RE: [Declude.Virus] MacAfee Error
It seems like a lot of you have had the same problem I had with McAfee's dat file from the other day. Has McAfee admit there was a problem yet? Has anybody heard anything from them about this? Thank you for making YourNET Connection your connection to the world Jim O'Keefe Technical Support @YourNET Connection, Inc. [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: Internet America / Reita Gilleland [mailto:[EMAIL PROTECTED] Sent: Thursday, June 17, 2004 1:47 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MacAfee Error We are having the same problem and it started yesterday... right after we upgraded to the latest version of IMail. Have you or the other users that are having problems upgraded as well? Could that be the key? Reita -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Sent: Wednesday, June 16, 2004 10:33 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MacAfee Error There is a setting in your virus.cfg that controls this. Considering the frequency of unannounced changes and other sorts of issues that cause errors, it is best to tell Declude to not treat errors as viruses by setting: DELIVERERRORSON Use two different virus scanners instead and this should protect you from transient errors with one of the virus scanners. Matt Jonathan wrote: I think we're seeing something as well -- in fact, I think McAfee's failure is causing declude to eat the mail .. somehow. :\ Jonathan At 07:43 PM 6/16/2004, you wrote: 06/16/2004 16:25:59 Qbada003b03f8f42d Error -1 in virus scanner 2. All of a sudden I am getting this error in McAfee. I did not change anything. Any one know what this means? Someone else reported an issue today with the McAfee virus definitions causing a crash within McAfee -- you may want to revert to the previous definitions, or download the latest ones. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [Pre-scanned for viruses by Internet America.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail has been scanned for viruses by the YourNet Connection Virus system] [For more information, please go to http://www.ync.net/YourMAIL] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Stupid question
This isn't someone we know. I looked them up based on the admin messages we were getting from declude.virus+mcaffee and they're a technology consulting firm - which could explain the arrogance. I responded back to his (director of operations) email. He claimed that they might of been ip spoofed, so I pointed out that they better check. infected or spoof...it doesn't look good for a tech firm! - Original Message - From: Mike Hyslip [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 7:18 PM Subject: RE: [Declude.Virus] Stupid question Maybe if you ask his boss about viruses and show the header, he might be able to answer more clearly :P I would hope folks would at least check their servers before answering in the manner you received, that's just awful :D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, June 17, 2004 8:11 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Stupid question given the following message: Headers Received: from ameripride.org [24.199.28.90] by mail.ameripride.org with ESMTP (SMTPD32-8.05) id AC53428F00FC; Wed, 16 Jun 2004 00:36:19 -0500 From: [EMAIL PROTECTED] ... Could I conclude that the Netsky virus was coming from a pc with an internet ip of 24.199.28.90 or an internet router by the same address? Yes, it definitely did. I pinged the company owning this IP and they stated bluntly we know we don't have any viruses. Since I don't know what a relayed email header looks like, could it be coming from somewhere else? It's amazing how often people know things they don't know. The computer at 24.199.28.90 definitely is almost certainly infected with Netsky.p. Although it is also ARRC's mailserver, Netsky.p sends directly, and there are no other Received: headers, so it did come from 24.199.28.90. They don't have to believe you, though -- but that's exactly how viruses spread, and the attitude that spammers love, and the attitude that people who receive spam hate. Some guy doesn't want to lose his job, but doesn't realize that he is going to have to admit to having a virus eventually (as their E-mail gets blocked because of all the spam coming from their server). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. *Scanned for viruses by Declude Virus* *Scanned for viruses by Declude Virus* --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] F-Prot letting TROJ_REVOP.F thru
Hi, I have just started using Declude with F-Prot as our virus scanner. Was using Trend Viruswall. Have noticed that F-Prot is letting thru viruses that Trend desktop scanners are catching. I have had 11 TROJ_REVOP.F get thru today alone. Is anyone else seeing this? Trying to use ClamAV as a second scanner but need to wait till I can reboot the mail server to get it functioning. Thanks Mike RSR Group,Inc. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot letting TROJ_REVOP.F thru
I have just started using Declude with F-Prot as our virus scanner. Was using Trend Viruswall. Have noticed that F-Prot is letting thru viruses that Trend desktop scanners are catching. I have had 11 TROJ_REVOP.F get thru today alone. Is anyone else seeing this? Trying to use ClamAV as a second scanner but need to wait till I can reboot the mail server to get it functioning. That's a trojan horse, which means that it doesn't spread on its own -- so someone has to intentionally send it. Because of that, virus scanners may or may not catch it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot letting TROJ_REVOP.F thru
