RE: [Declude.Virus] BSOD and IMail-Server reboot
This is very negative post John. The SE7501WV2 is a $600.00 + Intel Dual Xeon SERVER Motherboard with a Dual Gigabit Server NICs. It is designed for server traffic. This is the same EXACT Onboard NIC in IBM X series and HP Proliant servers. Dell uses the lower cost Broadcom Gigabit NICs. The archives have no references to anything related to Server motherboards only desktop motherboards. It seems to me when people have nothing to say say nothing. In the future I will not reply to the list either and I apologize in advance for doing so. No one needs a post to tell them to do what will not change the situation anyway. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, June 11, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] BSOD and IMail-Server reboot There has been much discussion concerning Intel OB NICs and Imail. Search the archives. Bottom line, get a solid Server designated NIC. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Douglas Cohn > Sent: Friday, June 11, 2004 11:32 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] BSOD and IMail-Server reboot > > This problem has not gone away. It occurs with very high traffic only > and is not related to declude. That is we tested iot without declude > and it still Blue Screens when there is extremely high traffic. > > Imail claims that when the server has extremely high traffic you need > to use > a SERVER NIC in the machine. One which does NOT offload processing to > the server but has it's own processor onboard the NIC. > > This has some logic but if true why on servers running only SMTP > passing double the amount of sustained traffic do we not also have the issue. > > Using Intel Based SE7501WV2 baseboards with on board nics on sevweral > servers. Only Imail servers Blue Screen. We set them to auto reboot > and it > only happens in extremely high traffic times. > > DC > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Uwe Degenhardt > Sent: Thursday, June 10, 2004 5:05 AM > To: [EMAIL PROTECTED] > Subject: [Declude.Virus] BSOD and IMail-Server reboot > > Hi list and especially > Peter Verzoni. > > Peter you mentioned a while ago > the following problems you had on one of your servers: > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg06418.html > > Did you (or someone else) find a solution in the meantime, or did you > just switch to another AV ? > > Would be great to get the link where you posted the info to F-Prot as well. > > Thank you. > > Uwe > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, just > send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > > --- > [This E-mail scanned for viruses by Declude Virus] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Getting hammered by W32.Netsky.P@mm!enc
Hi, We're running Declude Virus Pro paired with McAfee NetShield v4.5 (the full version, so we can have the Command Line Scanner) with the latest signature files. We're also running Symantec Corporate Edition v8.0 on the desktop with the latest signature files. Lately we've experienced several infections where the [EMAIL PROTECTED] Virus has slipped past McAfee and landed in our Netscape v4.79 Inbox. As soon as somebody opens their Inbox, Symantec detects the virus and quarantines the whole Inbox (obviously including all the other non-infected emails)! I realize this is more likely a failure of McAfee and not Declude, however I'm wondering if Declude could possibly be not decoding the email properly and presenting it to the McAfee Command Line Scanner in such a way as to cause it to mis-detect the virus? What's really strange is the email appears to be one of those "friendly" informative bounces, attempting to tell me I sent them a virus. Firstly, I didn't and secondly - WTF would somebody return a "you have a virus" message WITH THE ACTUAL VIRUS STILL ATTACHED?!? Here's a copy of one of the infected emails (sans the actual virus) as it looks when viewed from the Inbox using NotePad: >From - Fri May 28 09:10:15 2004 Received: from redwing.mail.pas.earthlink.net [207.217.120.246] by roycemedical.com with ESMTP (SMTPD32-8.05) id AC33279B002A; Thu, 27 May 2004 20:04:19 -0700 Received: from exim by redwing.mail.pas.earthlink.net