Re: [Declude.Virus] Current Forging Virus list
Hy, To go OT a bit, what the hell is forging dns? I know dns but forging.. Probabaly something simple though. :P D.C. - Original Message - From: Bonno Bloksma [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: R. Scott Perry [EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 9:09 PM Subject: Re: [Declude.Virus] Current Forging Virus list Hi, My list is a bit longer and isn't it Dumaru in stead of Dumar? FORGINGVIRUS Avril FORGINGVIRUS Braid FORGINGVIRUS Bridex FORGINGVIRUS Bugbear FORGINGVIRUS Dumaru FORGINGVIRUS Fizzer FORGINGVIRUS Gibe FORGINGVIRUS Hybris FORGINGVIRUS Klez FORGINGVIRUS Lentin FORGINGVIRUS Magistr FORGINGVIRUS Mimail FORGINGVIRUS Palyh FORGINGVIRUS Sefex FORGINGVIRUS Sober FORGINGVIRUS Sobig FORGINGVIRUS Swen FORGINGVIRUS Yaha Scott, my list also longer then the list in the sender.eml file. You are missing Avril, Gibe, Hybris, Sefex and Swen. Are those not forging virusses? I only add them to my list after receiving delivery errors which state unkown mailbox or something like it. Also you have Dumar in stead of Dumaru. Sophos does not know a Dumar virus but does know of a Dumaru virus. Same for F-prot. Maybe a good idea to have these standard in the virus.cfg file and adapt the *.eml files into using the line SKIPIFSENDER [Forged], that way all maintenance is done at one place, no need to update multiple eml files, no confusing the user with invalid e-mail addresses. Of course you forging dns server is even better but this is a good starting place for those that don't want that for whatever reason. Groetjes, Bonno Bloksma Back up my hard drive? How do I put it in reverse? - Original Message - From: Karen D. Oland [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 7:46 PM Subject: RE: [Declude.Virus] Current Forging Virus list I've also seen these identified with forged addresses: FORGINGVIRUS Mimail FORGINGVIRUS Dumar FORGINGVIRUS Sober FORGINGVIRUS Holar Is this a good current list? FORGINGVIRUS Braid FORGINGVIRUS Bridex FORGINGVIRUS Bugbear FORGINGVIRUS Hybris FORGINGVIRUS Lentin FORGINGVIRUS Klez FORGINGVIRUS Magistr FORGINGVIRUS Sobig FORGINGVIRUS Vulnerability FORGINGVIRUS Yaha FORGINGVIRUS Fizzer FORGINGVIRUS Palyh --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus using f-prot and Sophos] --- [This E-mail scanned for viruses by Declude Virus using f-prot and Sophos] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Current Forging Virus list
Hi, To go OT a bit, what the hell is forging dns? You know what a forging virus is? I know dns And you know what dns is. Now of course you have heard of spammers and probably also of dns blacklists? Well The forging dns is a dns-alike server that keeps a list of virus names which are forging viruses and is maintained by/for Declude. but forging.. Yeah. :) It's not the dns which is being forged which kinda gets you on the wrong track. Probabaly something simple though. :P Yup. ;-) Groetjes, Bonno Bloksma Back up my hard drive? How do I put it in reverse? --- [This E-mail scanned for viruses by Declude Virus using f-prot and Sophos] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Current Forging Virus list
Tnx, That explained alot. Silly names. _ I shall lookup more info on it once, when I have time. (lol.. thats gona be a while) Sounds interesting to find out how it works. :) Tnx again, D.C. - Original Message - From: Bonno Bloksma [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 8:54 AM Subject: Re: [Declude.Virus] Current Forging Virus list Hi, To go OT a bit, what the hell is forging dns? You know what a forging virus is? I know dns And you know what dns is. Now of course you have heard of spammers and probably also of dns blacklists? Well The forging dns is a dns-alike server that keeps a list of virus names which are forging viruses and is maintained by/for Declude. but forging.. Yeah. :) It's not the dns which is being forged which kinda gets you on the wrong track. Probabaly something simple though. :P Yup. ;-) Groetjes, Bonno Bloksma Back up my hard drive? How do I put it in reverse? --- [This E-mail scanned for viruses by Declude Virus using f-prot and Sophos] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] f-prot question
Does anyone know what the command line string is for scanning your sig file to see if it is catching a certain named virus file? I saw it posted over 6 months ago, however, I guess my search isn't picking it up. Thanks, Keith +,qyo r[yXm ynu(8bIWkax7^V*f)+-Nrz;uj)l^r[yjwmmr[yXy+mwZm Vry
Re: [Declude.Virus] f-prot question
I honestly have no clue. I force all my messages in textmode. (makes this Nfyu u dj)jgnr[yX XX:m fyu *{nyu rzj j) in your sig alot more interesting lol) But I wonder, shouldn't it be somewhere in the f-prot manual? Or there site? D.C. - Original Message - From: Keith Johnson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 2:40 PM Subject: [Declude.Virus] f-prot question Does anyone know what the command line string is for scanning your sig file to see if it is catching a certain named virus file? I saw it posted over 6 months ago, however, I guess my search isn't picking it up. Thanks, Keith Nfyu u dj)jgnr[yX XX:m fyu *{nyu rzj j) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Install for first time message repeats
