Re: [Declude.Virus] Imail Version 8.1
We have been using 8.1 for a few weeks now. We have had numerous problems with mailboxes being locked or unavailable. You may want to wait for 8.11 due out in about 3 weeks. Gene Have you installed this 2 hotfixes of 8.1? In my experience, no mailbox locked, maybe due to I installed these 2 immediately after installation, but there is some minor problem, like when users click Go Back in webmail, often got page can not display. a.. IMail Server 8.1 Hotfix 2 April 8, 2004 This hotfix fixes a possible handle leak in mailbox.dll which could result in locked mailboxes. a.. IMail Server 8.1 Hotfix 1 April 5, 2004 [included in 8.1 Hotfix 2] This hotfix fixes Queue Manager ERR 005 when delivering to multiple nested subfolders. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, April 22, 2004 3:08 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Imail Version 8.1 Are there any issues with using version 8.1 with Declude? I am thinking of upgrading our servers to 8.1. We are running declude 1.79. Any thoughts? There are no known issues running IMail v8.1 with 1.79 (there is a minor issue with Declude v1.75 and earlier, where IMail v8.1 would cause some E-mails to be scanned multiple times -- for Declude Virus, it would just cause a minor performance hit). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 4/9/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 4/9/2004 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This email has been scanned by Antivirus software in Crejob.com hosting server --- This email has been scanned by Antivirus software in Crejob.com hosting server --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] W32.Netsky.Q got through..
Hello, This morning when receiving message from our spam account (I hold everything instead of deleting then review), I received a message and attachment that Norton AV on my local machine caught as a Netsky.Q virus. This would have been delivered to the client had it not failed the spam tests. I'm running Declude v1.79 and F-Prot 3.14e with latest defs. Anyone else seeing Netsky.Q's getting through? Luckily I haven't seen anymore come through, but if you look at the virus logs, it sees it as virus free. UGH! Wish I could have caught it on my Linux VM so I could continue sending the message to the server to see when it finally catches it. Thoughts, comments welcome.. -Jeff __ Norton Attachment: Norton AntiVirus removed the attachment: msg15622.zip. The [EMAIL PROTECTED] threat was detected in the attachment. __ iMail Log: 04:23 02:21 SMTPD(05FB0112) [61.149.33.60] EHLO etna.com 04:23 02:21 SMTPD(05FB0112) [61.149.33.60] MAIL FROM:[EMAIL PROTECTED] 04:23 02:21 SMTPD(05FB0112) [61.149.33.60] RCPT TO:[EMAIL PROTECTED] 04:23 02:21 SMTPD(05FB0112) [61.149.33.60] C:\IMAIL\spool\Db5cf112.SMD 41758 04:23 02:21 SMTP-(04FC) processing C:\IMAIL\spool\Qb5cf112.SMD 04:23 02:21 SMTP-(04FC) forwarded message to [EMAIL PROTECTED] 04:23 02:21 SMTP-(04FC) ldeliver domain.com spam-main (1) [EMAIL PROTECTED] 42284 04:23 02:21 SMTP-(04FC) finished C:\IMAIL\spool\Qb5cf112.SMD status=1 __ Declude Log: 04/23/2004 02:21:25 Qb5cf112 L1 Message OK 04/23/2004 02:21:25 Qb5cf112 Tests failed [weight=14]: SBL=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN SPAMHEADERS=WARN WEIGHT10=ROUTETO CATCHALLMAILS=IGNORE __ Virus Log: 04/23/2004 02:21:24 Qb5cf112 Scanned: Virus Free [MIME: 2 30030] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] W32.Netsky.Q got through..
This morning when receiving message from our spam account (I hold everything instead of deleting then review), I received a message and attachment that Norton AV on my local machine caught as a Netsky.Q virus. This would have been delivered to the client had it not failed the spam tests. I'm running Declude v1.79 and F-Prot 3.14e with latest defs. Anyone else seeing Netsky.Q's getting through? Luckily I haven't seen anymore come through, but if you look at the virus logs, it sees it as virus free. UGH! Wish I could have caught it on my Linux VM so I could continue sending the message to the server to see when it finally catches it. Are other copies of Netsky.Q getting caught? Do you have a line BANEXT EZIP in your virus.cfg file? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] W32.Netsky.Q got through..