with local (Exim 3.36 #1) id 1BTXg8-0007cR-00 for [EMAIL PROTECTED]; Thu, 27 May 2004 20:05:04 -0700 X-Failed-Recipients: [EMAIL PROTECTED] From: Mail Delivery System <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Mail delivery failed: returning message to sender Message-Id: <[EMAIL PROTECTED]> Date: Thu, 27 May 2004 20:05:04 -0700 X-RBL-Warning: CATCHALLMAILS: X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 207.217.120.246 with no reverse DNS entry. X-Declude-Sender: <> [207.217.120.246] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: CATCHALLMAILS, IPNOTINMX, NOLEGITCONTENT, REVDNS [4] X-Note: This E-mail was sent from [No Reverse DNS] ([207.217.120.246]). X-RCPT-TO: <[EMAIL PROTECTED]> Status: R X-Mozilla-Status: X-Mozilla-Status2: X-UIDL: 382853452 This message was created automatically by mail delivery software (Exim). A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [EMAIL PROTECTED] SMTP error from remote mailer after end of data: host mx3.earthlink.net [207.217.125.18]: 554 Message Rejected Due To Virus Found In Attachment -- This is a copy of the message, including all the headers. -- Return-path: <[EMAIL PROTECTED]> Received: from toucan-120.pocket ([10.4.120.212] helo=toucan) by redwing.mail.pas.earthlink.net with smtp (Exim 3.36 #1) id 1BTXg8-0007cK-00 for [EMAIL PROTECTED]; Thu, 27 May 2004 20:05:04 -0700 X-MindSpring-Loop: [EMAIL PROTECTED] Received: from r0r3.com ([68.189.33.3]) by toucan (EarthLink Mail Service) with ESMTP id 1btxG538c3NZFmk0 for <[EMAIL PROTECTED]>; Thu, 27 May 2004 20:05:01 -0700 (PDT) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Mail Delivery (failure [EMAIL PROTECTED]) Date: Thu, 27 May 2004 20:05:02 -0700 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="=_NextPart_000_001B_01C0CA80.6B015D10" X-Priority: 3 X-MSMail-Priority: Normal Message-Id: <[EMAIL PROTECTED]> This is a multi-part message in MIME format. --=_NextPart_000_001B_01C0CA80.6B015D10 Content-Type: multipart/alternative; boundary="=_NextPart_001_001C_01C0CA80.6B015D10" --=_NextPart_001_001C_01C0CA80.6B015D10 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --=_NextPart_001_001C_01C0CA80.6B015D10 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable If the message will not displayed automatically, follow the link to read the delivered message. Received message is available at: cid:[EMAIL PROTECTED] height=3D0 width=3D0>www.r0r3.com/inbox/ntdrivers/read.php?sessionid-20228 cid:[EMAIL PROTECTED] height=3D0 width=3D0> --=_NextPart_001_001C_01C0CA80.6B015D10-- --=_NextPart_000_001B_01C0CA80.6B015D10 Content-Type: audio/x-wav; name="message.scr" Content-Transfer-Encoding: base64 Content-ID:<[EMAIL PROTECTED]> *** **T H E E N C O D E D V I R U S W A S H E R E** *** --=_NextPart_000_001B_01C0CA80.6B015D10-- Here's another one of the infected emails from a different users Inbox: >From - Fri Jun 11 16:07:50 2004 Received: from amxbounce05.aptimus.net [206.169.235.140] by roycemedical.com (SMTPD32-8.0
RE: [Declude.Virus] BSOD and IMail-Server reboot
Doug, I have recently had some issues with my mail server and BSOD and corrupted files. What was happening was because of a bad memory stick files were being either written to the drive with errors or not being read back in correctly. This caused errors to be logged in our event log and caused the machine to Blue screen and reboot. I eventually took the machine offline and replaced it for diagnostics and repair. In my experience with Windows boxes and BSOD I have found they are caused by: 1. Bad, outdated or incompatible drivers. You might look here for your problem as a leaky driver would definitely cause the problem you are describing. 