Re: [Declude.Virus] Imail Version 8.1

2004-04-23 Thread linxd
 We have been using 8.1 for a few weeks now. We have had numerous
 problems with mailboxes being locked or unavailable. You may want to
 wait for 8.11 due out in about 3 weeks.

 Gene

Have you installed this 2 hotfixes of 8.1?
In my experience, no mailbox locked, maybe due to I installed these 2
immediately
after installation, but there is some minor problem, like when users click
Go Back
in webmail, often got page can not display.

a.. IMail Server 8.1 Hotfix 2  April 8, 2004
This hotfix fixes a possible handle leak in mailbox.dll which could result
in locked mailboxes.
a.. IMail Server 8.1 Hotfix 1  April 5, 2004
[included in 8.1 Hotfix 2]
This hotfix fixes Queue Manager ERR 005 when delivering to multiple nested
subfolders.


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
 Sent: Thursday, April 22, 2004 3:08 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [Declude.Virus] Imail Version 8.1


 Are there any issues with using version 8.1 with Declude?  I am
 thinking
 of upgrading our servers to 8.1.  We are running declude 1.79.  Any
 thoughts?

 There are no known issues running IMail v8.1 with 1.79 (there is a minor

 issue with Declude v1.75 and earlier, where IMail v8.1 would cause some
 E-mails to be scanned multiple times -- for Declude Virus, it would just

 cause a minor performance hit).

 -Scott
 ---
 Declude JunkMail: The advanced anti-spam solution for IMail mailservers
 since 2000.
 Declude Virus: Ultra reliable virus detection and the leader in
 mailserver
 vulnerability detection.
 Find out what you've been missing: Ask for a free 30-day evaluation.

 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.Virus mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.Virus.The archives can be found
 at http://www.mail-archive.com.
 ---
 [This E-mail scanned for viruses by Declude Virus]


 ---
 Incoming mail is certified Virus Free.
 Checked by AVG anti-virus system (http://www.grisoft.com).
 Version: 6.0.656 / Virus Database: 421 - Release Date: 4/9/2004


 ---
 Outgoing mail is certified Virus Free.
 Checked by AVG anti-virus system (http://www.grisoft.com).
 Version: 6.0.656 / Virus Database: 421 - Release Date: 4/9/2004


 ---
 [This E-mail scanned for viruses by Declude Virus]

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.Virus mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.Virus.The archives can be found
 at http://www.mail-archive.com.
 ---
 This email has been scanned by Antivirus software in Crejob.com hosting
server



---
This email has been scanned by Antivirus software in Crejob.com hosting server

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


[Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread Jeff Maze - Hostmaster
Hello,
This morning when receiving message from our spam account (I hold
everything instead of deleting then review), I received a message and
attachment that Norton AV on my local machine caught as a Netsky.Q virus.
This would have been delivered to the client had it not failed the spam
tests.
I'm running Declude v1.79 and F-Prot 3.14e with latest defs.  Anyone
else seeing Netsky.Q's getting through?  Luckily I haven't seen anymore come
through, but if you look at the virus logs, it sees it as virus free.  UGH!
Wish I could have caught it on my Linux VM so I could continue sending the
message to the server to see when it finally catches it.
Thoughts, comments welcome.. -Jeff