I have declude running on my companies primary mail server and have no problems what so ever with that install and config. However one of my colo customers purchased IMAIL and declude lite virus version. I set the server up just like mine but I keep getting an error when it fires up. declude.exe continues to say; INSTALLING DECLUDE FOR THE FIRST TIME INSTALLATION COMPLETE! The above is written to the dec log file and NO vir log file is even created. What have I missed here? Is'nt the declude.exe file the same for all versions? As I understand it the serial key is what determines what mode it runs in, i.e. pro, standard or lite, virus spam and or hijack. Please help me out as these folks have been getting virus scanned emails from my server and now today they have no scanning taking place. Greg Hedgepath [EMAIL PROTECTED] http://www.CFHosting.net/ ICQ#: 290276 | AIM: colFu Yahoo: cfhosting msn: [EMAIL PROTECTED]
[Declude.Virus] SysBug
I've received an alert about a new virus (not a worm) intended to gain remote access over a backdoor. The virus has no replication functionality but is send out like a spam message directly to many many recipients. In the meantime I reccomend to add a line BANNAME private.zip to your virus.cfg file. --- Gufler Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Install for first time message repeats
However one of my colo customers purchased IMAIL and declude lite virus version. I set the server up just like mine but I keep getting an error when it fires up. declude.exe continues to say; INSTALLING DECLUDE FOR THE FIRST TIME INSTALLATION COMPLETE! The above is written to the dec log file and NO vir log file is even created. What have I missed here? What I would recommend is following the Emergency Uninstall procedure in the manual, and then re-installing it. It looks like there may have been a problem writing to the registry the first time it was installed. Is'nt the declude.exe file the same for all versions? As I understand it the serial key is what determines what mode it runs in, i.e. pro, standard or lite, virus spam and or hijack. That is correct. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Install for first time message repeats
perhaps you should include the virus.cfg (code blanked out unless its directed to scott alone)A nice thing to check is if the SMTP service sees "Declude.exe" as its executable.If not put it up manually, check the registry (read the manual at http://www.declude.com/virus/manual.htmfor more details) en reload the SMTP service.And to make it real easy:the key to check is HKEY_LOCAL_MACHINE\Software\Ipswitch\IMail\Global\SendNameyet if you can change it in IMail its probably ok. I am guessing here but I think it fails to setup declude.exe als the SMTP .exe. D.C. - Original Message - From: Greg To: [EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 2:53 PM Subject: [Declude.Virus] Install for first time message repeats I have declude running on my companies primary mail server and have no problems what so ever with that install and config.However one of my colo customers purchased IMAIL and declude lite virus version.I set the server up just like mine but I keep getting an error when it fires up.declude.exe continues to say;INSTALLING DECLUDE FOR THE FIRST TIMEINSTALLATION COMPLETE!The above is written to the dec log file and NO vir log file is even created.What have I missed here?Is'nt the declude.exe file the same for all versions?As I understand it the serial key is what determines what mode it runs in, i.e. pro, standard or lite, virus spam and or hijack.Please help me out as these folks have been getting virus scanned emails from my server and now today they have no scanning taking place.Greg Hedgepath[EMAIL PROTECTED]http://www.CFHosting.net/ICQ#: 290276 | AIM: colFuYahoo: cfhostingmsn: [EMAIL PROTECTED]
RE: [Declude.Virus] New virus in town..
Yes.. I think another poster recommended adding Private.zip into the declude virus.cfg file to block that attachment ~Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kami Razvan Sent: Wednesday, November 26, 2003 12:00 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New virus in town.. Hi; I think this is the one that was reported by Matt earlier.. Here is some release.. http://www.eweek.com/article2/0,4149,1396835,00.asp?kc=EWNWS112603DTX1K5 99 The Trojan arrives in an e-mail with an attachment that is zipped and contains an executable. The e-mail begins: Hello my dear Mary, I have been thinking about you all night. I would like to apologize for the other night when . The message then goes into more explicit detail. The e-mail comes from [EMAIL PROTECTED] and the subject line says Re[2]: Mary. === Perhaps a block on: [EMAIL PROTECTED] is in order just in case. Regards, Kami ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.