2. Bad memory. It just has to be intermittent. It wont show up on diagnostics it will just fail under load. (These are a real bitch to find) 3. Bad motherboard 4. Bad processors. (Yeah, I've seen this on too. It's the last thing you look for) Each time your machine Blue Screens it should display a message that sort of guides you to what the machine thinks caused the problem. In my case there were several of them but the one that stuck out the most was "Page_fault_in_non-paged_memory". If you would like to take a look at your event logs and post the BSOD message we might be able to determine what is going on. I did read a post someplace about certain motherboards and hyperthreading issues. Not sure if the Xeon proc does that or not. Hope this helps a little Gene Head ACCRAM Inc. MCP,Net+,A+,CCNA,CCDA [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Saturday, June 12, 2004 11:47 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] BSOD and IMail-Server reboot This is very negative post John. The SE7501WV2 is a $600.00 + Intel Dual Xeon SERVER Motherboard with a Dual Gigabit Server NICs. It is designed for server traffic. This is the same EXACT Onboard NIC in IBM X series and HP Proliant servers. Dell uses the lower cost Broadcom Gigabit NICs. The archives have no references to anything related to Server motherboards only desktop motherboards. It seems to me when people have nothing to say say nothing. In the future I will not reply to the list either and I apologize in advance for doing so. No one needs a post to tell them to do what will not change the situation anyway. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, June 11, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] BSOD and IMail-Server reboot There has been much discussion concerning Intel OB NICs and Imail. Search the archives. Bottom line, get a solid Server designated NIC. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Douglas Cohn > Sent: Friday, June 11, 2004 11:32 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] BSOD and IMail-Server reboot > > This problem has not gone away. It occurs with very high traffic only > and is not related to declude. That is we tested iot without declude > and it still Blue Screens when there is extremely high traffic. > > Imail claims that when the server has extremely high traffic you need > to use > a SERVER NIC in the machine. One which does NOT offload processing to > the server but has it's own processor onboard the NIC. > > This has some logic but if true why on servers running only SMTP > passing double the amount of sustained traffic do we not also have the issue. > > Using Intel Based SE7501WV2 baseboards with on board nics on sevweral > servers. Only Imail servers Blue Screen. We set them to auto reboot > and it > only happens in extremely high traffic times. > > DC > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Uwe Degenhardt > Sent: Thursday, June 10, 2004 5:05 AM > To: [EMAIL PROTECTED] > Subject: [Declude.Virus] BSOD and IMail-Server reboot > > Hi list and especially > Peter Verzoni. > > Peter you mentioned a while ago > the following problems you had on one of your servers: > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg06418.html > > Did you (or someone else) find a solution in the meantime, or did you > just switch to another AV ? > > Would be great to get the link where you posted the info to F-Prot as well. > > Thank you. > > Uwe > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, just > send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > > --- > [This E-mail scanned for viruses by Declude Virus] > > --- > [This E-mail was scanned for viruses by Declude Virus (http:/
RE: [Declude.Virus] Getting hammered by W32.Netsky.P@mm!enc
Beginning using the banned extension option with Declude (see virus.cfg). Then any attachment with a .SCR or whatever is blocked at the server level and the user doesn't see it. This is the way I have our server configured concerning banned file extensions and banned file names: BANEXT scr BANEXT pif BANEXT exe BANEXT com BANEXT EZIP BANEXT cpl BANEXT ad BANEXT adb BANEXT adp BANEXT asd BANEXT asp BANEXT BAS BANEXT BAT BANEXT cab BANEXT ceo BANEXT chm BANEXT CMD BANEXT COM BANEXT crt BANEXT data BANEXT dbx BANEXT dll BANEXT hlp BANEXT HTA BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT link BANEXT mch BANEXT mde BANEXT mdx BANEXT msc BANEXT MSI BANEXT MSP BANEXT MST BANEXT nch BANEXT nws BANEXT pcd BANEXT php BANEXT pl BANEXT pi BANEXT ocx BANEXT ods BANEXT REG BANEXT SCT BANEXT shb BANEXT shs BANEXT sht BANEXT sys BANEXT unk BANEXT uue BANEXT VB BANEXT VBE BANEXT VBS BANEXT vbx BANEXT vsd BANEXT vst BANEXT vss BANEXT vsw BANEXT wab BANEXT ws BANEXT WSC BANEXT WSF BANEXT WSH BANEXT xml BANNAME