__
Norton Attachment:
Norton AntiVirus removed the attachment: msg15622.zip.
The [EMAIL PROTECTED] threat was detected in the attachment.
__
iMail Log:
04:23 02:21 SMTPD(05FB0112) [61.149.33.60] EHLO etna.com
04:23 02:21 SMTPD(05FB0112) [61.149.33.60] MAIL FROM:[EMAIL PROTECTED]
04:23 02:21 SMTPD(05FB0112) [61.149.33.60] RCPT TO:[EMAIL PROTECTED]
04:23 02:21 SMTPD(05FB0112) [61.149.33.60] C:\IMAIL\spool\Db5cf112.SMD 41758
04:23 02:21 SMTP-(04FC) processing C:\IMAIL\spool\Qb5cf112.SMD
04:23 02:21 SMTP-(04FC) forwarded message to [EMAIL PROTECTED]
04:23 02:21 SMTP-(04FC) ldeliver domain.com spam-main (1)
[EMAIL PROTECTED] 42284
04:23 02:21 SMTP-(04FC) finished C:\IMAIL\spool\Qb5cf112.SMD status=1
__
Declude Log:
04/23/2004 02:21:25 Qb5cf112 L1 Message OK
04/23/2004 02:21:25 Qb5cf112 Tests failed [weight=14]: SBL=WARN
IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN SPAMHEADERS=WARN
WEIGHT10=ROUTETO CATCHALLMAILS=IGNORE
__
Virus Log:
04/23/2004 02:21:24 Qb5cf112 Scanned: Virus Free [MIME: 2 30030]


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


Re: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread R. Scott Perry

This morning when receiving message from our spam account (I hold
everything instead of deleting then review), I received a message and
attachment that Norton AV on my local machine caught as a Netsky.Q virus.
This would have been delivered to the client had it not failed the spam
tests.
I'm running Declude v1.79 and F-Prot 3.14e with latest defs.  Anyone
else seeing Netsky.Q's getting through?  Luckily I haven't seen anymore come
through, but if you look at the virus logs, it sees it as virus free.  UGH!
Wish I could have caught it on my Linux VM so I could continue sending the
message to the server to see when it finally catches it.
Are other copies of Netsky.Q getting caught?  Do you have a line BANEXT 
EZIP in your virus.cfg file?

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


Re: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread Scott Fisher
I've noticed that Virusscan does a better job of catching viruses in the .ezip than 
F-Prot. 
In my smaller world here, there will be 2-5 times a day .ezip viruses a day that 
VirusScan catches that F-Prot does not.

Scott Fisher
Director of IT
Farm Progress Companies

 [EMAIL PROTECTED] 04/23/04 08:45AM 

 This morning when receiving message from our spam account (I hold
everything instead of deleting then review), I received a message and
attachment that Norton AV on my local machine caught as a Netsky.Q virus.
This would have been delivered to the client had it not failed the spam
tests.
 I'm running Declude v1.79 and F-Prot 3.14e with latest defs.  Anyone
else seeing Netsky.Q's getting through?  Luckily I haven't seen anymore come
through, but if you look at the virus logs, it sees it as virus free.  UGH!
Wish I could have caught it on my Linux VM so I could continue sending the
message to the server to see when it finally catches it.

Are other copies of Netsky.Q getting caught?  Do you have a line BANEXT 
EZIP in your virus.cfg file?

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] 

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread R. Scott Perry

Yes, so far this is the only copy that has come through.  I haven't
heard from any of my clients of them saying the virus has come through.
OK, so that means that F-Prot is able to catch them.

I  didn't even think about EZIP.  That didn't catch it either when
it should have, correct?
That depends on whether the attachment was an encrypted .ZIP file, and 
whether you have the BANEXT EZIP option enabled.

BANEXT  EZIP
Since you do have it enabled, it is difficult to say what happened.

If you do still have a copy of it, you can send it to our virustrap@ 
address, and we can analyze it.  It may be a corrupt, non-viable variant.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread Jeff Maze - Hostmaster
Hello,
Yes, so far this is the only copy that has come through.  I haven't
heard from any of my clients of them saying the virus has come through.
I  didn't even think about EZIP.  That didn't catch it either when
it should have, correct?  I'll have to see if I can restore the attachment.
It's still sitting in NAV quarantine.
Anyway, here's what's listed in my VIRUS.CFG file (truncated):
#
LOGLEVELMID
#
SCANFILE  C:\Progra~1\FSI\F-Prot\FPcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE
/DUMB /REPORT=report.txt
VIRUSCODE 3
VIRUSCODE 6
REPORTInfection:
#
SKIPEXT GIF
SKIPEXT TXT
SKIPEXT JPG
SKIPEXT MPG
SKIPEXT PNG
#
BANEXT  scr
BANEXT  pif
BANEXT  exe
BANEXT  com
BANEXT  EZIP
#
BANNAME photo.zip
BANNAME private.zip
BANNAME Wendy.zip
BANNAME p_usb.zip
BANNAME Attach.rar
BANNAME Details.rar
BANNAME details.rar
BANNAME Document.rar
BANNAME Encrypted.rar
BANNAME first_part.rar
BANNAME Gift.rar
BANNAME Info.rar
BANNAME Information.rar
BANNAME Message.rar
BANNAME MoreInfo.rar
BANNAME pub_document.rar
BANNAME Readme.rar
BANNAME Text.rar
BANNAME text_document.rar
BANNAME TextDocument.rar 