I've noticed that Virusscan does a better job of catching viruses in the .ezip than F-Prot. In my smaller world here, there will be 2-5 times a day .ezip viruses a day that VirusScan catches that F-Prot does not. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 04/23/04 08:45AM This morning when receiving message from our spam account (I hold everything instead of deleting then review), I received a message and attachment that Norton AV on my local machine caught as a Netsky.Q virus. This would have been delivered to the client had it not failed the spam tests. I'm running Declude v1.79 and F-Prot 3.14e with latest defs. Anyone else seeing Netsky.Q's getting through? Luckily I haven't seen anymore come through, but if you look at the virus logs, it sees it as virus free. UGH! Wish I could have caught it on my Linux VM so I could continue sending the message to the server to see when it finally catches it. Are other copies of Netsky.Q getting caught? Do you have a line BANEXT EZIP in your virus.cfg file? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
Yes, so far this is the only copy that has come through. I haven't heard from any of my clients of them saying the virus has come through. OK, so that means that F-Prot is able to catch them. I didn't even think about EZIP. That didn't catch it either when it should have, correct? That depends on whether the attachment was an encrypted .ZIP file, and whether you have the BANEXT EZIP option enabled. BANEXT EZIP Since you do have it enabled, it is difficult to say what happened. If you do still have a copy of it, you can send it to our virustrap@ address, and we can analyze it. It may be a corrupt, non-viable variant. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
Hello, Yes, so far this is the only copy that has come through. I haven't heard from any of my clients of them saying the virus has come through. I didn't even think about EZIP. That didn't catch it either when it should have, correct? I'll have to see if I can restore the attachment. It's still sitting in NAV quarantine. Anyway, here's what's listed in my VIRUS.CFG file (truncated): # LOGLEVELMID # SCANFILE C:\Progra~1\FSI\F-Prot\FPcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORTInfection: # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG SKIPEXT PNG # BANEXT scr BANEXT pif BANEXT exe BANEXT com BANEXT EZIP # BANNAME photo.zip BANNAME private.zip BANNAME Wendy.zip BANNAME p_usb.zip BANNAME Attach.rar BANNAME Details.rar BANNAME details.rar BANNAME Document.rar BANNAME Encrypted.rar BANNAME first_part.rar BANNAME Gift.rar BANNAME Info.rar BANNAME Information.rar BANNAME Message.rar BANNAME MoreInfo.rar BANNAME pub_document.rar BANNAME Readme.rar BANNAME Text.rar BANNAME text_document.rar BANNAME TextDocument.rar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 9:45 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] W32.Netsky.Q got through.. This morning when receiving message from our spam account (I hold everything instead of deleting then review), I received a message and attachment that Norton AV on my local machine caught as a Netsky.Q virus. This would have been delivered to the client had it not failed the spam tests. I'm running Declude v1.79 and F-Prot 3.14e with latest defs. Anyone else seeing Netsky.Q's getting through? Luckily I haven't seen anymore come through, but if you look at the virus logs, it sees it as virus free. UGH! Wish I could have caught it on my Linux VM so I could continue sending the message to the server to see when it finally catches it. Are other copies of Netsky.Q getting caught? Do you have a line BANEXT EZIP in your virus.cfg file? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Imail Version 8.1
I installed them repeatedly to try and solve the problem. I finally deleted all the .exe and .dll files in Imail and reloaded it from the download, re-applied the HF2 and now I'm not getting the mailbox unavailable (yet), but I am getting reboots due to a bug check. I never did get LDAP to work right. Gene Head ACCRAM Inc. MCP,Net+,A+,CCNA,CCDA [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, April 23, 2004 5:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Imail Version 8.1 We have been using 8.1 for a few weeks now. We have had numerous problems with mailboxes being locked or unavailable. You may want to wait for 8.11 due out in about 3 weeks. Gene Have you installed this 2 hotfixes of 8.1? In my experience, no mailbox locked, maybe due to I installed these 2 immediately after installation, but there is some minor problem, like when users click Go Back in webmail, often got page can not display. a.. IMail Server 8.1 Hotfix 2 - April 8, 2004 This hotfix fixes a possible handle leak in mailbox.dll which could result in locked mailboxes. a.. IMail Server 8.1 Hotfix 1 - April 5, 2004 [included in 8.1 Hotfix 2] This hotfix fixes Queue Manager ERR 005 when delivering to multiple nested subfolders. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, April 22, 2004 3:08 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Imail Version 8.1 Are there any issues with using version 8.1 with Declude? I am thinking of upgrading our servers to 8.1. We are running declude 1.79. Any thoughts? There are no known issues running IMail v8.1 with 1.79 (there is a minor issue with Declude v1.75 and earlier, where IMail v8.1 would cause some E-mails to be scanned multiple times -- for Declude Virus, it would just cause a minor performance hit). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 4/9/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 4/9/2004 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This email has been scanned by Antivirus software in Crejob.com hosting server --- This email has been scanned by Antivirus software in Crejob.com hosting server --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Watch out for this...