photo.zip BANNAME private.zip BANNAME report.zip BANNAME Wendy.zip BANNAME p_usb.zip BANNAME You_will_answer_to_me.zip BANNAME Attach.rar BANNAME Details.rar BANNAME details.rar BANNAME Document.rar BANNAME Encrypted.rar BANNAME first_part.rar BANNAME Gift.rar BANNAME Info.rar BANNAME Information.rar BANNAME Message.rar BANNAME MoreInfo.rar BANNAME pub_document.rar BANNAME Readme.rar BANNAME Text.rar BANNAME text_document.rar BANNAME TextDocument.rar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan Walters Sent: Saturday, June 12, 2004 2:50 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Getting hammered by [EMAIL PROTECTED] Hi, We're running Declude Virus Pro paired with McAfee NetShield v4.5 (the full version, so we can have the Command Line Scanner) with the latest signature files. We're also running Symantec Corporate Edition v8.0 on the desktop with the latest signature files. Lately we've experienced several infections where the [EMAIL PROTECTED] Virus has slipped past McAfee and landed in our Netscape v4.79 Inbox. As soon as somebody opens their Inbox, Symantec detects the virus and quarantines the whole Inbox (obviously including all the other non-infected emails)! I realize this is more likely a failure of McAfee and not Declude, however I'm wondering if Declude could possibly be not decoding the email properly and presenting it to the McAfee Command Line Scanner in such a way as to cause it to mis-detect the virus? What's really strange is the email appears to be one of those "friendly" informative bounces, attempting to tell me I sent them a virus. Firstly, I didn't and secondly - WTF would somebody return a "you have a virus" message WITH THE ACTUAL VIRUS STILL ATTACHED?!? Here's a copy of one of the infected emails (sans the actual virus) as it looks when viewed from the Inbox using NotePad: >From - Fri May 28 09:10:15 2004 Received: from redwing.mail.pas.earthlink.net [207.217.120.246] by roycemedical.com with ESMTP (SMTPD32-8.05) id AC33279B002A; Thu, 27 May 2004 20:04:19 -0700 Received: from exim by redwing.mail.pas.earthlink.net with local (Exim 3.36 #1) id 1BTXg8-0007cR-00 for [EMAIL PROTECTED]; Thu, 27 May 2004 20:05:04 -0700 X-Failed-Recipients: [EMAIL PROTECTED] From: Mail Delivery System <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Mail delivery failed: returning message to sender Message-Id: <[EMAIL PROTECTED]> Date: Thu, 27 May 2004 20:05:04 -0700 X-RBL-Warning: CATCHALLMAILS: X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 207.217.120.246 with no reverse DNS entry. X-Declude-Sender: <> [207.217.120.246] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: CATCHALLMAILS, IPNOTINMX, NOLEGITCONTENT, REVDNS [4] X-Note: This E-mail was sent from [No Reverse DNS] ([207.217.120.246]). X-RCPT-TO: <[EMAIL PROTECTED]> Status: R X-Mozilla-Status: X-Mozilla-Status2: X-UIDL: 382853452 This message was created automatically by mail delivery software (Exim). A message that you sent could not be delivered to one or more of its recipients. This is a per
Re: [Declude.Virus] Getting hammered by W32.Netsky.P@mm!enc
It's important to specify in this instance that in order to detect encrypted archives (ZIP's or RAR's) one needs to be using the most recent interim release, 1.79i9 and you can't be running Declude Virus Lite (Scott would also mention having a current support contract). http://www.declude.com/version/interim/ There are also limitations in what you can do depending on the version of Declude Virus that you have. Banning E-mail by extension doesn't work in the Lite version, only the Standard and Pro versions. In Standard, you can only ban by extension, however in Pro, you can just add a single line and it will only ban encrypted archives if it includes a file that is contained in your list of banned extensions (which would cover all viruses if you use the list below, but you should leave out the EZIP entry): BANEZIPEXTSON If you just have Standard, then the method shown below will work, although it will ban all encrypted archives, even ones with non-executables within them. There is a lot of information on this if you search the archives at http://www.mail-archive.com/declude.virus%40declude.com/ for "BANEZIPEXTS" or "EZIP" The problem in a nutshell is that dynamically encrypted archives can't be decoded and this hides the virus payload, so in many cases the only way to protect yourself is to ban encrypted archives that contain an executable or any encrypted archive depending on the capabilities of your version and your desire for specificity. Matt Jeff Maze wrote: Beginning using the banned extension option with Declude (see virus.cfg). Then any attachment with a .SCR or whatever is blocked at the server level and the user doesn't see it. This is the way I have our server configured concerning banned file extensions and banned file names: BANEXT scr BANEXT pif BANEXT exe BANEXT com BANEXT EZIP BANEXT cpl BANEXT ad BANEXT adb BANEXT adp BANEXT asd BANEXT asp BANEXT BAS BANEXT BAT BANEXT cab BANEXT ceo BANEXT chm BANEXT CMD BANEXT COM BANEXT crt BANEXT data BANEXT dbx BANEXT dll BANEXT hlp BANEXT HTA BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT link BANEXT mch BANEXT mde BANEXT mdx BANEXT msc BANEXT MSI BANEXT MSP BANEXT MST BANEXT nch BANEXT nws BANEXT pcd BANEXT php BANEXT pl BANEXT pi BANEXT ocx BANEXT ods BANEXT REG BANEXT SCT BANEXT shb BANEXT shs BANEXT sht BANEXT sys BANEXT unk BANEXT uue BANEXT VB BANEXT VBE BANEXT VBS BANEXT vbx BANEXT vsd BANEXT vst BANEXT vss BANEXT vsw BANEXT wab BANEXT ws BANEXT WSC BANEXT WSF BANEXT WSH BANEXT xml BANNAME photo.zip BANNAME private.zip BANNAME report.zip BANNAME Wendy.zip BANNAME p_usb.zip BANNAME You_will_answer_to_me.zip BANNAME Attach.rar BANNAME Details.rar BANNAME details.rar BANNAME Document.rar BANNAME Encrypted.rar BANNAME first_part.rar BANNAME Gift.rar BANNAME Info.rar BANNAME Information.rar BANNAME Message.rar BANNAME MoreInfo.rar BANNAME pub_document.rar BANNAME Readme.rar BANNAME Text.rar BANNAME text_document.rar BANNAME TextDocument.rar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan Walters Sent: Saturday, June 12, 2004 2:50 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Getting hammered by [EMAIL PROTECTED] Hi, We're running Declude Virus Pro paired with McAfee NetShield v4.5 (the full version, so we can have the Command Line Scanner) with the latest signature files. We're also running Symantec Corporate Edition v8.0 on the desktop with the latest signature files. Lately we've experienced several infections where the [EMAIL PROTECTED] Virus has slipped past McAfee and landed in our Netscape v4.79 Inbox. As soon as somebody opens their Inbox, Symantec detects the virus and quarantines the whole Inbox (obviously including all the other non-infected emails)! I realize this is more likely a failure of McAfee and not Declude, however I'm wondering if Declude could possibly be not decoding the email properly and presenting it to the McAfee Command Line Scanner in such a way as to cause it to mis-detect the virus? What's really strange is the email appears to be one of those "friendly" informative bounces, attempting to tell me I sent them a virus. Firstly, I didn't
RE: [Declude.Virus] Getting hammered by W32.Netsky.P@mm!enc
I would add Mailpure's ANTI-AV filter to elinate these bounces. I've also seen that F-Prot does a slightly better job of catching the corrupted variants than Mcafee. <<< [EMAIL PROTECTED] 6/12 4:22p >>> Beginning using the banned extension option with Declude (see virus.cfg). Then any attachment with a .SCR or whatever is blocked at the server level and the user doesn't see it. This is the way I have our server configured concerning banned file extensions and banned file names: BANEXT scr BANEXT pif BANEXT exe BANEXT com BANEXT EZIP BANEXT cpl BANEXT ad BANEXT adb BANEXT adp BANEXT asd BANEXT asp BANEXT BAS BANEXT BAT BANEXT cab BANEXT ceo BANEXT chm BANEXT CMD BANEXT COM BANEXT crt BANEXT data BANEXT dbx BANEXT dll BANEXT hlp BANEXT HTA BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT link BANEXT mch BANEXT mde BANEXT mdx BANEXT msc BANEXT MSI BANEXT MSP BANEXT MST BANEXT nch BANEXT nws BANEXT pcd BANEXT php BANEXT pl BANEXT pi BANEXT ocx BANEXT ods BANEXT REG BANEXT SCT BANEXT shb BANEXT shs BANEXT sht BANEXT sys BANEXT unk BANEXT uue BANEXT VB BANEXT VBE BANEXT VBS BANEXT vbx BANEXT vsd BANEXT vst BANEXT vss BANEXT vsw BANEXT wab BANEXT ws BANEXT WSC