-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, April 23, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] W32.Netsky.Q got through..


 This morning when receiving message from our spam account (I 
hold everything instead of deleting then review), I received a message 
and attachment that Norton AV on my local machine caught as a Netsky.Q
virus.
This would have been delivered to the client had it not failed the spam 
tests.
 I'm running Declude v1.79 and F-Prot 3.14e with latest defs.  
Anyone else seeing Netsky.Q's getting through?  Luckily I haven't seen 
anymore come through, but if you look at the virus logs, it sees it as
virus free.  UGH!
Wish I could have caught it on my Linux VM so I could continue sending 
the message to the server to see when it finally catches it.

Are other copies of Netsky.Q getting caught?  Do you have a line BANEXT
EZIP in your virus.cfg file?

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] Imail Version 8.1

2004-04-23 Thread Gene Head
I installed them repeatedly to try and solve the problem. I finally
deleted all the .exe and .dll files in Imail and reloaded it from the
download, re-applied the HF2 and now I'm not getting the mailbox
unavailable (yet), but I am getting reboots due to a bug check.

I never did get LDAP to work right.
 

Gene Head
ACCRAM Inc.
MCP,Net+,A+,CCNA,CCDA
[EMAIL PROTECTED]
[EMAIL PROTECTED] 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, April 23, 2004 5:48 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Imail Version 8.1 

 We have been using 8.1 for a few weeks now. We have had numerous
 problems with mailboxes being locked or unavailable. You may want to
 wait for 8.11 due out in about 3 weeks.

 Gene

Have you installed this 2 hotfixes of 8.1?
In my experience, no mailbox locked, maybe due to I installed these 2
immediately
after installation, but there is some minor problem, like when users
click
Go Back
in webmail, often got page can not display.

a.. IMail Server 8.1 Hotfix 2 - April 8, 2004
This hotfix fixes a possible handle leak in mailbox.dll which could
result
in locked mailboxes.
a.. IMail Server 8.1 Hotfix 1 - April 5, 2004
[included in 8.1 Hotfix 2]
This hotfix fixes Queue Manager ERR 005 when delivering to multiple
nested
subfolders.


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
 Sent: Thursday, April 22, 2004 3:08 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [Declude.Virus] Imail Version 8.1


 Are there any issues with using version 8.1 with Declude?  I am
 thinking
 of upgrading our servers to 8.1.  We are running declude 1.79.  Any
 thoughts?

 There are no known issues running IMail v8.1 with 1.79 (there is a
minor

 issue with Declude v1.75 and earlier, where IMail v8.1 would cause
some
 E-mails to be scanned multiple times -- for Declude Virus, it would
just

 cause a minor performance hit).

 -Scott
 ---
 Declude JunkMail: The advanced anti-spam solution for IMail
mailservers
 since 2000.
 Declude Virus: Ultra reliable virus detection and the leader in
 mailserver
 vulnerability detection.
 Find out what you've been missing: Ask for a free 30-day evaluation.

