Hi, >> >> I woke up to 7,300 files in my spool folder today. I noticed that F-Prot >> which checks for updates every 6 hours was waiting for me to continue or >> download latest version. >> >> After I dismissed it, I restarted queue manager (iMail 8.03) and mail >> started processing again. I did not install the F-Prot update yet, and >> it happened again. >> >> Has anybody else seen this? Why would the F-Prot update process stop the >> flow of mail? >> >> Please .cc me at [EMAIL PROTECTED] >> >> Thanks, >> George >> >> --- >> [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] >> >> --- >> This E-mail came from the Declude.Virus mailing list. To >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> type "unsubscribe Declude.Virus".The archives can be found >> at http://www.mail-archive.com. >> > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot Hangs Queue Manager in IMail?
I have this happen about every 10 days or so. Ipswitch tech support claim it is a bug in declude. They could not however prove it to me. So for what it's worth? They haven't yet found a bug in Declude, AFAIK. :) What do your log files say? This could be caused by F-Prot not responding (which could seriously delay mail), or it could just be the standard problem people are having with IMail v8's Queue Manager hanging. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Doc file cached as exe and banned
Anyone having an idea why this mail is assumed to be an exe when its actually a doc file ? Benny 10/07/2003 15:18:38 Qbd2e1e29004e9eb1 Found file with mismatched extensions [=?ISO-8859-1?Q?Supportm=F6nster.do?==?ISO-8859-1?Q-=?ISO-8859-1?Q?Supportm=F6nster?==?ISO-8859-1?Q?.d]; assuming .exe 10/07/2003 15:18:38 Qbd2e1e29004e9eb1 Scanned: Banned file extension. [MIME: 2 82375] 10/07/2003 15:18:38 Qbd2e1e29004e9eb1 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] 10/07/2003 15:18:38 Qbd2e1e29004e9eb1 Subject: Supportmönster --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] [Declude.Virus Digest]
Hi, A quick follow-up - it appears that my Queue Manager started choking and the timing was about the same interval as the F-Prot updater. So, I pointed the finger at the wrong thing. FYI...my stable 8.03 system which processes 35K messages per day just started acting up on Sunday with ERR 005 all over the log file with QueMgr requiring a restart to unclog. This morning I found a large number of "T" files and renamed them to "Q" and the QueMgr has not died yet. Who knows. Thanks! > > From: "ITG Lists" <[EMAIL PROTECTED]> > Subject: [Declude.Virus] F-Prot Hangs Queue Manager in IMail? > Date: Mon, 6 Oct 2003 14:19:47 -0700 > Reply-To: [EMAIL PROTECTED] > Hi, > > I woke up to 7,300 files in my spool folder today. I noticed that F-Prot > which checks for updates every 6 hours was waiting for me to continue or > download latest version. > > After I dismissed it, I restarted queue manager (iMail 8.03) and mail > started processing again. I did not install the F-Prot update yet, and > it happened again. > > Has anybody else seen this? Why would the F-Prot update process stop the > flow of mail? > > Please .cc me at [EMAIL PROTECTED] > > Thanks, > George > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]> > Subject: RE: [Declude.Virus] F-Prot Hangs Queue Manager in IMail? > Date: Mon, 6 Oct 2003 14:36:36 -0700 > Reply-To: [EMAIL PROTECTED] > Is this the DOS version or Windows version? > > What does the Virus log say? > > John Tolmachoff MCSE CSSA > Engineer/Consultant > eServices For You > www.eservicesforyou.com > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Doc file cached as exe and banned
Anyone having an idea why this mail is assumed to be an exe when its actually a doc file ? Because the mail client is giving it two separate names, with two separate extensions. As a result, Declude Virus treats it as an .exe file, since Declude Virus has no "priority" system to attempt to determine what files extensions are worse than other file extensions. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot Hangs Queue Manager in IMail?
I wrote a combination batch file + perl script to check and download F-prot virus signature updates. It does it by logging into the site, doing a 'dir' and comparing the signature download dates against the most recent download. So it doesn't consume much bandwidth to check. I prefer to upgrade signatures only interactively so I can immediately monitor the overall operation by checking the VIRUS.LOG file. There haven't been any bad signatures yet, but you never know. I could clean it up to run unattended and post it if anyone is interested. - Original Message - > It should only attempt to update the virus signatures online. The program > update has to be manually downloaded (with a valid customer number) and > installed. I have seen the virus update hang and wait for input when there > is a temporary network connection problem -- but it has never held up spool > processing. When you hit a key, it notices it is behind on updates and ties > again a few seconds later (unless you schedule the update, in which case it > usually hangs and can't be stopped, requiring a reboot to clear it). --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