I just got this thing - it looks like big trouble. Don't follow the link. (I broke it up with spaces) Just got this from CNN Osama Bin Laden has just been captured! A video and some pictures have been released. Goto the link below for pictures, I will update the page with the video as soon as I can: http:// 220 . 95 . 231 . 54/pics/ God Bless America! The target appears to be an encrypted html using the object data exploit. Note that this one was carefully targeted - the to: addresses were very specific. Your users will probably follow this link if they are not prepared. You may want to block the IP at your border routers. Hope this helps, _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
Ok.. If I can get it unquarentined and sent to ya I will.. Sending may be a problem as well with NAV (which can be disabled) and F-PROT on the server.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 10:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Yes, so far this is the only copy that has come through. I haven't heard from any of my clients of them saying the virus has come through. OK, so that means that F-Prot is able to catch them. I didn't even think about EZIP. That didn't catch it either when it should have, correct? That depends on whether the attachment was an encrypted .ZIP file, and whether you have the BANEXT EZIP option enabled. BANEXT EZIP Since you do have it enabled, it is difficult to say what happened. If you do still have a copy of it, you can send it to our virustrap@ address, and we can analyze it. It may be a corrupt, non-viable variant. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] W32.Netsky.Q got through..
Hi, If a second scan of the same e-mail/attachment will still not catch the virus I *know* AV companies like f-prot would verry much like to get it from you. I had something like that once a while ago. However, I let Declude delete all mail identified as virus, so I did not have it for them anymore. Met vriendelijke groet, Bonno Bloksma - Original Message - From: Scott Fisher [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 23, 2004 3:54 PM Subject: Re: [Declude.Virus] W32.Netsky.Q got through.. I've noticed that Virusscan does a better job of catching viruses in the .ezip than F-Prot. In my smaller world here, there will be 2-5 times a day .ezip viruses a day that VirusScan catches that F-Prot does not. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 04/23/04 08:45AM This morning when receiving message from our spam account (I hold everything instead of deleting then review), I received a message and attachment that Norton AV on my local machine caught as a Netsky.Q virus. This would have been delivered to the client had it not failed the spam tests. I'm running Declude v1.79 and F-Prot 3.14e with latest defs. Anyone else seeing Netsky.Q's getting through? Luckily I haven't seen anymore come through, but if you look at the virus logs, it sees it as virus free. UGH! Wish I could have caught it on my Linux VM so I could continue sending the message to the server to see when it finally catches it. Are other copies of Netsky.Q getting caught? Do you have a line BANEXT EZIP in your virus.cfg file? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus using f-prot and Sophos] --- [This E-mail scanned for viruses by Declude Virus using f-prot and Sophos] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
I attempted to resend the virus again and it bounced (Unknown user: [EMAIL PROTECTED]). Just wanted to reconfirm the virus e-mail address. Is it [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 10:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Yes, so far this is the only copy that has come through. I haven't heard from any of my clients of them saying the virus has come through. OK, so that means that F-Prot is able to catch them. I didn't even think about EZIP. That didn't catch it either when it should have, correct? That depends on whether the attachment was an encrypted .ZIP file, and whether you have the BANEXT EZIP option enabled. BANEXT EZIP Since you do have it enabled, it is difficult to say what happened. If you do still have a copy of it, you can send it to our virustrap@ address, and we can analyze it. It may be a corrupt, non-viable variant. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
I attempted to resend the virus again and it bounced (Unknown user:... You'll need to check your IMail log file to see why IMail couldn't deliver the E-mail (we have no record of any E-mail from you to that address today). The address you sent it to was correct. Note that we rarely give out the address in lists to reduce the amount of spam sent to that address. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
Ok.. The latest time I tried to send (at 1300) went through.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Friday, April 23, 2004 12:56 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Ok.. I looked in the logs.. This is what I found.. 04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not relay [EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) QUIT 04:23 11:34 SMTP-(05B4) RCPT To:[EMAIL PROTECTED] 04:23 11:34 SMTP-(05B4) 550 5.7.1 [EMAIL PROTECTED]... we do not relay [EMAIL PROTECTED] 04:23 11:34 SMTP-(05B4) QUIT I'm going to attempt to resend it again and keep an eye on the logs.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 12:46 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. I attempted to resend the virus again and it bounced (Unknown user:... You'll need to check your IMail log file to see why IMail couldn't deliver the E-mail (we have no record of any E-mail from you to that address today). The address you sent it to was correct. Note that we rarely give out the address in lists to reduce the amount of spam sent to that address. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