 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.Virus mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.Virus.The archives can be found
 at http://www.mail-archive.com.
 ---
 [This E-mail scanned for viruses by Declude Virus]


 ---
 Incoming mail is certified Virus Free.
 Checked by AVG anti-virus system (http://www.grisoft.com).
 Version: 6.0.656 / Virus Database: 421 - Release Date: 4/9/2004


 ---
 Outgoing mail is certified Virus Free.
 Checked by AVG anti-virus system (http://www.grisoft.com).
 Version: 6.0.656 / Virus Database: 421 - Release Date: 4/9/2004


 ---
 [This E-mail scanned for viruses by Declude Virus]

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.Virus mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.Virus.The archives can be found
 at http://www.mail-archive.com.
 ---
 This email has been scanned by Antivirus software in Crejob.com
hosting
server



---
This email has been scanned by Antivirus software in Crejob.com hosting
server

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus]


---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


[Declude.Virus] Watch out for this...

2004-04-23 Thread Pete McNeil
I just got this thing - it looks like big trouble.
Don't follow the link. (I broke it up with spaces)
Just got this from CNN Osama Bin Laden has just been captured! A video and 
some pictures have been released. Goto the link below for pictures, I will 
update the page with the video as soon as I can:
http:// 220 . 95 . 231 . 54/pics/ God Bless America!

The target appears to be an encrypted html using the object data exploit.

Note that this one was carefully targeted - the to: addresses were very 
specific.

Your users will probably follow this link if they are not prepared.

You may want to block the IP at your border routers.

Hope this helps,
_M
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread Jeff Maze - Hostmaster
Ok.. If I can get it unquarentined and sent to ya I will..  Sending may be a
problem as well with NAV (which can be disabled) and F-PROT on the server..

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, April 23, 2004 10:17 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] W32.Netsky.Q got through..


 Yes, so far this is the only copy that has come through.  I 
haven't heard from any of my clients of them saying the virus has come
through.

OK, so that means that F-Prot is able to catch them.

 I  didn't even think about EZIP.  That didn't catch it either 
when it should have, correct?

That depends on whether the attachment was an encrypted .ZIP file, and
whether you have the BANEXT EZIP option enabled.

BANEXT  EZIP

Since you do have it enabled, it is difficult to say what happened.

If you do still have a copy of it, you can send it to our virustrap@
address, and we can analyze it.  It may be a corrupt, non-viable variant.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


Re: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread Bonno Bloksma
Hi,

If a second scan of the same e-mail/attachment will still not catch the
virus I *know* AV companies like f-prot would verry much like to get it from
you. I had something like that once a while ago. However, I let Declude
delete all mail identified as virus, so I did not have it for them anymore.

Met vriendelijke groet,

Bonno Bloksma

- Original Message -
From: Scott Fisher [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, April 23, 2004 3:54 PM
Subject: Re: [Declude.Virus] W32.Netsky.Q got through..


I've noticed that Virusscan does a better job of catching viruses in the
.ezip than F-Prot.
In my smaller world here, there will be 2-5 times a day .ezip viruses a day
that VirusScan catches that F-Prot does not.

Scott Fisher
Director of IT
Farm Progress Companies

 [EMAIL PROTECTED] 04/23/04 08:45AM 

 This morning when receiving message from our spam account (I hold
everything instead of deleting then review), I received a message and
attachment that Norton AV on my local machine caught as a Netsky.Q virus.
This would have been delivered to the client had it not failed the spam
tests.
 I'm running Declude v1.79 and F-Prot 3.14e with latest defs.
Anyone
else seeing Netsky.Q's getting through?  Luckily I haven't seen anymore
come
through, but if you look at the virus logs, it sees it as virus free.  UGH!
Wish I could have caught it on my Linux VM so I could continue sending the
message to the server to see when it finally catches it.

Are other copies of Netsky.Q getting caught?  Do you have a line BANEXT
EZIP in your virus.cfg file?

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus using f-prot and Sophos]


---
[This E-mail scanned for viruses by Declude Virus using f-prot and Sophos]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread Jeff Maze - Hostmaster
I attempted to resend the virus again and it bounced (Unknown user:
[EMAIL PROTECTED]).  Just wanted to reconfirm the virus e-mail
address.   Is it [EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, April 23, 2004 10:17 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] W32.Netsky.Q got through..


