Re: [Declude.Virus] Are ActiveX controls considered viruses?
Second question about interim releases: is there documentation? How do I know how to invoke the newest features, changes to the various config files, etc? http://www.declude.com/interim should cover this. There is (by design) no documentation. If you do not already know how to make the necessary config file changes, you shouldn't be downloading the interim. You should only download an interim for a specific purpose, and when you find out about that purpose (through this list, for example), details on any config file changes will be there. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Could not find parse string Infection: in report.txt
Can anyone tell me what this means. I included the later lines as well. Running Declude standard Diagnostics ON (Declude v1.78i27). Fprot 3.14e with this command line SCANFILEC:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOFLOPPY /NOBOOT /DUMB /SERVER /REPORT=report.txt) VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORTInfection: 03/19/2004 03:01:17 Qa8cb020101122357 Could not find parse string Infection: in report.txt 03/19/2004 03:01:17 Qa8cb020101122357 File(s) are INFECTED [: 8] 03/19/2004 03:01:17 Qa8cb020101122357 Scanned: CONTAINS A VIRUS [MIME: 3 25487] 03/19/2004 03:01:17 Qa8cb020101122357 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 80.65.93.134] 03/19/2004 03:01:17 Qa8cb020101122357 Subject: Re: Thank you! --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Could not find parse string Infection: in report.txt
Can anyone tell me what this means. I included the later lines as well. 03/19/2004 03:01:17 Qa8cb020101122357 Could not find parse string Infection: in report.txt That means that F-Prot detected a suspicious file, but not a virus. When it does that, it can't know the virus name, so it cannot report the virus name in the report.txt file. Since Declude Virus expects a virus name to be present, that warning is logged. In this case, you will see the name of the virus appear as [Unknown Virus]. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Could not find parse string Infection: in report.txt
Thanks for the immediate reply G Will it treat the message like a virus. IE not forward it to the recipient? Love your company and product. You should start a consulting company and teach corporations how to treat customers. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Saturday, March 20, 2004 1:40 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Could not find parse string Infection: in report.txt Can anyone tell me what this means. I included the later lines as well. 03/19/2004 03:01:17 Qa8cb020101122357 Could not find parse string Infection: in report.txt That means that F-Prot detected a suspicious file, but not a virus. When it does that, it can't know the virus name, so it cannot report the virus name in the report.txt file. Since Declude Virus expects a virus name to be present, that warning is logged. In this case, you will see the name of the virus appear as [Unknown Virus]. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] New to List, Question re: Virus Scanners
Hello all. This is Chris Ulrich from Cydian. We've been using Declude for about 2 years now, IMail for 5+ and have just joined the list. Honestly, should have done it sooner but I didn't realize there was one! I had posted a question to the IMail list that Scott suggested I post here for comment. I'm sorry in advance if it's been covered recently, but being new to the group, I would have missed it... 1. We're running Declude-AV with FProt. Works pretty well, but some things have been getting through lately. With regards to how Declude works, suppose I host a domain email accounts on the server (Imail 7.07) and someone @AOL sends an infected file to my client. Does Declude scan it at the time it is received from the AOL server? Does it scan again when my client checks mail? My suspicion on why some things are being missed is that some messages are being sent in prior to the AV software setting a definition for it. So what we've been seeing is the latest BAGLE, etc., getting through Declude/FProt but being picked up on the client's machine running Norton locally. Does this make sense? 2. I'm looking to add McAfee as a second scanner. We have the AntiVirus Suite, which includes the enterprise scanner and the command line scanner. I'm trying to figure out how to configure this so: (1) it uses the command line scanner and (2) it benefits from the live update feature of the Enterprise scanner. 3. Being new to the list, the first message received ended up in my SPAM folder. Here's the header I received. My questions are (1) why are these things being flagged, and (2) are these headers being set by the Declude mail server before it is being sent to me, or being set by my mail server when it receives the message from the list? From: Douglas Cohn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Could not find parse string Infection: in report.txt Date: Sat, 20 Mar 2004 14:16:31 -0500 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcQOqvPBJ1XiWpwqRTaeheyv0XPlogABLBQg X-RBL-Warning: BLARSBL: This E-mail came from 64.15.255.80, a potential spam source listed in BLARSBL. [2-2-1000] X-RBL-Warning: FIVETENIGNORE: 69.167.74.216.blackholes.five-ten-sg.com. [2-20-a000] X-RBL-Warning: NJABLSOURCES: CW / TranSend, Inc. spam house -- 1072977278 [2-40-14000] X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: -6. [2-97-30800] X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [420e]. [2-98-31000] X-Note: This E-mail was scanned for viruses by Declude Virus (www.declude.com) X-NRecips: 1 X-Reverse-IP: mail.internetny.com X-Weight: -4 (BLARSBL, FIVETENIGNORE, NJABLSOURCES, SPFUNKNOWN, HEUR1, SPAMCHK, SPAMHEADERS) X-Country-Chain: UNITED STATES-destination. X-Declude-Sender: [EMAIL PROTECTED] [64.15.255.80] X-Declude-Spoolname: D988d02c4043ae160.SMD Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-Declude-Sender: [EMAIL PROTECTED] [24.107.232.14] X-Note: This E-mail was scanned by Declude JunkMail 1.75 for spam. X-Spam-Tests-Failed: None [-8] X-Note: This E-mail was sent from cpe-24-107-232-14.ma.charter.com ([24.107.232.14]). X-RCPT-TO: [EMAIL PROTECTED] Sorry to ask so many questions on the first post, but hopefully I'll get up to speed on the nuances of Declude and be able to make some useful contributions. Thanks all! --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.