BANEXT WSF BANEXT WSH BANEXT xml BANNAME photo.zip BANNAME private.zip BANNAME report.zip BANNAME Wendy.zip BANNAME p_usb.zip BANNAME You_will_answer_to_me.zip BANNAME Attach.rar BANNAME Details.rar BANNAME details.rar BANNAME Document.rar BANNAME Encrypted.rar BANNAME first_part.rar BANNAME Gift.rar BANNAME Info.rar BANNAME Information.rar BANNAME Message.rar BANNAME MoreInfo.rar BANNAME pub_document.rar BANNAME Readme.rar BANNAME Text.rar BANNAME text_document.rar BANNAME TextDocument.rar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan Walters Sent: Saturday, June 12, 2004 2:50 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Getting hammered by [EMAIL PROTECTED] Hi, We're running Declude Virus Pro paired with McAfee NetShield v4.5 (the full version, so we can have the Command Line Scanner) with the latest signature files. We're also running Symantec Corporate Edition v8.0 on the desktop with the latest signature files. Lately we've experienced several infections where the [EMAIL PROTECTED] Virus has slipped past McAfee and landed in our Netscape v4.79 Inbox. As soon as somebody opens their Inbox, Symantec detects the virus and quarantines the whole Inbox (obviously including all the other non-infected emails)! I realize this is more likely a failure of McAfee and not Declude, however I'm wondering if Declude could possibly be not decoding the email properly and presenting it to the McAfee Command Line Scanner in such a way as to cause it to mis-detect the virus? What's really strange is the email appears to be one of those "friendly" informative bounces, attempting to tell me I sent them a virus. Firstly, I didn't and secondly - WTF would somebody return a "you have a virus" message WITH THE ACTUAL VIRUS STILL ATTACHED?!? Here's a copy of one of the infected emails (sans the actual virus) as it looks when viewed from the Inbox using NotePad: >From - Fri May 28 09:10:15 2004 Received: from redwing.mail.pas.earthlink.net [207.217.120.246] by roycemedical.com with ESMTP (SMTPD32-8.05) id AC33279B002A; Thu, 27 May 2004 20:04:19 -0700 Received: from exim by redwing.mail.pas.earthlink.net with local (Exim 3.36 #1) id 1BTXg8-0007cR-00 for [EMAIL PROTECTED]; Thu, 27 May 2004 20:05:04 -0700 X-Failed-Recipients: [EMAIL PROTECTED] From: Mail Delivery System <[EMAIL PROTECTED]> To: joe.parl --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
FW: [Declude.Virus] BSOD and IMail-Server reboot
Just realized this was originally posted on the Declude virus list, even though it has nothing to do with Declude Virus, and the person should have posted on the Imail list, since it is an Imail issue and a search of the Imail list archives shows this has been discussed many times. > The imail forum has not one post regarding an INTEL SERVER Board and on > board NICs. I recall some conversations about desktop boards but none > regarding SERVER BOARDs. I do not remember whether the board was a Server board or workstation board being part of the discussion on past problems. It was the Intel OB NIC that was discussed, and a search of the Imail archives shows 269 hits for "Intel OB NIC". > Furthermore what logic would you as a Networking Professional give to an > SMTP server running on the same platform and pushing sustained traffic of > three times that of the IMAIL server yet never causing any issues and > certainly not creating a BSOD. This is something I am very interested in > hearing. I am not an Ipswitch technician, so I have no idea of why this occurs, I just know from many others posting such that it does! > I have been building systems and maintaining data centers now for 16 years. Goody for you. Now back to the issue at hand. > I have brought this exact issue to Intel's and Microsoft's attention and > neither see any reason for the NIC to be the root cause of the issue. > > Microsoft has read the BSOD dumps and reports IMAIL as the culprit. Then take the next step and share that information with Ipswitch. From all the posts about Intel OB NICs and Imail over the years, it is my opinion there is a real problem with Imail and Intel OB NICs. To date, most have fixed the problem by using a server grade 3Com NIC and disabling the Intel OB NIC. If you have the time