 Yes, so far this is the only copy that has come through.  I 
haven't heard from any of my clients of them saying the virus has come
through.

OK, so that means that F-Prot is able to catch them.

 I  didn't even think about EZIP.  That didn't catch it either 
when it should have, correct?

That depends on whether the attachment was an encrypted .ZIP file, and
whether you have the BANEXT EZIP option enabled.

BANEXT  EZIP

Since you do have it enabled, it is difficult to say what happened.

If you do still have a copy of it, you can send it to our virustrap@
address, and we can analyze it.  It may be a corrupt, non-viable variant.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread R. Scott Perry

I attempted to resend the virus again and it bounced (Unknown user:...
You'll need to check your IMail log file to see why IMail couldn't deliver 
the E-mail (we have no record of any E-mail from you to that address 
today).  The address you sent it to was correct.  Note that we rarely give 
out the address in lists to reduce the amount of spam sent to that address.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread Jeff Maze - Hostmaster
Ok.. The latest time I tried to send (at 1300) went through.. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster
Sent: Friday, April 23, 2004 12:56 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] W32.Netsky.Q got through..

Ok.. I looked in the logs.. This is what I found..


04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED]
04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not
relay [EMAIL PROTECTED]
04:23 11:33 SMTP-(0508) QUIT

04:23 11:34 SMTP-(05B4) RCPT To:[EMAIL PROTECTED]
04:23 11:34 SMTP-(05B4) 550 5.7.1 [EMAIL PROTECTED]... we do not
relay [EMAIL PROTECTED]
04:23 11:34 SMTP-(05B4) QUIT

I'm going to attempt to resend it again and keep an eye on the logs..

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, April 23, 2004 12:46 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] W32.Netsky.Q got through..


I attempted to resend the virus again and it bounced (Unknown user:...

You'll need to check your IMail log file to see why IMail couldn't deliver
the E-mail (we have no record of any E-mail from you to that address today).
The address you sent it to was correct.  Note that we rarely give out the
address in lists to reduce the amount of spam sent to that address.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread Jeff Maze - Hostmaster
Hello,
I forwarded that virus onto you [EMAIL PROTECTED]  It came from
my main work e-mail  [EMAIL PROTECTED] - instead of this account.
But just looking at the mail logs, I don't know if it went through
or not.  Here's our logs:

04:23 11:33 SMTP-(0508) MAIL FROM:[EMAIL PROTECTED]
04:23 11:33 SMTP-(0508) 250 2.1.0 [EMAIL PROTECTED]...
Sender ok
04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED]
04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not
relay [EMAIL PROTECTED]
04:23 11:33 SMTP-(0508) QUIT
04:23 11:33 SMTP-(0508) 221 2.0.0 mail.fluns.com closing connection

It ended up with a status=2.  Did I send it to the wrong account?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, April 23, 2004 10:17 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] W32.Netsky.Q got through..


 Yes, so far this is the only copy that has come through.  I 
haven't heard from any of my clients of them saying the virus has come
through.

OK, so that means that F-Prot is able to catch them.

 I  didn't even think about EZIP.  That didn't catch it either 
when it should have, correct?

That depends on whether the attachment was an encrypted .ZIP file, and
whether you have the BANEXT EZIP option enabled.

BANEXT  EZIP

Since you do have it enabled, it is difficult to say what happened.

If you do still have a copy of it, you can send it to our virustrap@
address, and we can analyze it.  It may be a corrupt, non-viable variant.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread Jeff Maze - Hostmaster
PLEASE DISREGARD   ..Message was stuck in queue..

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster
Sent: Friday, April 23, 2004 11:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] W32.Netsky.Q got through..