Hello, I forwarded that virus onto you [EMAIL PROTECTED] It came from my main work e-mail [EMAIL PROTECTED] - instead of this account. But just looking at the mail logs, I don't know if it went through or not. Here's our logs: 04:23 11:33 SMTP-(0508) MAIL FROM:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 250 2.1.0 [EMAIL PROTECTED]... Sender ok 04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not relay [EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) QUIT 04:23 11:33 SMTP-(0508) 221 2.0.0 mail.fluns.com closing connection It ended up with a status=2. Did I send it to the wrong account? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 10:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Yes, so far this is the only copy that has come through. I haven't heard from any of my clients of them saying the virus has come through. OK, so that means that F-Prot is able to catch them. I didn't even think about EZIP. That didn't catch it either when it should have, correct? That depends on whether the attachment was an encrypted .ZIP file, and whether you have the BANEXT EZIP option enabled. BANEXT EZIP Since you do have it enabled, it is difficult to say what happened. If you do still have a copy of it, you can send it to our virustrap@ address, and we can analyze it. It may be a corrupt, non-viable variant. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
PLEASE DISREGARD ..Message was stuck in queue.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Friday, April 23, 2004 11:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Hello, I forwarded that virus onto you [EMAIL PROTECTED] It came from my main work e-mail [EMAIL PROTECTED] - instead of this account. But just looking at the mail logs, I don't know if it went through or not. Here's our logs: 04:23 11:33 SMTP-(0508) MAIL FROM:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 250 2.1.0 [EMAIL PROTECTED]... Sender ok 04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not relay [EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) QUIT 04:23 11:33 SMTP-(0508) 221 2.0.0 mail.fluns.com closing connection It ended up with a status=2. Did I send it to the wrong account? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 10:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Yes, so far this is the only copy that has come through. I haven't heard from any of my clients of them saying the virus has come through. OK, so that means that F-Prot is able to catch them. I didn't even think about EZIP. That didn't catch it either when it should have, correct? That depends on whether the attachment was an encrypted .ZIP file, and whether you have the BANEXT EZIP option enabled. BANEXT EZIP Since you do have it enabled, it is difficult to say what happened. If you do still have a copy of it, you can send it to our virustrap@ address, and we can analyze it. It may be a corrupt, non-viable variant. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
Jeff, no offence intended, but this kind of communication should be directly to Scott, not to the list. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Friday, April 23, 2004 8:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Hello, I forwarded that virus onto you [EMAIL PROTECTED] It came from my main work e-mail [EMAIL PROTECTED] - instead of this account. But just looking at the mail logs, I don't know if it went through or not. Here's our logs: 04:23 11:33 SMTP-(0508) MAIL FROM:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 250 2.1.0 [EMAIL PROTECTED]... Sender ok 04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not relay [EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) QUIT 04:23 11:33 SMTP-(0508) 221 2.0.0 mail.fluns.com closing connection It ended up with a status=2. Did I send it to the wrong account? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
I was able to send the virus to that account (at 1300).. I checked our logs and it went through and got a response e-mail.. The message below got caught up in queue.. Was messing with our DNS servers trying to fix the timeout problems we've been having lately.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 2:27 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. I forwarded that virus onto you [EMAIL PROTECTED] It came from my main work e-mail [EMAIL PROTECTED] - instead of this account. But just looking at the mail logs, I don't know if it went through or not. Here's our logs: 04:23 11:33 SMTP-(0508) MAIL FROM:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 250 2.1.0 [EMAIL PROTECTED]... Sender ok 04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not relay [EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) QUIT 04:23 11:33 SMTP-(0508) 221 2.0.0 mail.fluns.com closing connection It ended up with a status=2. Did I send it to the wrong account? It looks like your mailserver is sending to the A record rather than the MX record (that nasty old IMail bug strikes again...). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
I was able to send the virus to that account (at 1300).. I checked our logs and it went through and got a response e-mail.. The message below got caught up in queue.. Was messing with our DNS servers trying to fix the timeout problems we've been having lately.. It did arrive. This one has a .ZIP extension, but is actually not a .ZIP file. F-Prot isn't detecting it; I'm guessing they are not detecting it because it is corrupt. You may want to try sending it to them for analysis. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