and resources to further pursue this issue with Ipswitch, many Imail admins will thank you. > This type of comment from you has little to no value. You act like you are > participating in a forum but clearly you are using the forum simply for your > own end. Sure it does. Just because you do not like the work around, and would rather spend time on finding the cause of the problem in hopes that Ipswitch will finally fix it, does not mean that my advice has no value. BTW, how does my posting advice on a subject that comes up again and again over time equal my using the forum for my own end? John Tolmachoff Engineer/Consultant/Owner eServices For You > > > - Original Message - > From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, June 11, 2004 3:11 PM > Subject: RE: [Declude.Virus] BSOD and IMail-Server reboot > > > There has been much discussion concerning Intel OB NICs and Imail. > > Search the archives. > > Bottom line, get a solid Server designated NIC. > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > -Original Message- > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > > On Behalf Of Douglas Cohn > > Sent: Friday, June 11, 2004 11:32 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [Declude.Virus] BSOD and IMail-Server reboot > > > > This problem has not gone away. It occurs with very high traffic only > and > > is not related to declude. That is we tested iot without declude and > it > > still Blue Screens when there is extremely high traffic. > > > > Imail claims that when the server has extremely high traffic you need > to > use > > a SERVER NIC in the machine. One which does NOT offload processing to > the > > server but has it's own processor onboard the NIC. > > > > This has some logic but if true why on servers running only SMTP > passing > > double the amount of sustained traffic do we not also have the issue. > > > > Using Intel Based SE7501WV2 baseboards with on board nics on sevweral > > servers. Only Imail servers Blue Screen. We set them to auto reboot > and > it > > only happens in extremely high traffic times. > > > > DC > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Uwe Degenhardt > > Sent: Thursday, June 10, 2004 5:05 AM > > To: [EMAIL PROTECTED] > > Subject: [Declude.Virus] BSOD and IMail-Server reboot > > > > Hi list and especially > > Peter Verzoni. > > > > Peter you mentioned a while ago > > the following problems you had on one of your servers: > > > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg06418.html > > > > Did you (or someone else) find a solution in the meantime, or did you > just > > switch to another AV ? > > > > Would be great to get the link where you posted the info to F-Prot as > well. > > > > Thank you. > > > > Uwe > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > just > > send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus".The archives can be found > > at htt
RE: [Declude.Virus] BSOD and IMail-Server reboot
> This is very negative post John. How is it negative? I posted advice. > The archives have no references to anything related to Server motherboards > only desktop motherboards. True, the Declude Virus archive has nothing about this issue, as this is not a Declude related issue. However, the Imail archives has plenty on this issue. My fault for replying to a post about an Imail issue on the Declude Virus list. > In the future I will not reply to the list either and I apologize in advance > for doing so. No one needs a post to tell them to do what will not change > the situation anyway. Think what you want, but did you even try changing the NIC, so as to work around the issue, or are you one of those that want an answer, but only the one you want, not another way? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BSOD and IMail-Server reboot
Please let's move on from this discussion. Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BSOD and IMail-Server reboot
Add overheated processor - failed fan or heat sink thermal bond. Check the CPU temperature with the BIOS. Processor may still be OK otherwise. - Original Message - > In my experience with Windows boxes and BSOD I have found they are > caused by: --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