Hello,
I forwarded that virus onto you [EMAIL PROTECTED]  It came from
my main work e-mail  [EMAIL PROTECTED] - instead of this account.
But just looking at the mail logs, I don't know if it went through
or not.  Here's our logs:

04:23 11:33 SMTP-(0508) MAIL FROM:[EMAIL PROTECTED]
04:23 11:33 SMTP-(0508) 250 2.1.0 [EMAIL PROTECTED]...
Sender ok
04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED]
04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not
relay [EMAIL PROTECTED]
04:23 11:33 SMTP-(0508) QUIT
04:23 11:33 SMTP-(0508) 221 2.0.0 mail.fluns.com closing connection

It ended up with a status=2.  Did I send it to the wrong account?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, April 23, 2004 10:17 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] W32.Netsky.Q got through..


 Yes, so far this is the only copy that has come through.  I 
haven't heard from any of my clients of them saying the virus has come
through.

OK, so that means that F-Prot is able to catch them.

 I  didn't even think about EZIP.  That didn't catch it either 
when it should have, correct?

That depends on whether the attachment was an encrypted .ZIP file, and
whether you have the BANEXT EZIP option enabled.

BANEXT  EZIP

Since you do have it enabled, it is difficult to say what happened.

If you do still have a copy of it, you can send it to our virustrap@
address, and we can analyze it.  It may be a corrupt, non-viable variant.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread John Tolmachoff \(Lists\)
Jeff, no offence intended, but this kind of communication should be directly
to Scott, not to the list.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You

 -Original Message-
 From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
 On Behalf Of Jeff Maze - Hostmaster
 Sent: Friday, April 23, 2004 8:37 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [Declude.Virus] W32.Netsky.Q got through..
 
 Hello,
   I forwarded that virus onto you [EMAIL PROTECTED]  It came from
 my main work e-mail  [EMAIL PROTECTED] - instead of this account.
   But just looking at the mail logs, I don't know if it went through
 or not.  Here's our logs:
 
 04:23 11:33 SMTP-(0508) MAIL FROM:[EMAIL PROTECTED]
 04:23 11:33 SMTP-(0508) 250 2.1.0 [EMAIL PROTECTED]...
 Sender ok
 04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED]
 04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not
 relay [EMAIL PROTECTED]
 04:23 11:33 SMTP-(0508) QUIT
 04:23 11:33 SMTP-(0508) 221 2.0.0 mail.fluns.com closing connection
 
   It ended up with a status=2.  Did I send it to the wrong account?
 


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread Jeff Maze - Hostmaster
I was able to send the virus to that account (at 1300)..  I checked our logs
and it went through and got a response e-mail..  The message below got
caught up in queue.. Was messing with our DNS servers trying to fix the
timeout problems we've been having lately..

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, April 23, 2004 2:27 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] W32.Netsky.Q got through..


 I forwarded that virus onto you [EMAIL PROTECTED]  It 
came from my main work e-mail  [EMAIL PROTECTED] - instead of this
account.
 But just looking at the mail logs, I don't know if it went 
through or not.  Here's our logs:

04:23 11:33 SMTP-(0508) MAIL FROM:[EMAIL PROTECTED]
04:23 11:33 SMTP-(0508) 250 2.1.0 [EMAIL PROTECTED]...
Sender ok
04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED]
04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do 
not relay [EMAIL PROTECTED]
04:23 11:33 SMTP-(0508) QUIT
04:23 11:33 SMTP-(0508) 221 2.0.0 mail.fluns.com closing connection

 It ended up with a status=2.  Did I send it to the wrong account?

It looks like your mailserver is sending to the A record rather than the MX
record (that nasty old IMail bug strikes again...).

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] W32.Netsky.Q got through..

2004-04-23 Thread R. Scott Perry

I was able to send the virus to that account (at 1300)..  I checked our logs
and it went through and got a response e-mail..  The message below got
caught up in queue.. Was messing with our DNS servers trying to fix the
timeout problems we've been having lately..
It did arrive.

This one has a .ZIP extension, but is actually not a .ZIP file.  F-Prot 
isn't detecting it; I'm guessing they are not detecting it because it is 
corrupt.  You may want to try sending it to them for analysis.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.