Thanks for the info. Is there a good template on how to setup virus.cfg? I have the basic stuff from the instructions but it would be nice to get a real world version. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, June 18, 2004 12:42 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] F-Prot letting TROJ_REVOP.F thru I have just started using Declude with F-Prot as our virus scanner. Was using Trend Viruswall. Have noticed that F-Prot is letting thru viruses that Trend desktop scanners are catching. I have had 11 TROJ_REVOP.F get thru today alone. Is anyone else seeing this? Trying to use ClamAV as a second scanner but need to wait till I can reboot the mail server to get it functioning. That's a trojan horse, which means that it doesn't spread on its own -- so someone has to intentionally send it. Because of that, virus scanners may or may not catch it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot letting TROJ_REVOP.F thru
Is there a good template on how to setup virus.cfg? I have the basic stuff from the instructions but it would be nice to get a real world version. The real question is what are you looking to do? The default Declude Virus configuration file usually doesn't need to be changed, aside from your activation code and the details about your virus scanner. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot letting TROJ_REVOP.F thru
Have you sent those caught viruses to the declude or F-prot virus traps? They may be corrupted and not viable viruses any longer. Meaning they are no longer harmful (Possibly). F-prot would surely want to see this. Go to their website and submit the samples. Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of M Pilletere Sent: Friday, June 18, 2004 11:53 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-Prot letting TROJ_REVOP.F thru Hi, I have just started using Declude with F-Prot as our virus scanner. Was using Trend Viruswall. Have noticed that F-Prot is letting thru viruses that Trend desktop scanners are catching. I have had 11 TROJ_REVOP.F get thru today alone. Is anyone else seeing this? Trying to use ClamAV as a second scanner but need to wait till I can reboot the mail server to get it functioning. Thanks Mike RSR Group,Inc. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.Virus] Has McAfee fixed Virus Definition Corruptions Yet?
http://www.sss.ca/sensible/home.nsf/docbyid/16DB651DF6279C1F85256EB7004AEF5F?OpenDocument McAfee has announced that the 4160 scan engine and earlier versions contained in McAfee Anti-virus products will cease to work correctly after applying the 4367 DAT files or later. The 4.1.60 scan engine is no longer supported and due to internal architecture limitations will generate errors. Should you be experiencing any issues with the 4.1.60 engine and the 4367 DAT files, please upgrade your anti-virus engine to the currently supported 4320 version. For more information please see: http://mysupport.nai.com -- Roger Heath [EMAIL PROTECTED] www.rleeheath.com - Copy of Original Message(s): - RLH I did not do this. As I said you need to replace the Scan.Exe as well. RLH This is the file dailyscan.zip, not daily.zip... No problems at all RLH here. TF Don't know why it works for you and not me. TF For me the 4.3.2.0 engine fails with 4367 dat. Engines 4.3.2.0 and TF 4.1.6.0 neither one fail with 4366 dat or the dat files from TF dailyscan.zip. TF But thanks for sharing that link last night. TF Terry Fritts TF --- TF [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] TF --- TF This E-mail came from the Declude.Virus mailing list. To TF unsubscribe, just send an E-mail to [EMAIL PROTECTED], and TF type unsubscribe Declude.Virus.The archives can be found TF at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.Virus] MacAfee Error
TS Has McAfee admit there was a problem yet? TS Has anybody heard anything from them about this? Article on web site: http://www.nai.com/us/promos/4160_engine.htm Note Scenario 2 where some users running 4320 also failed because of scanpm. I think SuperDat will not work if all you have purchased is CmdLine scanner. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Has McAfee fixed Virus Definition Corruptions Yet?
Also the older Engines will NOT catch all the viruses. Current engine is almost as important as currnent DATs (virus definition files). At least one of the sites having trouble has been trying the current engine. (I would double check and do a re-boot to make sure the new engine is used.) Greg Little R. Lee Heath wrote: http://www.sss.ca/sensible/home.nsf/docbyid/16DB651DF6279C1F85256EB7004AEF5F?OpenDocument McAfee has announced that the 4160 scan engine and earlier versions contained in McAfee Anti-virus products will cease to work correctly after applying the 4367 DAT files or later. The 4.1.60 scan engine is no longer supported and due to internal architecture limitations will generate errors. Should you be experiencing any issues with the 4.1.60 engine and the 4367 DAT files, please upgrade your anti-virus engine to the currently supported 4320 version. For more information please see: --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] McAfee 4160 engine is toooo old
More info on problems with the old engine. Also sometimes (esp on Win 98) it may take some extra procedures to fully update the engine. http://forums.mcafeehelp.com/viewtopic.php?t=27957 PS For any McAfee question this forum is a GREAT resource. (Focused on Retail customers, but there is a small corner for Corp questions also.) http://forums.mcafeehelp.com Greg Little --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.